Prosím o kontrolu logu vir PČR

Zpráva

jarek89 · #1 Příspěvek od **jarek89** » 02 srp 2013 19:12

Ahoj kámoš zrovna dostal do noťasu nejnovější verzi tohoto viru, který zablokovává nouzový režim log jsem udělal podle návodu co tu je, prosím tedy o kontrolu a následný postup jak se ho zbavit bez přeinstalování systému. Díky

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by JB (administrator) on 02-08-2013 16:23:27
Running from J:\
Windows 7 Home Premium (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-28] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
HKLM-x32\...\Winlogon: [Shell] explorer.exe shell.exe [x ] () <=== ATTENTION
HKCU\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKCU\...\Run: [Google Update] - C:\Users\JB\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-29] (Google Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [1022352 2012-09-02] (BitTorrent, Inc.)
HKCU\...\Run: [StudentDOG] - C:\Program Files (x86)\Programs\Student DOG\StudentDOG.exe [2102272 2011-01-02] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [BlazeServoTool] - "C:\Program Files (x86)\BlazeVideo\BlazeVideo HDTV Player 6.6 Professional\MediaDetector.exe" [x]
HKCU\...\Run: [Facebook Update] - C:\Users\JB\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [Sony Ericsson PC Companion] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [774144 2009-12-08] (Sony Ericsson Mobile Communications AB)
HKCU\...\Run: [EPSON SX125 Series] - C:\Windows\TEMP\E_S1F73.tmp [126 2012-05-31] ()
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\JB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-12-28] (Gemalto N.V.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [Tiiait] - C:\Users\JB\AppData\Roaming\Tiiait.exe [x]
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\JB\AppData\Roaming\cache.dat [90624 2011-11-17] () <==== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {2835cad8-d754-11e1-b8e5-70f39567e6b4} - I:\autorun.exe
MountPoints2: {37fffdac-cf20-11e1-a652-70f39567e6b4} - G:\CDCheck.exe
MountPoints2: {37fffdb4-cf20-11e1-a652-70f39567e6b4} - H:\CDCheck.exe
MountPoints2: {61b60b3c-9e09-11e1-9d5e-70f39539fccc} - G:\Startme.exe
MountPoints2: {6e7a5b16-f35c-11e0-a1b6-99211a016dba} - F:\setup\rsrc\Autorun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ConduitHelper] - C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe [274216 2011-08-31] (Conduit Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [249856 2010-09-08] ()
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [2837864 2010-06-28] (AVAST Software)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-11-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://qip.ru
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
URLSearchHook: (No Name) - {95289393-33EA-4F8D-B952-483415B9C955} - No File
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {19882090-72DA-4D5F-8AC6-7E7BE5FF1C09} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKLM-x32 - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL =
SearchScopes: HKLM-x32 - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2786678
SearchScopes: HKCU - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKCU - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2786678
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-08-17] (EasyBits Software Corp.)
ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
ShellExecuteHooks-x32: - {DAE0285D-0788-4E87-985E-01DF2EDE4ACD} - C:\Windows\SysWow64\Wshxt.dll [53248 2012-07-16] ()

