avast hlásí Hrozba:Win32:Adware-gen (adw)

Zpráva

denda79 · #1 Příspěvek od **denda79** » 15 pro 2014 11:15

zdravím, avast mi hlásí 2x Hrozba:Win32:Adware-gen (adw) přesunul je do truhly. Je pc čistý? zároveň prosím o pomoc se zrychlením,je to sice stařeček s hloupým OS, ale bohužel mi teď nic jiného nezbývá. bylo by možné ho "trochu uklidit"

Logfile of random's system information tool 1.09 (written by random/random)
Run by Denda at 2014-12-15 11:05:43
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 14 GB (15%) free of 92 GB
Total RAM: 3071 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:05, on 15.12.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16599)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\Windows\mHotkey.exe
C:\Windows\OSDShow.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Denda\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\WinTV\HCWCITray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Mouse Driver\KMConfig.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\modps2key.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Denda\Desktop\programy VIRY.CZ\RSIT.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Denda.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ShowOSD] OSDShow.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Denda\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Denda\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WinTV-CI CAM Menu.lnk = ?
O4 - Global Startup: BDARemote.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 9257 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AmiUpdXp.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Denda\AppData\Roaming\Mozilla\Firefox\Profiles\7z54i36k.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
QuickTimePlugin.class

C:\Users\Denda\AppData\Roaming\Mozilla\Firefox\Profiles\7z54i36k.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-10 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-22 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-10 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KMCONFIG"=C:\Program Files\Mouse Driver\StartAutorun.exe [2008-05-30 212992]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"CHotkey"=C:\Windows\mHotkey.exe [2007-01-15 550912]
"ShowOSD"=C:\Windows\OSDShow.exe [2007-01-15 28672]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2007-12-10 323584]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-10-11 60712]
"Nikon Message Center 2"=C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-12 5227112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-05-07 256896]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2014-10-15 157480]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2014-10-02 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-11-27 30524520]
"cz.seznam.software.autoupdate"=C:\Users\Denda\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Denda\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [2014-12-10 855216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe

C:\Users\Denda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
WinTV-CI CAM Menu.lnk - C:\PROGRA~1\WinTV\HCWCITray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.IV41"=IR41_32.AX
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-12-11 19:29:09 ----A---- C:\Windows\system32\tzres.dll
2014-12-11 19:27:41 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-11 19:04:36 ----A---- C:\Windows\system32\schannel.dll
2014-12-10 16:43:55 ----A---- C:\Windows\system32\msfeedssync.exe
2014-12-10 16:43:54 ----A---- C:\Windows\system32\vbscript.dll
2014-12-10 16:43:54 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-12-10 16:43:53 ----A---- C:\Windows\system32\urlmon.dll
2014-12-10 16:43:53 ----A---- C:\Windows\system32\mshta.exe
2014-12-10 16:43:51 ----A---- C:\Windows\system32\jscript.dll
2014-12-10 16:43:51 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-10 16:43:48 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-10 16:43:48 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-10 16:43:44 ----A---- C:\Windows\system32\iertutil.dll
2014-12-10 16:43:43 ----A---- C:\Windows\system32\url.dll
2014-12-10 16:43:30 ----A---- C:\Windows\system32\wininet.dll
2014-12-10 16:43:24 ----A---- C:\Windows\system32\ieUnatt.exe
2014-12-10 16:43:23 ----A---- C:\Windows\system32\ieui.dll
2014-12-10 16:43:20 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-10 16:43:18 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-10 16:43:14 ----A---- C:\Windows\system32\jscript9.dll
2014-12-10 16:43:10 ----A---- C:\Windows\system32\ieframe.dll
2014-12-10 16:43:03 ----A---- C:\Windows\system32\mshtml.dll
2014-12-07 22:33:15 ----D---- C:\Program Files\QuickTime
2014-12-07 22:29:51 ----D---- C:\Program Files\iPod
2014-12-07 22:29:48 ----D---- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-07 22:29:48 ----D---- C:\Program Files\iTunes
2014-12-07 18:18:05 ----D---- C:\Program Files\Mozilla Firefox
2014-12-01 12:32:06 ----HD---- C:\Program Files\Common Files\EAInstaller
2014-12-01 10:49:33 ----D---- C:\ProgramData\Package Cache
2014-11-22 21:54:17 ----A---- C:\Windows\system32\aswBoot.exe
2014-11-22 21:53:56 ----A---- C:\Windows\avastSS.scr
2014-11-22 21:50:37 ----D---- C:\Users\Denda\AppData\Roaming\DivX
2014-11-22 21:49:51 ----D---- C:\Program Files\Common Files\DivX Shared
2014-11-22 21:49:39 ----A---- C:\Windows\system32\drivers\{40783c1d-7cb3-4f92-a83c-0dbd68a6cc59}Gt.sys
2014-11-22 21:48:19 ----D---- C:\Program Files\DivX
2014-11-22 21:47:30 ----D---- C:\ProgramData\DivX
2014-11-22 21:47:04 ----D---- C:\Program Files\Seznam.cz
2014-11-22 21:46:10 ----D---- C:\Users\Denda\AppData\Roaming\Seznam.cz
2014-11-22 21:44:24 ----D---- C:\Program Files\Microsoft Silverlight
2014-11-21 09:46:30 ----A---- C:\Windows\system32\kerberos.dll

