Napadený email + vložený log z FRST

[rjesa]

Zdravím,

mám stejný problém jako uživatel "k.ats Předmět příspěvku: Napadeny mail Nový příspěvek Napsal: 10 čer 2016 06:02"[/i].

Na můj emailový účet chodí zprávy o nedoručených emailech, které jsem neposílal já (viz příspěvek níže). Provedl jsem postup dle odpovědi uživateli k.ats. Předem mnohokrát děkuji za pomoc.

P.S. Jak se mohla do emailu havět dostat? Mám podezření na mobil - od jisté doby mi tam začaly skákat reklamy (LENOVO A 916 objednán přes zprostředkovatele z Číny), které se nedají zastavit (zkoušel jsem factory reset, SD card format a nakonec i jakýsi Andorid BIOS reset, ale nic nepomohlo).

Rjesa

log z FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2016 01
Ran by Rysak (administrator) on RYSAK-PC (17-06-2016 11:19:47)
Running from C:\Users\Rysak\Desktop
Loaded Profiles: Rysak (Available Profiles: Rysak)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\Rysak\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\...\MountPoints2: {6e27f2df-8d17-11e5-b466-00269e59cfba} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3449996547-3212454148-2832534673-1000] => proxy.vscht.cz:3128
AutoConfigURL: [S-1-5-21-3449996547-3212454148-2832534673-1000] => proxy.vscht.cz:3128
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2C52957C-FEA8-437C-B6D4-2C05DDF564A7}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{69F5E04F-FC7B-4503-BFBD-758A38EF8DAF}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-08]
CHR Extension: (Dokumenty Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-08]
CHR Extension: (Disk Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Vyhledávání Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tabulky Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 11:19 - 2016-06-17 11:20 - 00006091 _____ C:\Users\Rysak\Desktop\FRST.txt
2016-06-17 11:19 - 2016-06-17 11:19 - 00000000 ____D C:\FRST
2016-06-17 11:18 - 2016-06-17 11:18 - 00112640 _____ (forum.viry.cz) C:\Users\Rysak\Desktop\FRSTLauncher.exe
2016-06-17 11:17 - 2016-06-17 11:17 - 00112640 _____ (forum.viry.cz) C:\Users\Rysak\Downloads\Nepotvrzeno 818065.crdownload
2016-06-17 11:16 - 2016-06-17 11:16 - 00112640 _____ (forum.viry.cz) C:\Users\Rysak\Downloads\Nepotvrzeno 484832.crdownload
2016-06-17 11:15 - 2016-06-17 11:15 - 01737216 _____ (Farbar) C:\Users\Rysak\Downloads\FRST.exe
2016-06-17 11:14 - 2016-06-17 11:14 - 01737216 _____ (Farbar) C:\Users\Rysak\Desktop\FRST.exe
2016-06-17 10:46 - 2016-06-17 10:46 - 00057153 _____ C:\Users\Rysak\Downloads\Faktura 1605220074.pdf
2016-06-15 22:40 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 22:40 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 22:40 - 2016-05-21 00:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 22:40 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 22:40 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 22:40 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 22:40 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 22:40 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 22:40 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 22:40 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 22:40 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 22:40 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 22:40 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 22:40 - 2016-05-20 23:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 22:40 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 22:40 - 2016-05-20 23:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 22:40 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 22:40 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 22:40 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 22:40 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 22:40 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 22:40 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 22:40 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 22:40 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 22:40 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 22:40 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 22:40 - 2016-05-20 23:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 22:40 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 22:40 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 22:40 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 22:40 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 22:40 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 22:40 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 22:40 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 22:40 - 2016-05-13 23:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 22:40 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 22:40 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 22:40 - 2016-05-12 17:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 22:40 - 2016-05-12 17:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 22:40 - 2016-05-12 17:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 22:40 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 22:40 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 22:40 - 2016-05-12 16:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 22:40 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 22:40 - 2016-05-12 16:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 22:40 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 22:40 - 2016-05-12 16:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 22:40 - 2016-05-12 16:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 22:40 - 2016-05-12 15:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 22:40 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 22:40 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 22:40 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 22:40 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 22:40 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 22:40 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 22:40 - 2016-05-11 16:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 22:39 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 22:39 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 22:39 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 22:39 - 2016-05-18 18:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-09 22:37 - 2016-06-09 22:37 - 00336482 _____ C:\Users\Rysak\Downloads\pozvánka_národní_setkání_2016 (1).pdf
2016-06-09 22:31 - 2016-06-09 22:31 - 00336482 _____ C:\Users\Rysak\Downloads\pozvánka_národní_setkání_2016.pdf
2016-06-09 22:31 - 2016-06-09 22:31 - 00212256 _____ C:\Users\Rysak\Downloads\MO_10000237350400.pdf
2016-06-09 22:31 - 2016-06-09 22:31 - 00203988 _____ C:\Users\Rysak\Downloads\PRE_100012065248.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 10:42 - 2015-08-08 14:04 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-17 10:29 - 2009-07-14 06:34 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-17 10:29 - 2009-07-14 06:34 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-17 10:27 - 2010-11-20 23:01 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-17 10:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-06-17 10:23 - 2015-08-12 10:31 - 00000000 ____D C:\Users\Rysak\AppData\Roaming\Skype
2016-06-17 10:22 - 2015-08-08 14:04 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 10:21 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-17 10:21 - 2009-07-14 06:33 - 00285032 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-13 19:31 - 2015-09-07 23:47 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-09 07:22 - 2015-08-08 14:06 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-09 07:22 - 2015-08-08 14:06 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 21:47 - 2015-08-07 11:35 - 00000000 ____D C:\Users\Rysak
2016-05-23 23:38 - 2015-11-04 20:38 - 00192000 ___SH C:\Users\Rysak\Documents\Thumbs.db
2016-05-21 08:53 - 2016-05-16 20:08 - 00000000 ____D C:\Users\Rysak\Desktop\LS2016
2016-05-18 03:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======


