Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o pomoc s odhalením nákazy

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
TemnyProrok
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 09 úno 2013 18:55

Prosím o pomoc s odhalením nákazy

#1 Příspěvek od TemnyProrok »

Zdravím. Již si nevím rady. Pouštěl jsem pár programů a žádný nic nenašel, ale vzhledem k faktu, že na mne na jednom místě vyskakuje něco, co by tam nemělo vyskakovat si myslím, že mi tu hnije nějaká mrcha. (Konkrétně v SPAGUI mi vyskočí přiložená stránka místo XML které potřebuji zobrazit - stránka je uhnízděna v tempu IE a nejde smazat)

Chtěl jsem sem vložit log z RSIT, ale ten mi po chvilce padne na chybu: Error: Subscript used with non-Array variable.

Tak jsem chtěl poprosit o radu, jaké jiné logovátko sem mám vložit.
Přílohy
obsah_stranky.zip
(1.62 KiB) Staženo 27 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odhalením nákazy

#2 Příspěvek od Rudy »

Zdravím!
Stáhněte FRST: http://vyosek.ic.cz/pro_usery/FRSTLauncher.exe a uložte na plochu. Spusťte a klikněte na >Scan<. Po skončení skenu se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
TemnyProrok
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 09 úno 2013 18:55

Re: Prosím o pomoc s odhalením nákazy

#3 Příspěvek od TemnyProrok »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by CCN-Krecek (administrator) on CCN-KRECEK-PC on 12-09-2013 19:42:24
Running from C:\Users\CCN-Krecek\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NTWind Software) C:\Program Files\VistaSwitcher\vswitch64.exe
(Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SAP AG) C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2814760 2011-07-15] (Synaptics Incorporated)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-07-13] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\SYSTEM32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2010-12-16] (Lenovo Group Limited)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Endpoint Security\egui.exe [4133072 2012-07-04] (ESET)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [VistaSwitcher] - C:\Program Files\VistaSwitcher\vswitch64.exe [230408 2010-11-24] (NTWind Software)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [SkyDrive] - C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6001448 2013-03-18] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2012-05-27] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Bonus.SSR.FR11] - C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [926472 2012-05-26] (ABBYY.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [156000 2012-05-16] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [156000 2012-05-16] (Lenovo)
HKU\Zachrana\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
HKU\Zachrana\...\RunOnce: [*NPE] - C:\Users\Zachrana\Downloads\NPE.exe [2994168 2013-05-04] (Symantec Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina
Startup: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 ()
Startup: C:\ProgramData\ABBYY ()
Startup: C:\ProgramData\Adobe ()
Startup: C:\ProgramData\Altova ()
Startup: C:\ProgramData\Apple ()
Startup: C:\ProgramData\Apple Computer ()
Startup: C:\ProgramData\Application Data ()
Startup: C:\ProgramData\ashampoo ()
Startup: C:\ProgramData\Binarysense ()
Startup: C:\ProgramData\Common Files ()
Startup: C:\ProgramData\CyberLink ()
Startup: C:\ProgramData\Data aplikací ()
Startup: C:\ProgramData\Desktop ()
Startup: C:\ProgramData\Documents ()
Startup: C:\ProgramData\Dokumenty ()
Startup: C:\ProgramData\EasternGraphics ()
Startup: C:\ProgramData\ESET ()
Startup: C:\ProgramData\ESTsoft ()
Startup: C:\ProgramData\Favorites ()
Startup: C:\ProgramData\FLEXnet ()
Startup: C:\ProgramData\Installations ()
Startup: C:\ProgramData\install_clap ()
Startup: C:\ProgramData\Intel ()
Startup: C:\ProgramData\Intel.sav ()
Startup: C:\ProgramData\Lenovo ()
Startup: C:\ProgramData\M-Photo ()
Startup: C:\ProgramData\Macrovision ()
Startup: C:\ProgramData\Malwarebytes ()
Startup: C:\ProgramData\Malwarebytes' Anti-Malware (portable) ()
Startup: C:\ProgramData\McAfee ()
Startup: C:\ProgramData\MediaMonkey ()
Startup: C:\ProgramData\MFAData ()
Startup: C:\ProgramData\Microsoft ()
Startup: C:\ProgramData\Microsoft Help ()
Startup: C:\ProgramData\Microsoft SkyDrive ()
Startup: C:\ProgramData\Mozilla ()
Startup: C:\ProgramData\Nabídka Start ()
Startup: C:\ProgramData\Nokia ()
Startup: C:\ProgramData\NokiaInstallerCache ()
Startup: C:\ProgramData\Norton ()
Startup: C:\ProgramData\Nuance ()
Startup: C:\ProgramData\Oblíbené položky ()
Startup: C:\ProgramData\Package Cache ()
Startup: C:\ProgramData\PC Suite ()
Startup: C:\ProgramData\Plocha ()
Startup: C:\ProgramData\regid.1986-12.com.adobe ()
Startup: C:\ProgramData\Roaming ()
Startup: C:\ProgramData\ScanSoft ()
Startup: C:\ProgramData\Skype ()
Startup: C:\ProgramData\Spybot - Search & Destroy ()
Startup: C:\ProgramData\Start Menu ()
Startup: C:\ProgramData\Sun ()
Startup: C:\ProgramData\TEMP ()
Startup: C:\ProgramData\Templates ()
Startup: C:\ProgramData\VMware ()
Startup: C:\ProgramData\YTD Video Downloader ()
Startup: C:\ProgramData\Zoner ()
Startup: C:\ProgramData\{51D21DF0-7A7B-4F10-966B-5B2AACEF048A} ()