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\JB\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\JB\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\JB\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live\\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\JB\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\JB\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Collorfull Parking lot) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihiejogcgadaaodnnebjbmflfopemlg\1_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Gmail) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\JB\AppData\Local\Temp\crxE2D1.tmp
CHR StartMenuInternet: Google Chrome - C:\Users\JB\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-11-21] ()
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [79872 2010-09-07] ()
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-12-05] ()
S2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2012-12-05] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-06-28] (ALWIL Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [61008 2010-06-28] (ALWIL Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-28] (ALWIL Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [432720 2010-06-28] (ALWIL Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-06-28] (ALWIL Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-06-28] (ALWIL Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-10-11] (DT Soft Ltd)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164864 2012-07-10] (ITE )
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [42896 2010-06-08] (Oracle Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-02 16:23 - 2013-08-02 16:23 - 00000000 ____D C:\FRST
2013-07-31 18:25 - 2013-07-31 18:25 - 00377920 _____ (AVAST Software) C:\Users\JB\Downloads\aswclear.exe
2013-07-31 18:25 - 2013-07-31 18:25 - 00377920 _____ (AVAST Software) C:\Users\JB\Desktop\aswclear.exe
2013-07-31 16:44 - 2013-07-31 18:01 - 00000004 _____ C:\Users\JB\AppData\Roaming\cache.ini
2013-07-31 16:39 - 2013-07-31 16:31 - 00090624 _____ C:\Users\JB\Desktop\video_hd.exe
2013-07-31 16:38 - 2013-07-31 16:38 - 00062125 _____ C:\Users\JB\Downloads\video_hd.zip
2013-07-31 16:38 - 2013-07-31 16:38 - 00062125 _____ C:\Users\JB\Downloads\video_hd (1).zip
2013-07-31 13:14 - 2013-07-31 13:14 - 00000000 _____ C:\Users\JB\Desktop\stažený soubor.htm
2013-07-29 19:23 - 2013-07-29 19:26 - 26419203 _____ C:\Users\JB\Desktop\Hudební dno.wmv
2013-07-29 09:49 - 2013-07-29 09:49 - 00001976 _____ C:\Users\JB\Downloads\Provozní na ubytovně Ostrava www.avizo.cz.url
2013-07-29 09:48 - 2013-07-29 09:48 - 00014093 _____ C:\Users\JB\Downloads\visa[1].html
2013-07-28 18:20 - 2013-07-28 19:39 - 733585196 _____ C:\Users\JB\Desktop\Milionář-z-chatrče-CZ.avi
2013-07-28 17:47 - 2013-07-28 17:47 - 00000000 ____D C:\Users\JB\Desktop\F
2013-07-28 10:27 - 2013-07-28 10:27 - 00000031 _____ C:\Users\JB\Downloads\ostrava.mp3.m3u
2013-07-25 21:06 - 2013-07-25 21:06 - 00000000 ____D C:\Users\JB\Desktop\Big Bang theory CZ
2013-07-25 21:04 - 2013-07-25 21:04 - 00064193 _____ C:\Users\JB\Desktop\[CzT]Teorie_velkeho_tresku_Big_Bang_theory_1_5_serie_CZ_TVRip_.torrent
2013-07-25 19:57 - 2013-07-25 20:38 - 736137216 _____ C:\Users\JB\Desktop\Percy-Jackson-Zlodej-blesku-(Percy-Jackson-&-the-Olympians-The-Lightning-Thief).avi
2013-07-25 06:17 - 2013-07-25 06:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-14 19:25 - 2013-07-16 19:24 - 00000000 ____D C:\Users\JB\Documents\Prototype
2013-07-14 19:23 - 2013-07-14 19:23 - 00001612 _____ C:\Users\JB\Desktop\prototype.lnk
2013-07-14 19:11 - 2013-07-14 19:19 - 00000000 ____D C:\Root
2013-07-14 18:32 - 2009-06-09 21:06 - 3674800128 _____ C:\Users\JB\Desktop\rzr-prot.iso
2013-07-13 19:31 - 2013-07-13 19:31 - 00002368 _____ C:\Users\JB\Downloads\Pomocný dělník ve výrobě - Volné pracovní místo OSTRAVA.url
2013-07-13 08:57 - 2009-09-16 22:29 - 29161790 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\JB\Desktop\nemcina-demo.exe
2013-07-13 08:56 - 2013-07-13 08:56 - 29108498 _____ C:\Users\JB\Downloads\nedemo.zip
2013-07-11 10:53 - 2013-07-11 10:53 - 00071438 _____ C:\Users\JB\Downloads\[CzT]Harry-Potter-Komplet-CZ-by-James.torrent
2013-07-11 09:48 - 2013-07-11 10:40 - 935385786 _____ C:\Users\JB\Desktop\Zálesák---Forest-Warrior---Chuck-Norris--Rodinný-Dobrodružný-Komedie-Akční-USA,-1996,-budul-93-min-cz.avi
2013-07-11 09:17 - 2013-07-12 10:06 - 00000000 ____D C:\Users\JB\Downloads\constantine
2013-07-11 09:16 - 2013-07-11 09:16 - 00019480 _____ C:\Users\JB\Downloads\[CzT]Constantine_Constantine_2005_.torrent
2013-07-11 09:15 - 2013-07-11 09:15 - 00011633 _____ C:\Users\JB\Downloads\[CzT]Constantine_CZ (1).torrent
2013-07-10 18:29 - 2013-07-10 18:29 - 00013002 _____ C:\Users\JB\Downloads\[CzT]Hobit_Neocekavana_cesta_The_Hobbit_An_Unexpected_Journey_2012_CZ_.torrent
2013-07-09 17:21 - 2013-07-09 17:21 - 00001117 _____ C:\Users\JB\Downloads\Soustružník Ostrava-Kunčice Dobrá práce.cz (3).url
2013-07-08 20:56 - 2013-07-08 20:59 - 00000000 ____D C:\Users\JB\Desktop\Constantine
2013-07-08 20:50 - 2013-07-08 20:50 - 00011633 _____ C:\Users\JB\Downloads\[CzT]Constantine_CZ.torrent
2013-07-08 20:03 - 2013-07-08 19:27 - 03090483 _____ C:\Users\JB\Desktop\VID_20130708_192635.3gp
2013-07-08 13:35 - 2013-07-08 13:35 - 00001418 _____ C:\Users\JB\Downloads\vazač-ka, FRYMEL TRADE s.r.o. - Ostrava.url
2013-07-08 13:32 - 2013-07-08 13:33 - 00002239 _____ C:\Users\JB\Downloads\strážný-á - recepční, AVES Servisní a.s. - Ostrava.url
2013-07-08 07:30 - 2013-07-08 07:30 - 00001813 _____ C:\Users\JB\Desktop\993897_10201776920172561_133108716_n.jpg – zástupce.lnk
2013-07-06 17:50 - 2013-07-06 17:50 - 00000000 ____D C:\Users\JB\Desktop\Fretka
2013-07-04 12:32 - 2013-07-16 09:22 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJB
2013-07-04 12:32 - 2013-07-16 09:22 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForJB.job