======List of files/folders modified in the last 1 month======

2014-12-15 11:06:21 ----D---- C:\Config.Msi
2014-12-15 11:06:09 ----D---- C:\Users\Denda\AppData\Roaming\Skype
2014-12-15 11:05:50 ----SHD---- C:\Windows\Installer
2014-12-15 11:05:49 ----D---- C:\Program Files\trend micro
2014-12-15 11:04:43 ----D---- C:\Windows\temp
2014-12-15 11:03:26 ----D---- C:\Windows\System32
2014-12-15 10:47:00 ----D---- C:\Windows\Prefetch
2014-12-13 15:23:19 ----SHD---- C:\System Volume Information
2014-12-13 00:33:42 ----D---- C:\ProgramData\Origin
2014-12-12 19:33:57 ----D---- C:\Program Files\Origin
2014-12-12 18:54:34 ----D---- C:\ProgramData\Skype
2014-12-12 18:54:28 ----RD---- C:\Program Files\Skype
2014-12-11 20:05:56 ----D---- C:\Windows\rescache
2014-12-11 20:02:02 ----D---- C:\Windows\winsxs
2014-12-11 19:51:48 ----D---- C:\Windows\system32\catroot
2014-12-11 19:48:11 ----D---- C:\Windows\system32\migration
2014-12-11 19:48:11 ----D---- C:\Windows\system32\cs-CZ
2014-12-11 19:48:08 ----D---- C:\Program Files\Internet Explorer
2014-12-11 19:30:36 ----D---- C:\Windows\system32\catroot2
2014-12-11 19:27:34 ----D---- C:\Windows\system32\MRT
2014-12-11 19:13:45 ----A---- C:\Windows\system32\mrt.exe
2014-12-10 19:05:47 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 16:43:49 ----D---- C:\Windows
2014-12-09 16:42:32 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-12-08 20:51:47 ----D---- C:\Program Files
2014-12-08 20:35:49 ----D---- C:\Windows\system32\drivers
2014-12-07 22:29:49 ----D---- C:\Program Files\Common Files\Apple
2014-12-07 22:29:48 ----D---- C:\ProgramData
2014-12-07 22:29:32 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-12-07 22:26:20 ----D---- C:\Windows\inf
2014-12-03 10:17:57 ----D---- C:\Windows\system32\Tasks
2014-12-01 13:54:42 ----D---- C:\ProgramData\Electronic Arts
2014-12-01 12:32:06 ----D---- C:\Program Files\Common Files
2014-12-01 12:17:01 ----D---- C:\Windows\Tasks
2014-11-29 09:49:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-24 14:04:58 ----N---- C:\Windows\system32\MpSigStub.exe
2014-11-22 21:49:39 ----A---- C:\Windows\win.ini
2014-11-22 21:45:15 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-11-22 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-11-22 206248]
R1 {40783c1d-7cb3-4f92-a83c-0dbd68a6cc59}Gt;{40783c1d-7cb3-4f92-a83c-0dbd68a6cc59}Gt; C:\Windows\system32\drivers\{40783c1d-7cb3-4f92-a83c-0dbd68a6cc59}Gt.sys [2014-11-22 55880]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2014-11-22 55240]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-22 787800]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-11-22 423784]
R1 aswTdi;aswTdi; C:\Windows\system32\drivers\aswTdi.sys [2014-11-22 57928]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-11-22 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-11-22 70384]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-30 4450816]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2009-09-11 1440384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2014-02-02 2937432]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
R3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2009-04-28 461824]
R3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-07-12 73344]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
R3 ZY272NV32;ZyXEL 802.11n NWD272N Driver(vista); C:\Windows\system32\DRIVERS\WLANUHN.sys [2010-01-25 475136]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2011-10-27 78136]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 KMWDFILTERx86;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-30 4450816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\Windows\system32\DRIVERS\ss_bserd.sys [2010-04-27 100224]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2011-10-27 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2011-10-27 181432]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2014-08-15 45056]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 35328]
S3 WinUSB;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 ZY271NV32;ZyXEL 802.11n NWD271N Driver(vista); C:\Windows\system32\DRIVERS\WLANUHN.sys [2010-01-25 475136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-09-30 733184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-22 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 540968]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-07 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 Origin Client Service;Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2014-12-01 1900400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 15 pro 2014 13:53