Startup: C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} ()
Startup: C:\ProgramData\{F2BDB765-7535-41FF-938D-3B8BECD92CEE} ()
Startup: C:\ProgramData\Šablony ()
Startup: C:\Users\CCN-Krecek\.android ()
Startup: C:\Users\CCN-Krecek\001_SAP_Program_Docházka_2013_2.pol.xls ()
Startup: C:\Users\CCN-Krecek\10_11_pneumatiky.pdf ()
Startup: C:\Users\CCN-Krecek\20014219.txt ()
Startup: C:\Users\CCN-Krecek\240582.txt ()
Startup: C:\Users\CCN-Krecek\4eba22dff2e40.jpg ()
Startup: C:\Users\CCN-Krecek\87_3_ba_CZ_SLO_SK.pdf ()
Startup: C:\Users\CCN-Krecek\aj.docx ()
Startup: C:\Users\CCN-Krecek\anon.jpg ()
Startup: C:\Users\CCN-Krecek\AppData ()
Startup: C:\Users\CCN-Krecek\Application Data ()
Startup: C:\Users\CCN-Krecek\AR (2).xlsx ()
Startup: C:\Users\CCN-Krecek\AshampooHomeDesignerPro101_upd.zip ()
Startup: C:\Users\CCN-Krecek\AutoKelly_home.jpg ()
Startup: C:\Users\CCN-Krecek\Bez názvu.png ()
Startup: C:\Users\CCN-Krecek\chase-tv-series-everybody-lies-dr-house-free-836312.jpg ()
Startup: C:\Users\CCN-Krecek\CoachingReport.pdf ()
Startup: C:\Users\CCN-Krecek\com_sh404sef2_2.4.6.1033.zip ()
Startup: C:\Users\CCN-Krecek\config ()
Startup: C:\Users\CCN-Krecek\Contacts ()
Startup: C:\Users\CCN-Krecek\CP 001.jpg ()
Startup: C:\Users\CCN-Krecek\CsS-Machine-Tools-Final (1).pdf ()
Startup: C:\Users\CCN-Krecek\Data aplikací ()
Startup: C:\Users\CCN-Krecek\data.txt ()
Startup: C:\Users\CCN-Krecek\DATART.txt ()
Startup: C:\Users\CCN-Krecek\default-soapui-workspace.xml ()
Startup: C:\Users\CCN-Krecek\Desktop ()
Startup: C:\Users\CCN-Krecek\Diabetes mellitus.docx ()
Startup: C:\Users\CCN-Krecek\Diabetes Mellitus.pptx ()
Startup: C:\Users\CCN-Krecek\Documents ()
Startup: C:\Users\CCN-Krecek\Dokumenty ()
Startup: C:\Users\CCN-Krecek\dotazník Písecko.doc ()
Startup: C:\Users\CCN-Krecek\Downloads ()
Startup: C:\Users\CCN-Krecek\DTEST 2012-02 - pracky.pdf ()
Startup: C:\Users\CCN-Krecek\dTest 5_2012.pdf ()
Startup: C:\Users\CCN-Krecek\EasternGraphics ()
Startup: C:\Users\CCN-Krecek\ESR ()
Startup: C:\Users\CCN-Krecek\Faktura.png ()
Startup: C:\Users\CCN-Krecek\Favorites ()
Startup: C:\Users\CCN-Krecek\Fromm.docx ()
Startup: C:\Users\CCN-Krecek\hypo 001.jpg ()
Startup: C:\Users\CCN-Krecek\I have some worth.docx ()
Startup: C:\Users\CCN-Krecek\IF_BP_CREATE_NEW_03-soapui-project.xml ()
Startup: C:\Users\CCN-Krecek\images ()
Startup: C:\Users\CCN-Krecek\images.zip ()
Startup: C:\Users\CCN-Krecek\inner light.pdf ()
Startup: C:\Users\CCN-Krecek\inzeraty (2).csv ()
Startup: C:\Users\CCN-Krecek\inzeraty.csv ()
Startup: C:\Users\CCN-Krecek\ITIL Version 3.pdf ()
Startup: C:\Users\CCN-Krecek\jatc_mers_j25.zip ()
Startup: C:\Users\CCN-Krecek\jeff .xlsx ()
Startup: C:\Users\CCN-Krecek\jeff.pdf ()
Startup: C:\Users\CCN-Krecek\jindra.rar ()
Startup: C:\Users\CCN-Krecek\Kindle_Users_Guide.azw ()
Startup: C:\Users\CCN-Krecek\Kindle_Users_Guide.mbp ()
Startup: C:\Users\CCN-Krecek\Kopie - D_001_SAP_Program_Docházka_2012_1.pol.xls ()
Startup: C:\Users\CCN-Krecek\krev 001.jpg ()
Startup: C:\Users\CCN-Krecek\Křeček_J_20120927_15361.jpg ()
Startup: C:\Users\CCN-Krecek\Links ()
Startup: C:\Users\CCN-Krecek\Local Settings ()
Startup: C:\Users\CCN-Krecek\MR RTW ()
Startup: C:\Users\CCN-Krecek\Music ()
Startup: C:\Users\CCN-Krecek\NabidkaEko-Soft.docx ()
Startup: C:\Users\CCN-Krecek\Nabídka Start ()
Startup: C:\Users\CCN-Krecek\Novy2.html ()
Startup: C:\Users\CCN-Krecek\ntuser.dat ()
Startup: C:\Users\CCN-Krecek\ntuser.dat.LOG1 ()
Startup: C:\Users\CCN-Krecek\ntuser.dat.LOG2 ()
Startup: C:\Users\CCN-Krecek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
Startup: C:\Users\CCN-Krecek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\CCN-Krecek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\CCN-Krecek\ntuser.dat{acb7cae2-fa18-11e0-91ba-d6f318a6ae4f}.TM.blf ()
Startup: C:\Users\CCN-Krecek\ntuser.dat{acb7cae2-fa18-11e0-91ba-d6f318a6ae4f}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\CCN-Krecek\ntuser.dat{acb7cae2-fa18-11e0-91ba-d6f318a6ae4f}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\CCN-Krecek\ntuser.ini ()
Startup: C:\Users\CCN-Krecek\Okolní síť ()
Startup: C:\Users\CCN-Krecek\Okolní tiskárny ()
Startup: C:\Users\CCN-Krecek\out.pdf ()
Startup: C:\Users\CCN-Krecek\Oxford_Dictionary_of_English.azw ()
Startup: C:\Users\CCN-Krecek\Pictures ()
Startup: C:\Users\CCN-Krecek\Poslední ()
Startup: C:\Users\CCN-Krecek\PZ0XX_SAP_2012_Uprava_rozhrani_AEO_Data_zařazení_EAFRD_APA_PRO02B.docx ()
Startup: C:\Users\CCN-Krecek\PZXXX_SAP_2012_Nová_rozhraní_chmelnice.docx ()
Startup: C:\Users\CCN-Krecek\Přehled.xlsx ()
Startup: C:\Users\CCN-Krecek\radek.png ()
Startup: C:\Users\CCN-Krecek\Raut__-_Svatba_Křeček1.xls ()
Startup: C:\Users\CCN-Krecek\ResultPaper.pdf ()
Startup: C:\Users\CCN-Krecek\Roaming ()
Startup: C:\Users\CCN-Krecek\Role dětské sestry.docx ()
Startup: C:\Users\CCN-Krecek\sacharidove vlny-ironman.pdf ()
Startup: C:\Users\CCN-Krecek\Saved Games ()
Startup: C:\Users\CCN-Krecek\Searches ()
Startup: C:\Users\CCN-Krecek\SendTo ()
Startup: C:\Users\CCN-Krecek\service-invoice-2012 (2).pdf ()
Startup: C:\Users\CCN-Krecek\service-invoice-2012 (2).xlsx ()
Startup: C:\Users\CCN-Krecek\service-invoice-2012.pdf ()
Startup: C:\Users\CCN-Krecek\service-invoice-2012.xlsx ()