Some files in TEMP:
====================
C:\Users\Rysak\AppData\Local\Temp\atcMedia2021453845093.exe
C:\Users\Rysak\AppData\Local\Temp\atcMedia2811441776230.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Rysak\Desktop" je 3745 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Ukázka nevyžádaného emailu:

MAILER-DAEMON@ds9210.dedicated.turbodns.co.uk
Undelivered Mail Returned to Sender
Dnes 17. 6. 2016, 10:46:45
Komu: helanr@seznam.cz
g
This is the mail system at host ds9210.dedicated.turbodns.co.uk.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<marthulka@yahoo.com>: delivery temporarily suspended: lost connection with
mta7.am0.yahoodns.net[66.196.118.34] while sending RCPT TO

<lukas.merta@centrum.cz>: delivery temporarily suspended: connect to
cbx.virusfree.cz[2001:67c:ca1] Network is unreachable

<maki71@centrum.cz>: delivery temporarily suspended: connect to
cbx.virusfree.cz[2001:67c:ca1] Network is unreachable
---------- Původní zpráva ----------
Od: Palo Kovacik <helanr@seznam.cz>
Komu: lukas.merta <lukas.merta@centrum.cz>, m64 <m64@seznam.cz>, maki71 <maki71@centrum.cz>, marthulka <marthulka@yahoo.com>, mirakf <mirakf@seznam.cz>
Datum: 12. 6. 2016 6:43:06
Předmět: news
Hi,

I've just read some interesting news about our friend, just look at him, he is a star! Please read here http://crakocuse.bargaindevices.net/xyhnlcn

In haste, Palo Kovacik

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[rjesa]

Děkuji za odpověď a vkládám další log. Btw - jak je možné, že když jsem si změnil heslo do emailu na pc v práci (to předpokládám vir nemá), tak se stále emaily odesílají? Do mobilu jsem už nic nezadával - heslo email atp.