Zdravim

Kde jej prosim hlasi?

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

denda79 · #3 Příspěvek od **denda79** » 15 pro 2014 14:28

vkládám print kde ho hlásí

denda79 · #4 Příspěvek od **denda79** » 15 pro 2014 14:30

u toho prvního prg Avenger není žádný kod. takže tam nic vkládat nemám?

#5 Příspěvek od **vyosek** » 15 pro 2014 14:31

Moje chybka, ma to byt AdwCleaner, sekl jsem se o radek

Navod jsem upravil

denda79 · #6 Příspěvek od **denda79** » 15 pro 2014 14:35

avast mi Zoek bloknul. Předpokládám, že jen straší, ale i přesto je to OK?

denda79 · #7 Příspěvek od **denda79** » 15 pro 2014 14:50

log AdwCleaner

# AdwCleaner v4.105 - Report created 15/12/2014 at 14:45:19
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Denda - DENDA-PC
# Running from : C:\Users\Denda\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : {40783c1d-7cb3-4f92-a83c-0dbd68a6cc59}Gt

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Folder Deleted : C:\Program Files\PC Drivers HeadQuarters
Folder Deleted : C:\Users\Denda\AppData\Local\Temp\Dolphin Deals
Folder Deleted : C:\Users\Denda\AppData\Roaming\Mozilla\Firefox\Profiles\7z54i36k.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File Deleted : C:\Windows\system32\drivers\{40783c1d-7cb3-4f92-a83c-0dbd68a6cc59}Gt.sys
File Deleted : C:\Users\Denda\AppData\Roaming\Mozilla\Firefox\Profiles\7z54i36k.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : AmiUpdXp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Mozilla Firefox v34.0 (x86 cs)

*************************

AdwCleaner[R4].txt - [1946 octets] - [15/12/2014 14:40:47]
AdwCleaner[S1].txt - [1901 octets] - [15/12/2014 14:45:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1961 octets] ##########

#8 Příspěvek od **vyosek** » 15 pro 2014 15:13

Pokracujte Zoek-em, pred stazenim bude asi treba vypnout Avast

denda79 · #9 Příspěvek od **denda79** » 15 pro 2014 15:14

tak zoek jsem stáhla ale musela jsem vypnout Avast. Ale stejně je něco špatně

denda79 · #10 Příspěvek od **denda79** » 15 pro 2014 15:19

Avast Zoek po zapnutí hned odklidil... takže jsem ho znovu vypnula a zkusila jsem ho stáhnout znovu a dělá to pořád