Startup: C:\Users\CCN-Krecek\service-invoice-2012_2.pdf ()
Startup: C:\Users\CCN-Krecek\Sešit1 (2).xlsx ()
Startup: C:\Users\CCN-Krecek\Sešit1.xlsx ()
Startup: C:\Users\CCN-Krecek\Sigma PC 25.10 navod.pdf ()
Startup: C:\Users\CCN-Krecek\Sigma_PC 25_10.pdf ()
Startup: C:\Users\CCN-Krecek\skutry ()
Startup: C:\Users\CCN-Krecek\SkyDrive ()
Startup: C:\Users\CCN-Krecek\smlouva-o-podnajmu.rtf ()
Startup: C:\Users\CCN-Krecek\soapui-settings.xml ()
Startup: C:\Users\CCN-Krecek\soapUI-Tutorials ()
Startup: C:\Users\CCN-Krecek\Soubory cookie ()
Startup: C:\Users\CCN-Krecek\Stephen Hawking Collection.zip ()
Startup: C:\Users\CCN-Krecek\SVATBA ()
Startup: C:\Users\CCN-Krecek\SVJ 001.jpg ()
Startup: C:\Users\CCN-Krecek\test-zimnich-pneumatik-2012.pdf ()
Startup: C:\Users\CCN-Krecek\The_New_Oxford_American_Dictionary.azw ()
Startup: C:\Users\CCN-Krecek\The_New_Oxford_American_Dictionary.mbp ()
Startup: C:\Users\CCN-Krecek\Thumbs.db ()
Startup: C:\Users\CCN-Krecek\tmp5F951.xlsx ()
Startup: C:\Users\CCN-Krecek\Videos ()
Startup: C:\Users\CCN-Krecek\Voucher_a_invia.png ()
Startup: C:\Users\CCN-Krecek\widgetkit – kopie.css ()
Startup: C:\Users\CCN-Krecek\xxx.txt ()
Startup: C:\Users\CCN-Krecek\xxxxxxxx.txt ()
Startup: C:\Users\CCN-Krecek\Zrcka.txt ()
Startup: C:\Users\CCN-Krecek\_php.txt ()
Startup: C:\Users\CCN-Krecek\ájendří.txt ()
Startup: C:\Users\CCN-Krecek\Šablony ()
Startup: C:\Users\Default\AppData ()
Startup: C:\Users\Default\Application Data ()
Startup: C:\Users\Default\Cookies ()
Startup: C:\Users\Default\Data aplikací ()
Startup: C:\Users\Default\Desktop ()
Startup: C:\Users\Default\Documents ()
Startup: C:\Users\Default\Dokumenty ()
Startup: C:\Users\Default\Downloads ()
Startup: C:\Users\Default\Favorites ()
Startup: C:\Users\Default\Links ()
Startup: C:\Users\Default\Local Settings ()
Startup: C:\Users\Default\Music ()
Startup: C:\Users\Default\My Documents ()
Startup: C:\Users\Default\Nabídka Start ()
Startup: C:\Users\Default\NetHood ()
Startup: C:\Users\Default\NTUSER.DAT ()
Startup: C:\Users\Default\NTUSER.DAT.LOG ()
Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Default\Okolní síť ()
Startup: C:\Users\Default\Okolní tiskárny ()
Startup: C:\Users\Default\Pictures ()
Startup: C:\Users\Default\Poslední ()
Startup: C:\Users\Default\PrintHood ()
Startup: C:\Users\Default\Recent ()
Startup: C:\Users\Default\Roaming ()
Startup: C:\Users\Default\Saved Games ()
Startup: C:\Users\Default\SendTo ()
Startup: C:\Users\Default\Soubory cookie ()
Startup: C:\Users\Default\Start Menu ()
Startup: C:\Users\Default\Templates ()
Startup: C:\Users\Default\Videos ()
Startup: C:\Users\Default\Šablony ()
Startup: C:\Users\LogMeInRemoteUser\AppData ()
Startup: C:\Users\LogMeInRemoteUser\Data aplikací ()
Startup: C:\Users\LogMeInRemoteUser\Desktop ()
Startup: C:\Users\LogMeInRemoteUser\Documents ()
Startup: C:\Users\LogMeInRemoteUser\Dokumenty ()
Startup: C:\Users\LogMeInRemoteUser\Downloads ()
Startup: C:\Users\LogMeInRemoteUser\Favorites ()
Startup: C:\Users\LogMeInRemoteUser\Links ()
Startup: C:\Users\LogMeInRemoteUser\Local Settings ()
Startup: C:\Users\LogMeInRemoteUser\Music ()
Startup: C:\Users\LogMeInRemoteUser\Nabídka Start ()
Startup: C:\Users\LogMeInRemoteUser\ntuser.dat ()
Startup: C:\Users\LogMeInRemoteUser\ntuser.dat.LOG1 ()
Startup: C:\Users\LogMeInRemoteUser\ntuser.dat.LOG2 ()
Startup: C:\Users\LogMeInRemoteUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
Startup: C:\Users\LogMeInRemoteUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\LogMeInRemoteUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\LogMeInRemoteUser\ntuser.ini ()
Startup: C:\Users\LogMeInRemoteUser\Okolní síť ()
Startup: C:\Users\LogMeInRemoteUser\Okolní tiskárny ()
Startup: C:\Users\LogMeInRemoteUser\Pictures ()
Startup: C:\Users\LogMeInRemoteUser\Poslední ()
Startup: C:\Users\LogMeInRemoteUser\Roaming ()
Startup: C:\Users\LogMeInRemoteUser\Saved Games ()
Startup: C:\Users\LogMeInRemoteUser\SendTo ()
Startup: C:\Users\LogMeInRemoteUser\Soubory cookie ()
Startup: C:\Users\LogMeInRemoteUser\Videos ()
Startup: C:\Users\LogMeInRemoteUser\Šablony ()
Startup: C:\Users\Public\CyberLink ()
Startup: C:\Users\Public\Desktop ()
Startup: C:\Users\Public\Documents ()
Startup: C:\Users\Public\Downloads ()
Startup: C:\Users\Public\Favorites ()
Startup: C:\Users\Public\Lenovo ()
Startup: C:\Users\Public\Libraries ()
Startup: C:\Users\Public\Music ()
Startup: C:\Users\Public\Pictures ()
Startup: C:\Users\Public\Recorded TV ()
Startup: C:\Users\Public\Roaming ()
Startup: C:\Users\Public\Videos ()
Startup: C:\Users\Zachrana\AppData ()
Startup: C:\Users\Zachrana\Contacts ()
Startup: C:\Users\Zachrana\Data aplikací ()
Startup: C:\Users\Zachrana\Desktop ()
Startup: C:\Users\Zachrana\Documents ()
Startup: C:\Users\Zachrana\Dokumenty ()
Startup: C:\Users\Zachrana\Downloads ()
Startup: C:\Users\Zachrana\Favorites ()
Startup: C:\Users\Zachrana\Links ()
Startup: C:\Users\Zachrana\Local Settings ()
Startup: C:\Users\Zachrana\Music ()
Startup: C:\Users\Zachrana\Nabídka Start ()
Startup: C:\Users\Zachrana\NTUSER.DAT ()
Startup: C:\Users\Zachrana\ntuser.dat.LOG1 ()
Startup: C:\Users\Zachrana\ntuser.dat.LOG2 ()
Startup: C:\Users\Zachrana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