==================== One Month Modified Files and Folders =======

2013-08-02 16:18 - 2010-08-18 03:02 - 05977784 _____ C:\Windows\system32\perfh005.dat
2013-08-02 16:18 - 2010-08-18 03:02 - 01985862 _____ C:\Windows\system32\perfc005.dat
2013-08-02 16:18 - 2009-07-14 07:13 - 00005596 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-01 07:22 - 2011-10-12 04:00 - 00000000 ____D C:\ProgramData\Recovery
2013-07-31 18:25 - 2013-07-31 18:25 - 00377920 _____ (AVAST Software) C:\Users\JB\Downloads\aswclear.exe
2013-07-31 18:25 - 2013-07-31 18:25 - 00377920 _____ (AVAST Software) C:\Users\JB\Desktop\aswclear.exe
2013-07-31 18:25 - 2010-08-19 01:44 - 02042314 _____ C:\Windows\WindowsUpdate.log
2013-07-31 18:03 - 2011-08-29 12:33 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job
2013-07-31 18:01 - 2013-07-31 16:44 - 00000004 _____ C:\Users\JB\AppData\Roaming\cache.ini
2013-07-31 17:43 - 2011-09-05 14:38 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003UA.job
2013-07-31 17:40 - 2011-08-30 09:35 - 00000000 ____D C:\Users\JB\AppData\Roaming\Skype
2013-07-31 17:37 - 2013-03-03 17:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 16:45 - 2012-03-14 12:58 - 00000970 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job
2013-07-31 16:38 - 2013-07-31 16:38 - 00062125 _____ C:\Users\JB\Downloads\video_hd.zip
2013-07-31 16:38 - 2013-07-31 16:38 - 00062125 _____ C:\Users\JB\Downloads\video_hd (1).zip
2013-07-31 16:31 - 2013-07-31 16:39 - 00090624 _____ C:\Users\JB\Desktop\video_hd.exe
2013-07-31 14:43 - 2011-09-05 14:38 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003Core.job
2013-07-31 13:14 - 2013-07-31 13:14 - 00000000 _____ C:\Users\JB\Desktop\stažený soubor.htm
2013-07-30 22:03 - 2011-08-29 12:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job
2013-07-30 19:45 - 2012-03-14 12:58 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job
2013-07-30 09:22 - 2011-11-08 10:55 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-30 09:22 - 2011-09-13 21:14 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-30 01:07 - 2012-07-16 13:18 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{32C8AE03-4433-4784-9F4A-A70B78AA895A}
2013-07-29 19:26 - 2013-07-29 19:23 - 26419203 _____ C:\Users\JB\Desktop\Hudební dno.wmv
2013-07-29 09:49 - 2013-07-29 09:49 - 00001976 _____ C:\Users\JB\Downloads\Provozní na ubytovně Ostrava www.avizo.cz.url
2013-07-29 09:48 - 2013-07-29 09:48 - 00014093 _____ C:\Users\JB\Downloads\visa[1].html
2013-07-29 07:55 - 2011-09-17 18:20 - 00000000 ____D C:\Users\JB\AppData\Roaming\uTorrent
2013-07-28 22:25 - 2011-09-26 07:59 - 00000000 ___RD C:\Users\JB\Desktop\My Shared Folder
2013-07-28 19:39 - 2013-07-28 18:20 - 733585196 _____ C:\Users\JB\Desktop\Milionář-z-chatrče-CZ.avi
2013-07-28 17:47 - 2013-07-28 17:47 - 00000000 ____D C:\Users\JB\Desktop\F
2013-07-28 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-28 10:27 - 2013-07-28 10:27 - 00000031 _____ C:\Users\JB\Downloads\ostrava.mp3.m3u
2013-07-25 21:06 - 2013-07-25 21:06 - 00000000 ____D C:\Users\JB\Desktop\Big Bang theory CZ
2013-07-25 21:04 - 2013-07-25 21:04 - 00064193 _____ C:\Users\JB\Desktop\[CzT]Teorie_velkeho_tresku_Big_Bang_theory_1_5_serie_CZ_TVRip_.torrent
2013-07-25 20:38 - 2013-07-25 19:57 - 736137216 _____ C:\Users\JB\Desktop\Percy-Jackson-Zlodej-blesku-(Percy-Jackson-&-the-Olympians-The-Lightning-Thief).avi
2013-07-25 06:21 - 2013-07-25 06:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-18 18:28 - 2011-09-26 07:59 - 00000000 ____D C:\Users\JB\AppData\Local\Ares