#11 Příspěvek od **vyosek** » 15 pro 2014 15:24

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

denda79 · #12 Příspěvek od **denda79** » 15 pro 2014 15:34

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01
Ran by Denda (administrator) on DENDA-PC on 15-12-2014 15:32:27
Running from C:\Users\Denda\Desktop
Loaded Profile: Denda (Available profiles: Denda & Niky)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMWDSrv.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\StartAutorun.exe
() C:\Windows\mHotkey.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CHICONY) C:\Windows\OSDShow.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMCONFIG.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMProcess.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files\WinTV\HCWCITray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Chicony) C:\Windows\ModPS2Key.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(forum.viry.cz) C:\Users\Denda\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KMCONFIG] => C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-09-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [CHotkey] => C:\Windows\mHotkey.exe [550912 2007-01-15] ()
HKLM\...\Run: [ShowOSD] => C:\Windows\OSDShow.exe [28672 2007-01-15] (CHICONY)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Denda\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Denda\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\RunOnce: [Adobe Speed Launcher] => 1418651374
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
Startup: C:\Users\Denda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Denda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinTV-CI CAM Menu.lnk
ShortcutTarget: WinTV-CI CAM Menu.lnk -> C:\Program Files\WinTV\HCWCITray.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-4059563009-2977995597-3497063016-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4059563009-2977995597-3497063016-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Denda\AppData\Roaming\Mozilla\Firefox\Profiles\7z54i36k.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Denda\AppData\Roaming\Mozilla\Firefox\Profiles\7z54i36k.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-27]
FF Extension: DownloadHelper - C:\Users\Denda\AppData\Roaming\Mozilla\Firefox\Profiles\7z54i36k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-15]
FF Extension: Quick Translator - C:\Users\Denda\AppData\Roaming\Mozilla\Firefox\Profiles\7z54i36k.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-02-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KMWDSERVICE; C:\Program Files\Mouse Driver\KMWDSrv.exe [1821184 2009-08-31] (UASSOFT.COM) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1900400 2014-12-01] (Electronic Arts)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-22] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181432 2011-10-27] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-04-27] (MCCI Corporation)
S3 ZY271NV32; C:\Windows\System32\DRIVERS\WLANUHN.sys [475136 2010-01-25] (Atheros Communications, Inc.)
R3 ZY272NV32; C:\Windows\System32\DRIVERS\WLANUHN.sys [475136 2010-01-25] (Atheros Communications, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 15:32 - 2014-12-15 15:32 - 00018118 _____ () C:\Users\Denda\Desktop\FRST.txt
2014-12-15 15:31 - 2014-12-15 15:32 - 00000000 ____D () C:\FRST
2014-12-15 15:30 - 2014-12-15 15:30 - 01111040 _____ (Farbar) C:\Users\Denda\Desktop\FRST.exe
2014-12-15 15:30 - 2014-12-15 15:30 - 00112640 _____ (forum.viry.cz) C:\Users\Denda\Desktop\FRSTLauncher.exe
2014-12-15 15:16 - 2014-12-15 15:16 - 01295360 _____ () C:\Users\Denda\Desktop\zoek.exe
2014-12-15 15:11 - 2014-12-15 15:16 - 00000002 _____ () C:\runcheck.txt
2014-12-15 15:11 - 2014-12-15 15:11 - 00000000 ____D () C:\zoek_backup
2014-12-15 14:40 - 2014-12-15 14:45 - 00000000 ____D () C:\AdwCleaner
2014-12-15 14:38 - 2014-12-15 14:38 - 02166272 _____ () C:\Users\Denda\Desktop\adwcleaner_4.105.exe
2014-12-13 10:45 - 2014-12-13 10:56 - 832054454 _____ () C:\Users\Niky\Desktop\Hunger Games -Vrazedna pomsta (2013) CZ Dabing.avi