Startup: C:\Users\Zachrana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Zachrana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Zachrana\ntuser.ini ()
Startup: C:\Users\Zachrana\Okolní síť ()
Startup: C:\Users\Zachrana\Okolní tiskárny ()
Startup: C:\Users\Zachrana\Pictures ()
Startup: C:\Users\Zachrana\Poslední ()
Startup: C:\Users\Zachrana\Roaming ()
Startup: C:\Users\Zachrana\Saved Games ()
Startup: C:\Users\Zachrana\Searches ()
Startup: C:\Users\Zachrana\SendTo ()
Startup: C:\Users\Zachrana\Soubory cookie ()
Startup: C:\Users\Zachrana\Videos ()
Startup: C:\Users\Zachrana\Šablony ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: fw.blanik.szif.cz:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Len ... etect2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1972DE22-7954-4DF3-97CE-052FE47E0183}: [NameServer]160.218.167.5 160.218.161.60
Tcpip\..\Interfaces\{E2A26D36-5DA0-41F0-A8B3-7DAAE7FC72EA}: [NameServer]10.0.0.37,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\CCN-Krecek\AppData\Roaming\Mozilla\Firefox\Profiles\vwnjvxj0.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\CCN-Krecek\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\CCN-Krecek\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\CCN-Krecek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Cooliris - C:\Users\CCN-Krecek\AppData\Roaming\Mozilla\Firefox\Profiles\vwnjvxj0.default\Extensions\piclens@cooliris.com
FF Extension: Page Speed - C:\Users\CCN-Krecek\AppData\Roaming\Mozilla\Firefox\Profiles\vwnjvxj0.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF Extension: extension - C:\Users\CCN-Krecek\AppData\Roaming\Mozilla\Firefox\Profiles\vwnjvxj0.default\Extensions\extension@hidemyass.com.xpi
FF Extension: firebug - C:\Users\CCN-Krecek\AppData\Roaming\Mozilla\Firefox\Profiles\vwnjvxj0.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: useragentrg - C:\Users\CCN-Krecek\AppData\Roaming\Mozilla\Firefox\Profiles\vwnjvxj0.default\Extensions\useragentrg@mozilla.org.xpi
FF Extension: No Name - C:\Users\CCN-Krecek\AppData\Roaming\Mozilla\Firefox\Profiles\vwnjvxj0.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\CCN-Krecek\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\CCN-Krecek\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\CCN-Krecek\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\CCN-Krecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\CCN-Krecek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\CCN-Krecek\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (myPlex Queue Extension) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil\1.2_0
CHR Extension: (Easy proxies) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aofelkajjcfifbefkcankkpkjlkapopf\1.0.0_0
CHR Extension: (Google Drive) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Webpage Screenshot Capture) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.1_0
CHR Extension: (Google Calendar) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (Plex) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm\1.2.14_0
CHR Extension: (Google Keep) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\0.1.13364.902_0
CHR Extension: (Skype Click to Call) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Google Maps) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (Quick Note) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (SEO for Chrome) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0
CHR Extension: (Outlook.com) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0
CHR Extension: (Gmail) - C:\Users\CCN-KR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\CCN-Krecek\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-03-18] (Lenovo.)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe [35720 2012-07-04] (ESET)
S2 eins3156; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe [999704 2012-07-04] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [190208 2012-07-04] (ESET)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [186488 2013-07-16] (SAP AG)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-07-01] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [443240 2012-05-27] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [594984 2011-04-07] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
S2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [34840 2013-07-11] (Connectify)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-07-10] (ESET)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-23] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-23] (Ericsson AB)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [152136 2012-03-29] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [194848 2012-03-29] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2012-03-29] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63008 2012-03-29] (ESET)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-02-28] (Ericsson AB)
S3 Mass_Storage_Filter; C:\Windows\System32\DRIVERS\Mass_Storage_Filter.sys [13336 2012-07-23] ()
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-13] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-13] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-13] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-13] (MCCI Corporation)