# AdwCleaner v5.200 - Logfile created 18/06/2016 at 00:01:08
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-17.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X86)
# Username : Rysak - RYSAK-PC
# Running from : C:\Users\Rysak\Desktop\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Conduit

***** [ Web browsers ] *****

[-] [C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : celtx.en.softonic.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [945 bytes] - [18/06/2016 00:01:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [1069 bytes] - [17/06/2016 23:56:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1090 bytes] ##########

[Rudy]

Dejte nový log FRST.

[rjesa]

Dobrý večer,

vkládám log a addition tx. Předem děkuji za pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2016 01
Ran by Rysak (administrator) on RYSAK-PC (19-06-2016 21:09:43)
Running from C:\Users\Rysak\Desktop
Loaded Profiles: Rysak (Available Profiles: Rysak)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\...\MountPoints2: {6e27f2df-8d17-11e5-b466-00269e59cfba} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3449996547-3212454148-2832534673-1000] => proxy.vscht.cz:3128
AutoConfigURL: [S-1-5-21-3449996547-3212454148-2832534673-1000] => proxy.vscht.cz:3128
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2C52957C-FEA8-437C-B6D4-2C05DDF564A7}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{69F5E04F-FC7B-4503-BFBD-758A38EF8DAF}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-08]
CHR Extension: (Dokumenty Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-08]
CHR Extension: (Disk Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Vyhledávání Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tabulky Google) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Rysak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-19 21:08 - 2016-06-19 21:08 - 00000000 ____D C:\Users\Rysak\Desktop\FRST-OlderVersion
2016-06-17 23:56 - 2016-06-18 00:01 - 00000000 ____D C:\AdwCleaner
2016-06-17 23:55 - 2016-06-17 23:55 - 03703360 _____ C:\Users\Rysak\Desktop\adwcleaner_5.200.exe
2016-06-17 11:21 - 2016-06-17 11:21 - 00008014 _____ C:\Users\Rysak\Desktop\Addition.txt
2016-06-17 11:19 - 2016-06-19 21:10 - 00005560 _____ C:\Users\Rysak\Desktop\FRST.txt
2016-06-17 11:19 - 2016-06-19 21:09 - 00000000 ____D C:\FRST
2016-06-17 11:17 - 2016-06-17 11:17 - 00112640 _____ (forum.viry.cz) C:\Users\Rysak\Downloads\Nepotvrzeno 818065.crdownload
2016-06-17 11:16 - 2016-06-17 11:16 - 00112640 _____ (forum.viry.cz) C:\Users\Rysak\Downloads\Nepotvrzeno 484832.crdownload
2016-06-17 11:15 - 2016-06-17 11:15 - 01737216 _____ (Farbar) C:\Users\Rysak\Downloads\FRST.exe
2016-06-17 11:14 - 2016-06-19 21:08 - 01738240 _____ (Farbar) C:\Users\Rysak\Desktop\FRST.exe
2016-06-17 10:46 - 2016-06-17 10:46 - 00057153 _____ C:\Users\Rysak\Downloads\Faktura 1605220074.pdf
2016-06-15 22:40 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 22:40 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 22:40 - 2016-05-21 00:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 22:40 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 22:40 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 22:40 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 22:40 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 22:40 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 22:40 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 22:40 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 22:40 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 22:40 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 22:40 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 22:40 - 2016-05-20 23:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 22:40 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 22:40 - 2016-05-20 23:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 22:40 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 22:40 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 22:40 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 22:40 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 22:40 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 22:40 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 