2013-07-18 14:36 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 14:36 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 19:24 - 2013-07-14 19:25 - 00000000 ____D C:\Users\JB\Documents\Prototype
2013-07-16 09:22 - 2013-07-04 12:32 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJB
2013-07-16 09:22 - 2013-07-04 12:32 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForJB.job
2013-07-16 09:22 - 2012-07-16 12:41 - 00003226 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFBI_PROPERTY$
2013-07-16 09:22 - 2012-07-16 12:41 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForFBI_PROPERTY$.job
2013-07-14 19:23 - 2013-07-14 19:23 - 00001612 _____ C:\Users\JB\Desktop\prototype.lnk
2013-07-14 19:20 - 2011-08-29 12:02 - 00429443 _____ C:\Windows\DirectX.log
2013-07-14 19:19 - 2013-07-14 19:11 - 00000000 ____D C:\Root
2013-07-14 19:19 - 2010-08-17 17:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-14 19:11 - 2013-03-03 18:33 - 00000000 ____D C:\Program Files (x86)\Activision
2013-07-13 19:31 - 2013-07-13 19:31 - 00002368 _____ C:\Users\JB\Downloads\Pomocný dělník ve výrobě - Volné pracovní místo OSTRAVA.url
2013-07-13 08:56 - 2013-07-13 08:56 - 29108498 _____ C:\Users\JB\Downloads\nedemo.zip
2013-07-12 21:58 - 2011-08-29 12:33 - 00003914 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA
2013-07-12 21:58 - 2011-08-29 12:33 - 00003518 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core
2013-07-12 14:04 - 2013-06-11 11:07 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-12 14:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-12 14:02 - 2009-07-14 06:51 - 00184316 _____ C:\Windows\setupact.log
2013-07-12 10:06 - 2013-07-11 09:17 - 00000000 ____D C:\Users\JB\Downloads\constantine
2013-07-11 12:33 - 2012-05-13 08:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 12:33 - 2012-05-13 08:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 10:53 - 2013-07-11 10:53 - 00071438 _____ C:\Users\JB\Downloads\[CzT]Harry-Potter-Komplet-CZ-by-James.torrent
2013-07-11 10:40 - 2013-07-11 09:48 - 935385786 _____ C:\Users\JB\Desktop\Zálesák---Forest-Warrior---Chuck-Norris--Rodinný-Dobrodružný-Komedie-Akční-USA,-1996,-budul-93-min-cz.avi
2013-07-11 09:16 - 2013-07-11 09:16 - 00019480 _____ C:\Users\JB\Downloads\[CzT]Constantine_Constantine_2005_.torrent
2013-07-11 09:15 - 2013-07-11 09:15 - 00011633 _____ C:\Users\JB\Downloads\[CzT]Constantine_CZ (1).torrent
2013-07-11 07:40 - 2011-08-29 17:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 18:37 - 2012-12-05 22:09 - 00000000 ____D C:\Users\JB\Desktop\Plocha
2013-07-10 18:29 - 2013-07-10 18:29 - 00013002 _____ C:\Users\JB\Downloads\[CzT]Hobit_Neocekavana_cesta_The_Hobbit_An_Unexpected_Journey_2012_CZ_.torrent
2013-07-09 17:21 - 2013-07-09 17:21 - 00001117 _____ C:\Users\JB\Downloads\Soustružník Ostrava-Kunčice Dobrá práce.cz (3).url
2013-07-08 20:59 - 2013-07-08 20:56 - 00000000 ____D C:\Users\JB\Desktop\Constantine
2013-07-08 20:50 - 2013-07-08 20:50 - 00011633 _____ C:\Users\JB\Downloads\[CzT]Constantine_CZ.torrent
2013-07-08 19:27 - 2013-07-08 20:03 - 03090483 _____ C:\Users\JB\Desktop\VID_20130708_192635.3gp
2013-07-08 13:35 - 2013-07-08 13:35 - 00001418 _____ C:\Users\JB\Downloads\vazač-ka, FRYMEL TRADE s.r.o. - Ostrava.url
2013-07-08 13:33 - 2013-07-08 13:32 - 00002239 _____ C:\Users\JB\Downloads\strážný-á - recepční, AVES Servisní a.s. - Ostrava.url
2013-07-08 07:30 - 2013-07-08 07:30 - 00001813 _____ C:\Users\JB\Desktop\993897_10201776920172561_133108716_n.jpg – zástupce.lnk
2013-07-06 17:50 - 2013-07-06 17:50 - 00000000 ____D C:\Users\JB\Desktop\Fretka