S3 NSNDIS5; C:\Windows\SysWow64\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2012-05-11] (Scott)
S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [25088 2010-05-07] (Windows (R) Win 7 DDK provider)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [286248 2011-04-06] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [179920 2012-07-10] (ESET)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
S4 LMIRfsClientNP; No ImagePath
S0 neavpcbr; system32\drivers\jtfyql.sys [x]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [x]
S3 slicedisk.sys; \??\C:\Windows\system32\slicedisk.sys [x]
S2 smihlp; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 19:42 - 2013-09-12 19:42 - 00000000 ____D C:\FRST
2013-09-12 19:41 - 2013-09-12 19:41 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Local\qb01DA66.26
2013-09-12 19:41 - 2013-09-11 22:34 - 01949642 _____ (Farbar) C:\Users\CCN-Krecek\Desktop\FRST64.exe
2013-09-12 14:09 - 2013-06-06 08:24 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2013-09-12 13:58 - 2013-09-12 13:58 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\ware
2013-09-12 12:34 - 2013-09-12 12:34 - 00001654 _____ C:\Users\CCN-Krecek\Desktop\obsah_stranky.zip
2013-09-12 12:28 - 2013-09-12 12:28 - 00003366 _____ C:\Users\CCN-Krecek\Desktop\obsah_stranky.xxx
2013-09-12 12:03 - 2013-09-12 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-12 12:03 - 2013-09-12 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-12 12:00 - 2013-09-12 12:00 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\xtest
2013-09-12 11:47 - 2013-09-12 11:50 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\hm
2013-09-12 11:41 - 2013-09-12 19:39 - 00000224 _____ C:\Windows\setupact.log
2013-09-12 11:39 - 2013-09-12 11:40 - 00000000 ____D C:\AdwCleaner
2013-09-12 11:19 - 2013-09-12 11:19 - 00000000 ____D C:\Users\CCN-Krecek\Documents\ProcAlyzer Dumps
2013-09-12 06:04 - 2013-09-12 19:40 - 00004258 _____ C:\Windows\WindowsUpdate.log
2013-09-12 06:01 - 2013-09-12 06:01 - 00000000 _____ C:\Windows\setuperr.log
2013-09-11 21:49 - 2013-09-11 21:49 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\CCN-Krecek\Downloads\tdsskiller.exe
2013-09-11 21:40 - 2013-09-11 21:43 - 00017360 _____ C:\Users\CCN-Krecek\Documents\hijackthis.log
2013-09-11 15:31 - 2013-09-11 15:31 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2013-09-11 15:31 - 2013-09-11 15:31 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-09-11 12:33 - 2013-09-11 12:33 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\KUPONS
2013-09-06 07:51 - 2013-09-09 13:29 - 00104818 _____ C:\Users\CCN-Krecek\Desktop\Kable.xlsx
2013-09-04 12:54 - 2013-09-04 12:54 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enterprise Services Repository
2013-09-03 20:03 - 2013-09-04 22:39 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\BRTOŠ
2013-09-03 10:49 - 2013-09-03 20:51 - 00000345 _____ C:\Users\CCN-Krecek\Desktop\20130902 - web lucie.txt
2013-09-02 13:08 - 2013-09-02 13:08 - 00000369 _____ C:\Users\CCN-Krecek\Downloads\max_cpc_polozky.csv
2013-09-01 18:38 - 2013-09-01 18:41 - 1741031062 _____ C:\Users\CCN-Krecek\images.zip
2013-09-01 14:35 - 2013-09-01 14:38 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\volvik
2013-08-28 16:51 - 2013-08-28 16:51 - 00002513 _____ C:\Users\CCN-Krecek\Desktop\_div class=_content clearfix_.txt
2013-08-25 14:13 - 2013-08-25 14:13 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\C4B
2013-08-21 12:21 - 2013-08-21 12:21 - 12542358 _____ C:\Users\CCN-Krecek\Desktop\xx.XML
2013-08-19 16:43 - 2013-08-19 21:11 - 00000000 ____D C:\Users\CCN-Krecek\images
2013-08-17 17:19 - 2013-08-18 08:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 11:50 - 2013-07-19 12:01 - 05313536 _____ (SAP AG) C:\Windows\SysWOW64\librfc32u.dll
2013-08-15 11:48 - 2012-06-20 10:27 - 08847360 _____ (IBM Corporation and others) C:\Windows\SysWOW64\icudt34.dll
2013-08-15 11:48 - 2012-06-20 10:27 - 00946176 _____ (IBM Corporation and others) C:\Windows\SysWOW64\icuuc34.dll
2013-08-15 11:48 - 2012-06-20 10:27 - 00843776 _____ (IBM Corporation and others) C:\Windows\SysWOW64\icuin34.dll
2013-08-15 11:48 - 2011-11-23 03:19 - 00001818 _____ C:\Windows\SysWOW64\icu_license.txt
2013-08-15 11:47 - 2013-07-19 13:41 - 01722432 _____ (SAP, Walldorf) C:\Windows\SysWOW64\SAPbtmp.dll
2013-08-15 11:47 - 2013-07-19 12:01 - 04394496 _____ (SAP AG) C:\Windows\SysWOW64\librfc32.dll
2013-08-15 11:47 - 2011-11-23 03:23 - 01064960 _____ C:\Windows\SysWOW64\h5krnl32.dll
2013-08-15 11:47 - 2011-11-23 03:23 - 00188928 _____ C:\Windows\SysWOW64\h5icon32.dll
2013-08-15 11:47 - 2011-11-23 03:23 - 00175616 _____ C:\Windows\SysWOW64\h5menu32.dll
2013-08-15 11:47 - 2011-11-23 03:23 - 00114688 _____ (heilerSoftware) C:\Windows\SysWOW64\h5dlg32.dll
2013-08-15 11:47 - 2011-11-23 03:23 - 00095744 _____ C:\Windows\SysWOW64\h5rtf32.dll
2013-08-15 11:47 - 2011-11-23 03:23 - 00051200 _____ C:\Windows\SysWOW64\h5tool32.dll
2013-08-15 11:47 - 1995-05-19 08:15 - 00133904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcans32.dll
2013-08-13 13:04 - 2013-08-13 15:50 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\Pellets