22:40 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 22:40 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 22:40 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 22:40 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 22:40 - 2016-05-20 23:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 22:40 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 22:40 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 22:40 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 22:40 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 22:40 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 22:40 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 22:40 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 22:40 - 2016-05-13 23:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 22:40 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 22:40 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 22:40 - 2016-05-12 17:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 22:40 - 2016-05-12 17:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 22:40 - 2016-05-12 17:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 22:40 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 22:40 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 22:40 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 22:40 - 2016-05-12 16:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 22:40 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 22:40 - 2016-05-12 16:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 22:40 - 2016-05-12 16:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 22:40 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 22:40 - 2016-05-12 16:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 22:40 - 2016-05-12 16:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 22:40 - 2016-05-12 15:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 22:40 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 22:40 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 22:40 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 22:40 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 22:40 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 22:40 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 22:40 - 2016-05-11 16:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 22:39 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 22:39 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 22:39 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 22:39 - 2016-05-18 18:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-09 22:37 - 2016-06-09 22:37 - 00336482 _____ C:\Users\Rysak\Downloads\pozvánka_národní_setkání_2016 (1).pdf
2016-06-09 22:31 - 2016-06-09 22:31 - 00336482 _____ C:\Users\Rysak\Downloads\pozvánka_národní_setkání_2016.pdf
2016-06-09 22:31 - 2016-06-09 22:31 - 00212256 _____ C:\Users\Rysak\Downloads\MO_10000237350400.pdf
2016-06-09 22:31 - 2016-06-09 22:31 - 00203988 _____ C:\Users\Rysak\Downloads\PRE_100012065248.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-19 21:06 - 2015-08-12 10:31 - 00000000 ____D C:\Users\Rysak\AppData\Roaming\Skype
2016-06-19 21:06 - 2015-08-08 14:04 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-19 21:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-18 11:31 - 2009-07-14 06:34 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-18 11:31 - 2009-07-14 06:34 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-18 11:29 - 2010-11-20 23:01 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-18 11:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-06-18 01:42 - 2015-08-08 14:04 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-18 00:45 - 2015-08-08 14:06 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 00:45 - 2015-08-08 14:06 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 10:21 - 2009-07-14 06:33 - 00285032 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-13 19:31 - 2015-09-07 23:47 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-07 21:47 - 2015-08-07 11:35 - 00000000 ____D C:\Users\Rysak
2016-05-23 23:38 - 2015-11-04 20:38 - 00192000 ___SH C:\Users\Rysak\Documents\Thumbs.db
2016-05-21 08:53 - 2016-05-16 20:08 - 00000000 ____D C:\Users\Rysak\Desktop\LS2016