Files to move or delete:
====================
C:\Users\JB\AppData\Roaming\cache.dat
C:\Users\JB\AppData\Roaming\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!

LastRegBack: 2013-07-03 11:45

==================== End Of Log ============================

#2 Příspěvek od **vyosek** » 02 srp 2013 19:34

Zdravim

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

HKLM-x32\...\Winlogon: [Shell] explorer.exe shell.exe [x ] () <=== ATTENTION
HKCU\...\Run: [Google Update] - C:\Users\JB\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-29] (Google Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [1022352 2012-09-02] (BitTorrent, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [BlazeServoTool] - "C:\Program Files (x86)\BlazeVideo\BlazeVideo HDTV Player 6.6 Professional\MediaDetector.exe" [x]
HKCU\...\Run: [Facebook Update] - C:\Users\JB\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [Sony Ericsson PC Companion] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [774144 2009-12-08] (Sony Ericsson Mobile Communications AB)
HKCU\...\Run: [EPSON SX125 Series] - C:\Windows\TEMP\E_S1F73.tmp [126 2012-05-31] ()
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\JB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-12-28] (Gemalto N.V.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [Tiiait] - C:\Users\JB\AppData\Roaming\Tiiait.exe [x]
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\JB\AppData\Roaming\cache.dat [90624 2011-11-17] () <==== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ConduitHelper] - C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe [274216 2011-08-31] (Conduit Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [249856 2010-09-08] ()
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-11-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://qip.ru
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
URLSearchHook: (No Name) - {95289393-33EA-4F8D-B952-483415B9C955} - No File
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {19882090-72DA-4D5F-8AC6-7E7BE5FF1C09} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL =
SearchScopes: HKLM-x32 - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\JB\AppData\Local\Temp\crxE2D1.tmp
S2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-11-21] ()
2013-07-31 16:44 - 2013-07-31 18:01 - 00000004 _____ C:\Users\JB\AppData\Roaming\cache.ini
2013-07-04 12:32 - 2013-07-16 09:22 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJB
2013-07-04 12:32 - 2013-07-16 09:22 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForJB.job
2013-07-31 18:03 - 2011-08-29 12:33 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job
2013-07-31 17:43 - 2011-09-05 14:38 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003UA.job
2013-07-31 16:45 - 2012-03-14 12:58 - 00000970 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job
2013-07-31 14:43 - 2011-09-05 14:38 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003Core.job
2013-07-30 22:03 - 2011-08-29 12:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job
2013-07-30 19:45 - 2012-03-14 12:58 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job
C:\Program Files (x86)\Guard-ICQ
C:\Program Files (x86)\DAEMON Tools Toolbar
C:\Program Files (x86)\uTorrentBar
C:\Users\JB\AppData\Roaming\cache.dat
Hosts:
CMD: shutdown /r

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

jarek89 · #3 Příspěvek od **jarek89** » 02 srp 2013 20:02

Ahoj tak jsem to udělal jak si mi napsal notebook sice v nouzovém režimu nepadá jak padal ale stále se spouští v nouzovém režimu, nevím jak ho přepnout do běžného.