2014-12-11 19:29 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 19:27 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 19:04 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 16:43 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 16:43 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 16:43 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 16:43 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 16:43 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 16:43 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 16:43 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 16:43 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 16:43 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 16:43 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 16:43 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 16:43 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 16:43 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 16:43 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 16:43 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 16:43 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 16:43 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 16:43 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 16:43 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 16:43 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 16:43 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 16:43 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-07 22:33 - 2014-12-07 22:33 - 00001686 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-07 22:33 - 2014-12-07 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-07 22:33 - 2014-12-07 22:33 - 00000000 ____D () C:\Program Files\QuickTime
2014-12-07 22:30 - 2014-12-07 22:30 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-07 22:30 - 2014-12-07 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-07 22:29 - 2014-12-07 22:30 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-07 22:29 - 2014-12-07 22:30 - 00000000 ____D () C:\Program Files\iTunes
2014-12-07 22:29 - 2014-12-07 22:29 - 00000000 ____D () C:\Program Files\iPod
2014-12-07 18:36 - 2014-12-07 18:36 - 00009193 _____ () C:\Users\Niky\.recently-used.xbel
2014-12-07 18:18 - 2014-12-07 18:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-07 17:30 - 2014-12-07 19:30 - 00000000 ____D () C:\Users\Niky\Desktop\Nová složka
2014-12-01 12:32 - 2014-12-01 12:32 - 00000730 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-12-01 12:32 - 2014-12-01 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-12-01 10:49 - 2014-12-01 10:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-23 13:14 - 2014-12-15 10:52 - 00000000 ____D () C:\Users\Niky\AppData\Roaming\Seznam.cz
2014-11-22 21:57 - 2014-11-22 21:57 - 00000000 ____D () C:\Users\Niky\AppData\Roaming\DivX
2014-11-22 21:54 - 2014-11-22 21:54 - 00001831 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-22 21:54 - 2014-11-22 21:53 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-22 21:53 - 2014-11-22 21:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-22 21:50 - 2014-11-22 21:50 - 00000000 ____D () C:\Users\Denda\AppData\Roaming\DivX
2014-11-22 21:49 - 2014-11-22 22:04 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-11-22 21:48 - 2014-11-22 22:04 - 00000000 ____D () C:\Program Files\DivX
2014-11-22 21:47 - 2014-11-22 22:04 - 00000000 ____D () C:\ProgramData\DivX
2014-11-22 21:47 - 2014-11-22 21:47 - 00000000 ____D () C:\Users\Denda\AppData\Local\26436
2014-11-22 21:47 - 2014-11-22 21:47 - 00000000 ____D () C:\Program Files\Seznam.cz
2014-11-22 21:46 - 2014-12-15 14:53 - 00000000 ____D () C:\Users\Denda\AppData\Roaming\Seznam.cz
2014-11-22 21:45 - 2014-11-22 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-22 21:44 - 2014-11-22 21:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-21 09:46 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-15 19:50 - 2014-11-15 19:50 - 00261434 _____ () C:\Users\Niky\Downloads\B071.tmp
2014-11-15 19:39 - 2014-11-15 19:39 - 01012495 _____ () C:\Users\Niky\Downloads\E7E8.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 15:19 - 2014-05-06 15:01 - 00000000 ____D () C:\Users\Denda\Desktop\Nová složka (2)