Some files in TEMP:
====================
C:\Users\Rysak\AppData\Local\Temp\atcMedia2021453845093.exe
C:\Users\Rysak\AppData\Local\Temp\atcMedia2811441776230.exe
C:\Users\Rysak\AppData\Local\Temp\libeay32.dll
C:\Users\Rysak\AppData\Local\Temp\msvcr120.dll
C:\Users\Rysak\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-07 19:59

==================== End of FRST.txt ============================





Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2016 01
Ran by Rysak (2016-06-19 21:11:16)
Running from C:\Users\Rysak\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2015-08-07 09:35:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3449996547-3212454148-2832534673-500 - Administrator - Disabled)
Guest (S-1-5-21-3449996547-3212454148-2832534673-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3449996547-3212454148-2832534673-1002 - Limited - Enabled)
Rysak (S-1-5-21-3449996547-3212454148-2832534673-1000 - Administrator - Enabled) => C:\Users\Rysak

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.0) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
aTube Catcher verze 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
Celtx (2.9.7) (HKLM\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
Convert WAV To MP3 1.0 (HKLM\...\Convert WAV To MP3_is1) (Version: - A Software Plus)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{1E0AF527-0B8E-4F8A-BA27-CB3C359998C6}) (Version: 3.41.9593 - Apache Software Foundation)
Skype™ 5.9 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.9.123 - Skype Technologies S.A.)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {64679741-1ABB-46D0-8597-4F254D5291E4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3449996547-3212454148-2832534673-1000
Task: {8517D16C-F7FD-45C1-A527-596A1ACC9C43} - System32\Tasks\{D8BBB2C9-CAEB-4AF1-9CAC-FB49C7A9D183} => pcalua.exe -a "D:\stary disk\Programy\Adobe-Acrobat-Reader-10.10-CZ.exe" -d "D:\stary disk\Programy"
Task: {9ACC636F-4CB1-4D6B-A1E0-69107D00F4FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {DC0C1276-406A-438B-AE18-5305158CC2DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-12 10:39 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rysak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CDFA973A-E858-41A5-8ED7-420EB21493EB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CEF2F9AD-11FB-4DC9-94FA-735016C79BA0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-04-2016 23:38:23 Scheduled Checkpoint
27-04-2016 23:50:24 Windows Update
03-05-2016 22:58:29 Windows Update
11-05-2016 21:19:16 Windows Update
16-05-2016 21:32:44 Windows Update
18-05-2016 03:00:11 Windows Update
21-05-2016 08:33:22 Windows Update
07-06-2016 20:06:09 Scheduled Checkpoint
07-06-2016 21:51:55 Windows Update
12-06-2016 22:34:36 Windows Update
16-06-2016 05:51:55 Windows Update

==================== Faulty Device Manager Devices =============

Name: Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2016 09:07:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2016 11:25:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2016 12:03:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2016 11:48:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2016 10:23:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2016 09:43:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/13/2016 08:43:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/13/2016 06:43:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2016 10:31:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2016 11:44:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/19/2016 09:06:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/18/2016 11:23:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/18/2016 11:23:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:56:55 on ‎18.‎6.‎2016 was unexpected.

Error: (06/18/2016 12:01:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/18/2016 12:01:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/18/2016 12:01:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/18/2016 12:01:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/18/2016 12:01:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2016 12:01:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/17/2016 11:46:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Percentage of memory in use: 52%
Total physical RAM: 2035.95 MB
Available physical RAM: 975.28 MB
Total Virtual: 4071.91 MB
Available Virtual: 3094.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:70.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3E6E555A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\...\MountPoints2: {6e27f2df-8d17-11e5-b466-00269e59cfba} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Rysak\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[rjesa]

Vkládám:

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-06-2016 01
Ran by Rysak (2016-06-19 22:08:41) Run:1
Running from C:\Users\Rysak\Desktop
Loaded Profiles: Rysak (Available Profiles: Rysak)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\...\MountPoints2: {6e27f2df-8d17-11e5-b466-00269e59cfba} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Rysak\AppData\Local\Temp
End
*****************

"HKU\S-1-5-21-3449996547-3212454148-2832534673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e27f2df-8d17-11e5-b466-00269e59cfba}" => key removed successfully.
HKCR\CLSID\{6e27f2df-8d17-11e5-b466-00269e59cfba} => key not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

"C:\Users\Rysak\AppData\Local\Temp" folder move:

Could not move "C:\Users\Rysak\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-06-19 22:09:36)

C:\Users\Rysak\AppData\Local\Temp => moved successfully

==== End of Fixlog 22:09:36 ====

[Rudy]

Smazáno. Log by již měl být OK.

[rjesa]

dekuju moc. Jen se zeptam - co to bylo za havet?Mohla mit na svedomi proniknuti do emailu? Dekuju moc za pomoc a preji pekny zbytek nedele.

Rjesa

[Rudy]

Havěť vcelku žádná, jen zbytečnosti a 1 AdWare. Nebylo by od věci provést ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.

[rjesa]

Vkládám log z malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20.6.2016
Čas skenování: 23:05
Protokol: malwarebytes.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.06.20.07
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Rysak

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 241688
Uplynulý čas: 6 min, 39 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

[Rudy]

Log není kompletní, nicméně v této části není problém.