==================== One Month Modified Files and Folders =======

2013-09-12 19:42 - 2013-09-12 19:42 - 00000000 ____D C:\FRST
2013-09-12 19:42 - 2011-09-09 11:35 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Skype
2013-09-12 19:41 - 2013-09-12 19:41 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Local\qb01DA66.26
2013-09-12 19:40 - 2013-09-12 06:04 - 00004258 _____ C:\Windows\WindowsUpdate.log
2013-09-12 19:40 - 2012-10-29 22:37 - 00000000 ___RD C:\Users\CCN-Krecek\SkyDrive
2013-09-12 19:39 - 2013-09-12 11:41 - 00000224 _____ C:\Windows\setupact.log
2013-09-12 19:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 15:38 - 2011-09-08 23:57 - 00000000 ____D C:\Users\CCN-Krecek\Documents\Soubory aplikace Outlook
2013-09-12 15:09 - 2012-04-04 18:33 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 13:58 - 2013-09-12 13:58 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\ware
2013-09-12 13:17 - 2009-07-14 06:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 13:17 - 2009-07-14 06:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 13:15 - 2011-04-12 10:34 - 00670928 _____ C:\Windows\system32\perfh005.dat
2013-09-12 13:15 - 2011-04-12 10:34 - 00142010 _____ C:\Windows\system32\perfc005.dat
2013-09-12 13:15 - 2009-07-14 07:13 - 01588714 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 13:12 - 2013-02-09 20:02 - 00000000 ____D C:\Program Files (x86)\trend micro
2013-09-12 13:00 - 2012-12-03 08:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-12 12:34 - 2013-09-12 12:34 - 00001654 _____ C:\Users\CCN-Krecek\Desktop\obsah_stranky.zip
2013-09-12 12:28 - 2013-09-12 12:28 - 00003366 _____ C:\Users\CCN-Krecek\Desktop\obsah_stranky.xxx
2013-09-12 12:16 - 2013-01-21 10:42 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\IN PROGRESS
2013-09-12 12:16 - 2012-05-29 09:52 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\CACHE
2013-09-12 12:13 - 2013-09-12 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-12 12:10 - 2011-12-29 12:23 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\uTorrent
2013-09-12 12:10 - 2011-12-27 12:37 - 00000000 ____D C:\Program Files (x86)\ABC Amber Palm Converter
2013-09-12 12:08 - 2011-09-09 11:14 - 00000000 ___RD C:\Users\CCN-Krecek\Desktop\Programy
2013-09-12 12:03 - 2013-09-12 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-12 12:00 - 2013-09-12 12:00 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\xtest
2013-09-12 11:50 - 2013-09-12 11:47 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\hm
2013-09-12 11:49 - 2013-02-09 20:02 - 00000000 ____D C:\Program Files\trend micro
2013-09-12 11:40 - 2013-09-12 11:39 - 00000000 ____D C:\AdwCleaner
2013-09-12 11:19 - 2013-09-12 11:19 - 00000000 ____D C:\Users\CCN-Krecek\Documents\ProcAlyzer Dumps
2013-09-12 11:18 - 2012-11-07 22:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-12 11:16 - 2012-01-06 10:21 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-12 06:11 - 2011-09-08 23:50 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Local\Adobe
2013-09-12 06:01 - 2013-09-12 06:01 - 00000000 _____ C:\Windows\setuperr.log
2013-09-11 22:34 - 2013-09-12 19:41 - 01949642 _____ (Farbar) C:\Users\CCN-Krecek\Desktop\FRST64.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\CCN-Krecek\Downloads\tdsskiller.exe
2013-09-11 21:43 - 2013-09-11 21:40 - 00017360 _____ C:\Users\CCN-Krecek\Documents\hijackthis.log
2013-09-11 21:14 - 2011-09-09 13:08 - 00002010 ____H C:\Users\CCN-Krecek\Documents\Default.rdp
2013-09-11 20:01 - 2011-09-08 22:40 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Adobe
2013-09-11 15:32 - 2011-09-12 13:54 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Media Player Classic
2013-09-11 15:31 - 2013-09-11 15:31 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2013-09-11 15:31 - 2013-09-11 15:31 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-09-11 14:57 - 2011-11-13 22:36 - 00352768 ___SH C:\Users\CCN-Krecek\Thumbs.db
2013-09-11 14:44 - 2011-10-27 08:32 - 00000000 ____D C:\Windows\Minidump
2013-09-11 13:51 - 2013-03-31 09:30 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\soutěže