#4 Příspěvek od **vyosek** » 02 srp 2013 20:23

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
msconfig
```
Kliknete na OK

Zkontrolujte ci mate podobe nastaveni jako na obrazku = NEsmi byt zaskrtnuta moznost Bezpecne spousteni

: nasteveni SB; safeboot.png (17.7 KiB) Zobrazeno 1357 x

Pote restart a uvidite

jarek89 · #5 Příspěvek od **jarek89** » 02 srp 2013 20:34

Díky za rychlou odpověď notebook už funguje.....mám udělat ještě nějaký krok jak se toho viru zbavit definitivně nebo už tam vůbec není

PS: Pokud je to vše tak já a kamarád děkuje šlo mu hlavně o ty fotky bohužel nemá externí (záložní HDD).

#6 Příspěvek od **vyosek** » 02 srp 2013 20:38

Podruhe jsem Vam odstranil citaci me odpovedi, pouzivejte tlacitko Odpovedet, jen to zneprehlednujete

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

jarek89 · #7 Příspěvek od **jarek89** » 02 srp 2013 20:58

Zdravím tak tu máte ten log:

# AdwCleaner v2.306 - Log vytvooen 02/08/2013 v 21:55:33
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium (64 bits)
# Uživatel : JB - FBI_PROPERTY
# Spuštin systém : Normální
# Spuštino z : C:\Users\JB\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\Conduit
Složka Nalezeno : C:\Program Files (x86)\ICQ6Toolbar
Složka Nalezeno : C:\ProgramData\ICQ\ICQToolbar
Složka Nalezeno : C:\ProgramData\Premium
Složka Nalezeno : C:\Users\JB\AppData\Local\Conduit
Složka Nalezeno : C:\Users\JB\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\JB\AppData\LocalLow\PriceGong
Složka Nalezeno : C:\Users\JB\AppData\LocalLow\uTorrentBar
Složka Nalezeno : C:\Users\JB\AppData\Roaming\OpenCandy

***** [Registry] *****

Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\PriceGong
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\uTorrentBar
Klíe Nalezeno : HKCU\Software\AppDataLow\Toolbar
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\Software\ICQ\ICQToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Nalezeno : HKLM\Software\uTorrentBar
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0330D6D6-BC53-46FD-903C-5B4B4D1EE0D1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B70495B8-C112-495F-B5E8-C0294399B9C5}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.7600.17267

[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [3450 octets] - [02/08/2013 21:55:33]

########## EOF - C:\AdwCleaner[R1].txt - [3510 octets] ##########

#8 Příspěvek od **vyosek** » 02 srp 2013 21:01

Delate si s tou citaci mych odpovedi legraci?? Proc to porad citujete

To nevidite velke tlacitko nahore nebo dole v tematu ODPOVEDET

jarek89 · #9 Příspěvek od **jarek89** » 02 srp 2013 21:20

Omlouvám se už jsem to upravil dával jsem to tu v rychlosti

samozdřejmě že vidím

#10 Příspěvek od **vyosek** » 02 srp 2013 21:23

rychle se ani s prominutim pes nevyse*e...Honem honem a takhle to dopada...

Nyni budu chtit 3 logy, kazdy dejte do samostatne odpovedi...

Dejte mi sem fixlog, ktery vznikl na flash disku

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

jarek89 · #11 Příspěvek od **jarek89** » 02 srp 2013 21:34

Chci se zeptat jaký fixlog ten co jste mi tu posílal nebo ten log co vytvořil adwCleaner?

#12 Příspěvek od **vyosek** » 02 srp 2013 21:55

Fixlog vznikl na flash disku po oprave pomoci FRST

Po smazani AdwCleanerem vznikne log C:\AdwCleaner [S1].txt ten chci

A nakonec log.txt z RSIT

jarek89 · #13 Příspěvek od **jarek89** » 02 srp 2013 21:58

Pokud jste myslel ten fixlog.txt co jste mi posílal tak ten mám zde:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2013
Ran by JB at 2013-08-02 20:54:23 Run:1
Running from J:\
Boot Mode: Safe Mode (minimal)
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BlazeServoTool => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Sony Ericsson PC Companion => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON SX125 Series => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SanDiskSecureAccess_Manager.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Tiiait => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ConduitHelper => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HTC Sync Loader => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{95289393-33EA-4F8D-B952-483415B9C955} => Value deleted successfully.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKCR\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key deleted successfully.
HKCR\CLSID\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key deleted successfully.
HKCR\CLSID\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully.
HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value deleted successfully.
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj => Key deleted successfully.
"C:\Users\JB\AppData\Local\Temp\crxE2D1.tmp" => File/Directory not found.
Guard.Mail.ru => Service deleted successfully.
C:\Users\JB\AppData\Roaming\cache.ini => Moved successfully.
C:\Windows\System32\Tasks\HPCeeScheduleForJB => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForJB.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job => Moved successfully.