2014-12-15 15:07 - 2012-02-18 18:07 - 00000000 ____D () C:\Users\Denda\AppData\Roaming\Skype
2014-12-15 15:05 - 2013-11-29 17:30 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 14:52 - 2010-11-12 12:30 - 01124503 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 14:46 - 2014-05-25 20:44 - 00047034 _____ () C:\Windows\PFRO.log
2014-12-15 14:46 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 14:46 - 2006-11-02 13:47 - 00003952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 14:46 - 2006-11-02 13:47 - 00003952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 14:45 - 2010-02-22 10:34 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-12-15 14:45 - 2006-11-02 14:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-15 11:07 - 2013-11-19 17:06 - 00000000 ____D () C:\rsit
2014-12-15 11:06 - 2012-09-09 13:08 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-15 11:05 - 2010-10-04 22:30 - 00000000 ____D () C:\Program Files\trend micro
2014-12-15 10:51 - 2012-02-18 13:50 - 00000000 ____D () C:\Users\Niky\AppData\Roaming\Skype
2014-12-14 22:28 - 2010-02-20 10:10 - 00000000 ____D () C:\Users\Niky\AppData\Roaming\vlc
2014-12-13 21:04 - 2013-11-14 19:16 - 00000000 ____D () C:\Users\Niky\AppData\Local\CrashDumps
2014-12-13 11:22 - 2010-02-20 10:08 - 00198656 _____ () C:\Users\Niky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-13 00:33 - 2010-12-25 15:12 - 00000000 ____D () C:\ProgramData\Origin
2014-12-12 19:33 - 2011-11-28 12:29 - 00000000 ____D () C:\Program Files\Origin
2014-12-12 18:54 - 2014-10-05 13:51 - 00000000 ___RD () C:\Program Files\Skype
2014-12-12 18:54 - 2012-02-18 13:49 - 00000000 ____D () C:\ProgramData\Skype
2014-12-11 20:05 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-11 19:27 - 2013-07-17 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 19:13 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-10 19:05 - 2012-04-16 10:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 19:05 - 2011-06-09 15:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:41 - 2013-11-21 15:53 - 00000000 ____D () C:\Users\Niky\AppData\Local\Apple Computer
2014-12-09 16:42 - 2012-10-05 20:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-07 22:29 - 2014-07-10 10:26 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-12-07 22:29 - 2013-11-21 15:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-07 22:26 - 2010-02-19 13:30 - 00000000 ____D () C:\Users\Denda
2014-12-07 18:36 - 2012-04-01 15:19 - 00000000 ____D () C:\Users\Niky\.gimp-2.6
2014-12-07 18:36 - 2010-02-19 13:42 - 00000000 ____D () C:\Users\Niky
2014-12-07 18:35 - 2012-04-01 15:24 - 00000000 ____D () C:\Users\Niky\AppData\Roaming\gtk-2.0
2014-12-01 13:54 - 2010-12-25 15:09 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-01 12:06 - 2014-01-22 18:20 - 00000000 ____D () C:\Users\Niky\Desktop\gimp
2014-12-01 09:57 - 2014-10-02 20:43 - 00000000 ____D () C:\Users\Niky\Desktop\sgs2
2014-12-01 09:02 - 2011-11-28 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-29 09:49 - 2006-11-02 11:33 - 01541274 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 14:04 - 2010-02-19 18:36 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-22 21:54 - 2014-04-30 17:04 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-22 21:54 - 2014-04-04 18:50 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-22 21:54 - 2014-04-04 18:50 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-22 21:54 - 2014-04-04 18:50 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-22 21:54 - 2014-04-04 18:50 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-22 21:54 - 2014-04-04 18:50 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-22 21:54 - 2014-04-04 18:50 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-11-22 21:54 - 2014-04-04 18:50 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-22 21:49 - 2006-11-02 11:23 - 00000653 _____ () C:\Windows\win.ini
2014-11-21 09:44 - 2014-07-09 08:46 - 00002381 _____ () C:\Windows\setupact.log
2014-11-17 16:24 - 2014-08-29 14:52 - 00000000 _____ () C:\Users\Niky\Desktop\▶ Timeflies - All The Way (Lyric Video) - YouTube.mp4

Some content of TEMP:
====================
C:\Users\Denda\AppData\Local\temp\7za.exe
C:\Users\Denda\AppData\Local\temp\hijackthis.exe
C:\Users\Denda\AppData\Local\temp\NirCmd.exe
C:\Users\Denda\AppData\Local\temp\PEVZ.EXE
C:\Users\Denda\AppData\Local\temp\Quarantine.exe
C:\Users\Denda\AppData\Local\temp\remove.exe
C:\Users\Denda\AppData\Local\temp\sed.exe
C:\Users\Denda\AppData\Local\temp\shortcut.exe
C:\Users\Denda\AppData\Local\temp\sqlite3.dll
C:\Users\Denda\AppData\Local\temp\swreg.exe
C:\Users\Denda\AppData\Local\temp\swxcacls.exe
C:\Users\Denda\AppData\Local\temp\wget.exe
C:\Users\Denda\AppData\Local\temp\zoek-delete.exe
C:\Users\Niky\AppData\Local\temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Niky\Desktop\▶ Timeflies - All The Way (Lyric Video) - YouTube.mp4:TOC.WMV

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Denda\Desktop" je 1263 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

denda79 · #13 Příspěvek od **denda79** » 15 pro 2014 15:36

addition

#14 Příspěvek od **vyosek** » 15 pro 2014 15:42

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Denda\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Denda\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\RunOnce: [Adobe Speed Launcher] => 1418651374
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-4059563009-2977995597-3497063016-1001\User: Group Policy restriction detected <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

2014-12-15 15:32 - 2014-12-15 15:32 - 00018118 _____ () C:\Users\Denda\Desktop\FRST.txt
2014-12-15 15:30 - 2014-12-15 15:30 - 00112640 _____ (forum.viry.cz) C:\Users\Denda\Desktop\FRSTLauncher.exe
2014-12-15 15:16 - 2014-12-15 15:16 - 01295360 _____ () C:\Users\Denda\Desktop\zoek.exe
2014-12-15 15:11 - 2014-12-15 15:16 - 00000002 _____ () C:\runcheck.txt
2014-12-15 15:11 - 2014-12-15 15:11 - 00000000 ____D () C:\zoek_backup
2014-12-15 14:40 - 2014-12-15 14:45 - 00000000 ____D () C:\AdwCleaner
2014-12-15 14:38 - 2014-12-15 14:38 - 02166272 _____ () C:\Users\Denda\Desktop\adwcleaner_4.105.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

denda79 · #15 Příspěvek od **denda79** » 15 pro 2014 16:12

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-12-2014 01
Ran by Denda at 2014-12-15 16:03:32 Run:1
Running from C:\Users\Denda\Desktop
Loaded Profile: Denda (Available profiles: Denda & Niky)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Denda\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Denda\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\RunOnce: [Adobe Speed Launcher] => 1418651374
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-4059563009-2977995597-3497063016-1001\User: Group Policy restriction detected <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

2014-12-15 15:32 - 2014-12-15 15:32 - 00018118 _____ () C:\Users\Denda\Desktop\FRST.txt
2014-12-15 15:30 - 2014-12-15 15:30 - 00112640 _____ (forum.viry.cz) C:\Users\Denda\Desktop\FRSTLauncher.exe
2014-12-15 15:16 - 2014-12-15 15:16 - 01295360 _____ () C:\Users\Denda\Desktop\zoek.exe
2014-12-15 15:11 - 2014-12-15 15:16 - 00000002 _____ () C:\runcheck.txt
2014-12-15 15:11 - 2014-12-15 15:11 - 00000000 ____D () C:\zoek_backup
2014-12-15 14:40 - 2014-12-15 14:45 - 00000000 ____D () C:\AdwCleaner
2014-12-15 14:38 - 2014-12-15 14:38 - 02166272 _____ () C:\Users\Denda\Desktop\adwcleaner_4.105.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value deleted successfully.
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value deleted successfully.
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4059563009-2977995597-3497063016-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4059563009-2977995597-3497063016-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value deleted successfully.
"HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => Key not found.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\Denda\Desktop\FRST.txt => Moved successfully.
C:\Users\Denda\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Denda\Desktop\zoek.exe => Moved successfully.
C:\runcheck.txt => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Denda\Desktop\adwcleaner_4.105.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 684.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

VIRY.CZ

avast hlásí Hrozba:Win32:Adware-gen (adw)

avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)

Re: avast hlásí Hrozba:Win32:Adware-gen (adw)