2013-09-11 12:33 - 2013-09-11 12:33 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2013-09-11 12:33 - 2011-09-09 00:01 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-11 10:09 - 2012-04-04 18:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 10:09 - 2012-04-04 18:33 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 10:09 - 2011-09-08 22:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\KUPONS
2013-09-10 08:32 - 2011-09-06 21:28 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\ZÁPISY
2013-09-09 13:29 - 2013-09-06 07:51 - 00104818 _____ C:\Users\CCN-Krecek\Desktop\Kable.xlsx
2013-09-08 21:51 - 2013-07-06 13:03 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\VINN
2013-09-08 09:03 - 2011-09-23 09:27 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\Input
2013-09-08 08:45 - 2011-09-09 13:13 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\FileZilla
2013-09-08 08:33 - 2011-09-23 09:27 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\Output
2013-09-07 21:44 - 2013-08-11 20:31 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\alrc
2013-09-06 09:06 - 2012-04-09 09:13 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\MELOUCHY
2013-09-06 06:04 - 2009-07-14 06:45 - 04982880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-05 18:08 - 2011-09-08 22:41 - 00087936 _____ C:\Users\CCN-Krecek\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-04 22:39 - 2013-09-03 20:03 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\BRTOŠ
2013-09-04 15:09 - 2011-09-09 04:16 - 00000000 ____D C:\Users\CCN-Krecek
2013-09-04 12:54 - 2013-09-04 12:54 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enterprise Services Repository
2013-09-04 09:53 - 2013-05-04 09:08 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2013-09-04 09:53 - 2011-09-09 04:44 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-09-03 21:15 - 2013-01-06 21:20 - 00000132 _____ C:\Users\CCN-Krecek\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2013-09-03 20:51 - 2013-09-03 10:49 - 00000345 _____ C:\Users\CCN-Krecek\Desktop\20130902 - web lucie.txt
2013-09-03 10:21 - 2012-02-09 10:07 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Local\Plex
2013-09-02 13:08 - 2013-09-02 13:08 - 00000369 _____ C:\Users\CCN-Krecek\Downloads\max_cpc_polozky.csv
2013-09-02 09:16 - 2013-06-12 13:03 - 00224411 _____ C:\Users\CCN-Krecek\Desktop\ROZHRANI_XI_PZ.xlsx
2013-09-01 18:41 - 2013-09-01 18:38 - 1741031062 _____ C:\Users\CCN-Krecek\images.zip
2013-09-01 14:38 - 2013-09-01 14:35 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\volvik
2013-08-31 13:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-28 16:51 - 2013-08-28 16:51 - 00002513 _____ C:\Users\CCN-Krecek\Desktop\_div class=_content clearfix_.txt
2013-08-26 13:28 - 2011-11-10 15:24 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\com.oxygenxml
2013-08-25 14:13 - 2013-08-25 14:13 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\C4B
2013-08-25 13:56 - 2013-02-20 10:52 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\WORDY
2013-08-25 13:55 - 2013-07-26 14:06 - 00000104 _____ C:\Users\CCN-Krecek\Desktop\Poznámky.txt
2013-08-21 12:21 - 2013-08-21 12:21 - 12542358 _____ C:\Users\CCN-Krecek\Desktop\xx.XML
2013-08-19 21:11 - 2013-08-19 16:43 - 00000000 ____D C:\Users\CCN-Krecek\images
2013-08-19 05:58 - 2012-05-04 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 08:34 - 2013-08-17 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 08:13 - 2013-02-03 09:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-16 06:56 - 2013-02-01 11:51 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\Faktury
2013-08-15 11:50 - 2011-09-09 11:56 - 00005908 _____ C:\Windows\saplogon.ini
2013-08-15 11:50 - 2011-09-09 00:38 - 00000000 ____D C:\Users\CCN-Krecek\Documents\SAP
2013-08-15 11:50 - 2011-09-09 00:38 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Local\SAP
2013-08-15 11:49 - 2011-09-09 00:38 - 00000000 ____D C:\Program Files (x86)\SAP
2013-08-15 11:46 - 2013-05-29 15:16 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Local\CrashDumps
2013-08-15 09:52 - 2011-09-09 00:46 - 00000000 ____D C:\Users\CCN-Krecek\AppData\Roaming\SAP
2013-08-15 08:47 - 2011-09-09 11:59 - 00000901 _____ C:\Windows\SapLogonTree.xml
2013-08-13 15:50 - 2013-08-13 13:04 - 00000000 ____D C:\Users\CCN-Krecek\Desktop\Pellets

Files to move or delete:
====================
C:\Users\CCN-KR~1\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