C:\Program Files (x86)\Guard-ICQ => Moved successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar => Moved successfully.
C:\Program Files (x86)\uTorrentBar => Moved successfully.
C:\Users\JB\AppData\Roaming\cache.dat => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r =========

========= End of CMD: =========

==== End of Fixlog ====

jarek89 · #14 Příspěvek od **jarek89** » 02 srp 2013 22:01

S1 zde
# AdwCleaner v2.306 - Log vytvooen 02/08/2013 v 22:36:36
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium (64 bits)
# Uživatel : JB - FBI_PROPERTY
# Spuštin systém : Normální
# Spuštino z : C:\Users\JB\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\Conduit
Složka Vymazáno : C:\Program Files (x86)\ICQ6Toolbar
Složka Vymazáno : C:\ProgramData\ICQ\ICQToolbar
Složka Vymazáno : C:\ProgramData\Premium
Složka Vymazáno : C:\Users\JB\AppData\Local\Conduit
Složka Vymazáno : C:\Users\JB\AppData\LocalLow\Conduit
Složka Vymazáno : C:\Users\JB\AppData\LocalLow\PriceGong
Složka Vymazáno : C:\Users\JB\AppData\LocalLow\uTorrentBar
Složka Vymazáno : C:\Users\JB\AppData\Roaming\OpenCandy

***** [Registry] *****

Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\PriceGong
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\uTorrentBar
Klíe Vymazáno : HKCU\Software\AppDataLow\Toolbar
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\Software\ICQ\ICQToolbar
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Vymazáno : HKLM\Software\uTorrentBar
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0330D6D6-BC53-46FD-903C-5B4B4D1EE0D1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B70495B8-C112-495F-B5E8-C0294399B9C5}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.7600.17267

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [3579 octets] - [02/08/2013 21:55:33]
AdwCleaner[R2].txt - [3639 octets] - [02/08/2013 22:35:24]
AdwCleaner[S1].txt - [3605 octets] - [02/08/2013 22:36:36]

########## EOF - C:\AdwCleaner[S1].txt - [3665 octets] ##########

jarek89 · #15 Příspěvek od **jarek89** » 02 srp 2013 22:01

log z Rsit zde:

Logfile of random's system information tool 1.08 (written by random/random)
Run by JB at 2013-08-02 22:47:16
Microsoft Windows 7 Home Premium
System drive C: has 21 GB (7%) free of 284 GB
Total RAM: 3894 MB (63% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 2035792
\??\C:\Windows\system32\conhost.exe "-1071067432-704575194900988531416982517913829635-723662790-1728345415-307478516
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
C:\Windows\System32\spoolsv.exe
taskeng.exe {2F6D1AE0-2897-455E-9753-893BC5C434A7}
"C:\Program Files\DigitalPersona\Bin\DpHostW.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1192
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-acac6dcf-9561-4b88-bdbc-22d2e6247119 -SystemEventPortName:HostProcess-5441b481-3ed6-49cc-a78b-0d823fba0325 -IoCancelEventPortName:HostProcess-a3064527-4828-4f8e-a799-6557a209a285 -NonStateChangingEventPortName:HostProcess-3b2a2fc0-1d60-43ec-8f0a-44b145da253b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:443b29d1-7a88-402c-9894-6e0e2d468afe -DeviceGroupId:WpdFsGroup
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {EC989E1F-8BA0-4D34-9A76-E91C0EC16752}
"C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
taskeng.exe {B37EB2F7-C324-4208-B339-0AB2D8ADA386}
"C:\Users\JB\Desktop\RSITx64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" mode=windowless
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\HPCeeScheduleForFBI_PROPERTY$.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-17 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll [2013-04-02 1467528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-26 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-26 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll [2013-04-02 1467528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-06-22 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-06-22 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-06-22 414744]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-28 2096424]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-06-18 487424]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2010-01-20 611896]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-06-18 8192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [2010-02-09 1712184]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-06-16 2736128]
"StudentDOG"=C:\Program Files (x86)\Programs\Student DOG\StudentDOG.exe [2011-01-02 2102272]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-21 98304]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-06-29 602168]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2010-06-02 61112]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-06-22 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2010-08-17 52920]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"=C:\Windows\SysWow64\Wshxt.dll [2012-07-16 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DpHost]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-08-02 22:47:16 ----D---- C:\rsit