==================== Alternate Data Streams (whitelisted) ====

AlternateDataStreams: C:\ProgramData\TEMP:A303874F

==================== Loaded Modules (whitelisted) ============

2013-08-14 20:44 - 2013-08-14 20:44 - 00261744 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00661448 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\MSVCP110.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00828872 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\MSVCR110.dll
2013-05-04 09:40 - 2013-03-18 06:53 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-03-29 19:16 - 2011-03-29 19:16 - 00021864 _____ (Lenovo.) C:\Windows\system32\Sensor64.dll
2011-09-12 18:28 - 2011-09-12 18:29 - 00087456 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-09-09 12:04 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-04-23 00:13 - 2011-07-15 16:42 - 00412456 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2011-10-30 09:53 - 2011-07-15 16:42 - 00226600 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2011-09-08 22:58 - 2011-07-15 16:42 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-03-29 19:16 - 2011-03-29 19:16 - 00021864 _____ (Lenovo.) C:\Windows\System32\Sensor64.dll
2011-03-07 04:07 - 2011-03-07 04:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-04 11:18 - 2012-07-04 11:18 - 00284456 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiHips.dll
2012-07-04 11:18 - 2012-07-04 11:18 - 00586752 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiScan.dll
2012-07-04 11:17 - 2012-07-04 11:17 - 00367344 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiAmon.dll
2012-07-04 11:17 - 2012-07-04 11:17 - 00126360 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiEmon.dll
2012-07-04 11:17 - 2012-07-04 11:17 - 00121704 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiDmon.dll
2012-07-04 11:17 - 2012-07-04 11:17 - 01663096 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiEpfw.dll
2012-07-04 11:18 - 2012-07-04 11:18 - 00230872 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiSmon.dll
2012-07-04 11:18 - 2012-07-04 11:18 - 00640800 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiUpdate.dll
2012-07-04 11:18 - 2012-07-04 11:18 - 00112952 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiMailPlugins.dll
2012-07-04 11:17 - 2012-07-04 11:17 - 00454400 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiParental.dll
2012-07-04 11:17 - 2012-07-04 11:17 - 00402400 _____ (ESET) C:\Program Files\ESET\ESET Endpoint Security\eguiDevmon.dll
2011-10-30 09:53 - 2011-06-29 19:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-10-30 09:53 - 2011-06-29 19:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 01221744 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveClient.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00534480 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\MSVCP110.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00862664 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\MSVCR110.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 02232944 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SyncEngine.DLL
2013-08-14 20:44 - 2013-08-14 20:44 - 01811056 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveSessions.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00501872 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\WnsClientApi.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00039536 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\logging.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00543856 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\Telemetry.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00773744 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\RemoteAccess.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00196416 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\sqmapi.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 02414704 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDrive.Resources.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00659568 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\VideoStreamingPlugin.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2013-08-14 20:44 - 2013-08-14 20:44 - 00222832 _____ (Microsoft Corporation) C:\Users\CCN-Krecek\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
2013-08-17 17:19 - 2013-08-17 17:20 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Scheduled Tasks (whitelisted) ===========

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Supplementary Scan (All) ================


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000000
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000000
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"DisableCAD"=dword:00000001
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"FirewallDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"VIDC.YVU9"="tsbyuv.dll"
"msacm.l3acm"="C:\\Windows\\System32\\l3codeca.acm"
"MSVideo8"="VfWWDM32.dll"
"VIDC.FFDS"="ff_vfw.dll"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux1"="wdmaud.drv"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave2"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer2"="wdmaud.drv"


==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:111.69 GB) (Free:21.18 GB) NTFS
Drive d: (Datový disk) (Fixed) (Total:465.76 GB) (Free:77.43 GB) NTFS

Available physical RAM: 5915.59 MB
Total physical RAM: 8079.23 MB
Percentage of memory in use: 26%

==================== MBR and Partition Table =================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A4C0DB68)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 89617A38)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

LastRegBack: 2013-09-11 07:46

==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odhalením nákazy

#4 Příspěvek od Rudy »

Tento PC je firemní, nebo patří nějaké organizaci?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
TemnyProrok
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 09 úno 2013 18:55

Re: Prosím o pomoc s odhalením nákazy

#5 Příspěvek od TemnyProrok »

Odkoupený firemní notebook
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odhalením nákazy

#6 Příspěvek od Rudy »

OK. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKCU\...\Run: [AdobeBridge] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
CHR Plugin: (Skype Toolbars) - C:\Users\CCN-Krecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
TemnyProrok
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 09 úno 2013 18:55

Re: Prosím o pomoc s odhalením nákazy

#7 Příspěvek od TemnyProrok »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013 02
Ran by CCN-Krecek at 2013-09-12 21:11:46 Run:1
Running from C:\Users\CCN-Krecek\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [AdobeBridge] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
CHR Plugin: (Skype Toolbars) - C:\Users\CCN-Krecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCR\PROTOCOLS\Handler\saphtmlp => Key deleted successfully.
HKCR\CLSID\{D1F8BD1E-7967-11D2-B43A-006094B9EADB} => Key not found.
HKCR\PROTOCOLS\Handler\sapr3 => Key deleted successfully.
HKCR\CLSID\{D1F8BD1E-7967-11D2-B43A-006094B9EADB} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key deleted successfully.
C:\Users\CCN-Krecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll not found.
C:\ProgramData\TEMP => ":A303874F" ADS removed successfully.

==== End of Fixlog ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odhalením nákazy

#8 Příspěvek od Rudy »

OK. Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
TemnyProrok
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 09 úno 2013 18:55

Re: Prosím o pomoc s odhalením nákazy

#9 Příspěvek od TemnyProrok »

Změna nenastala. Ale zkusil jsem se na stejný systém připojit ze služebního počítače a chovalo se to úplně stejně. A ten je určitě čistý a tak mám podezření že je něco v nepořádku s cílovým systémem - stejné chování následně ověřeno u kolegy a tak jsem předal problém na technické oddělení.

I tak děkuji za pomoc.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odhalením nákazy

#10 Příspěvek od Rudy »

OK. Nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“