2013-08-02 22:47:16 ----D---- C:\Program Files\trend micro
2013-08-02 22:36:36 ----A---- C:\AdwCleaner[S1].txt
2013-08-02 22:35:24 ----A---- C:\AdwCleaner[R2].txt
2013-08-02 21:55:33 ----A---- C:\AdwCleaner[R1].txt
2013-08-02 21:30:31 ----D---- C:\Windows\pss
2013-08-02 16:23:12 ----D---- C:\FRST
2013-07-31 21:28:01 ----A---- C:\Windows\ntbtlog.txt
2013-07-25 06:17:12 ----D---- C:\Windows\system32\MRT
2013-07-14 19:11:18 ----D---- C:\Root

======List of files/folders modified in the last 1 months======

2013-08-02 22:48:21 ----D---- C:\Windows\System32
2013-08-02 22:48:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-02 22:48:01 ----HD---- C:\Windows\Temp
2013-08-02 22:47:16 ----RD---- C:\Program Files
2013-08-02 22:46:27 ----A---- C:\Windows\SYSWOW64\log.txt
2013-08-02 22:44:32 ----D---- C:\Windows\system32\config
2013-08-02 22:36:44 ----HD---- C:\ProgramData
2013-08-02 22:36:44 ----D---- C:\Program Files (x86)
2013-08-02 21:36:30 ----D---- C:\Windows\Prefetch
2013-08-02 21:30:31 ----D---- C:\Windows
2013-08-02 20:54:24 ----D---- C:\Windows\Tasks
2013-08-02 20:54:24 ----D---- C:\Windows\system32\Tasks
2013-08-02 20:54:24 ----D---- C:\Windows\system32\drivers\etc
2013-08-01 07:22:46 ----D---- C:\ProgramData\Recovery
2013-07-31 17:40:31 ----D---- C:\Users\JB\AppData\Roaming\Skype
2013-07-30 15:51:03 ----SHD---- C:\System Volume Information
2013-07-30 09:22:15 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-29 07:55:31 ----D---- C:\Users\JB\AppData\Roaming\uTorrent
2013-07-28 17:02:55 ----D---- C:\Windows\system32\NDF
2013-07-14 19:20:20 ----RSD---- C:\Windows\assembly
2013-07-14 19:19:45 ----SHD---- C:\Windows\Installer
2013-07-14 19:19:35 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-07-14 19:11:10 ----D---- C:\Program Files (x86)\Activision
2013-07-12 14:04:39 ----D---- C:\Program Files (x86)\Steam
2013-07-11 12:33:13 ----D---- C:\Program Files\Microsoft Silverlight
2013-07-11 12:33:12 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 12:32:35 ----A---- C:\log.txt
2013-07-11 07:40:33 ----D---- C:\ProgramData\Microsoft Help
2013-07-10 18:32:43 ----D---- C:\Windows\SysWOW64

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 28752]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2010-06-28 432720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 51280]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-11 254528]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-06-08 202576]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-08 53520]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-06-22 6856704]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-06-22 264192]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-08-19 3063360]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-10 342056]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-10 102952]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-06-10 135720]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-10 21544]
R3 clwvd;HP Webcam Splitter; C:\Windows\system32\DRIVERS\clwvd.sys [2010-06-24 32880]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-06-22 10342240]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-01-12 232992]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-06-18 515584]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-28 320560]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-08 144656]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-08 164176]
R3 WinUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552448]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-06-22 10342240]
S3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2012-07-10 164864]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-06-08 42896]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-06-22 203264]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-08 952096]
R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2010-04-23 445192]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 30520]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-29 27192]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-06-16 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-05-01 325656]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-07 79872]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-12-05 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2012-12-05 107832]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-06-18 258048]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-02-23 2192176]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2012-08-10 1001376]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11 256904]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-06-07 543656]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29 4737024]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

VIRY.CZ

Prosím o kontrolu logu vir PČR

Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR