Trojan Dropper

Zpráva

Paint2 · #1 Příspěvek od **Paint2** » 28 bře 2014 15:21

Zdravím, píšu zde poprvé tak promiňte, že s tu moc neorientuji.

Před 2 týdny se mi v notebooku objevil vir Trojan Dropper, který mi shazuje programy z full screenu. Už jsem ho 2x odstranil pomocí antiviru, ale objevuje se mi zde každý pátek a už nevím, co s tím.

Předem děkuji za odpověď.

#2 Příspěvek od **Rudy** » 28 bře 2014 16:22

Zdravím!
Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Paint2 · #3 Příspěvek od **Paint2** » 28 bře 2014 16:32

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tomáš (administrator) on TOMAS-PC on 28-03-2014 15:12:01
Running from C:\Users\Tomáš\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkads.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lktsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(National Instruments, Inc.) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\syswow64\MsiExec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [266496 2011-06-17] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2594327001-1102094556-2147035336-1000\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-2594327001-1102094556-2147035336-1000\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2594327001-1102094556-2147035336-1001\...\Run: [Google Update] - C:\Users\Tomáš\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-14] (Google Inc.)
HKU\S-1-5-21-2594327001-1102094556-2147035336-1001\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-03-08] (NEXON Inc.)
HKU\S-1-5-21-2594327001-1102094556-2147035336-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2594327001-1102094556-2147035336-1001\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2551656 2012-01-31] (Hewlett-Packard Co.)
HKU\S-1-5-21-2594327001-1102094556-2147035336-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-10-16] (NVIDIA Corporation)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2012-12-18] ()
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => C:\ProgramData\Wincert\win32cert.dll [7168 2012-12-18] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203072 2011-10-16] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: 192.168.122.1:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKCU - 0FA8977B6EA44364BDCEB65687141F86 URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... D53DC56E28
SearchScopes: HKCU - {EC6799E0-254E-41F5-A009-7F601080A877} URL = http://websearch.ask.com/redirect?clien ... DD1D72457D
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Media Watch - {10c9551b-170d-43aa-bba5-4f1edbe54f36} - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home782\ie\MediaWatchV1home782.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\25vdod95.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tomáš\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tomáš\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha285.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha285\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha285\ff [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha6416.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6416\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6416\ff [2014-01-09]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta660.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta660\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta660\ff [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha950.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha950\ff
FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha950\ff [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha507.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha507\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha507\ff [2014-02-23]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3678.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3678\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3678\ff [2014-02-27]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha7662.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7662\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7662\ff [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home782.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home782\ff
FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home782\ff [2014-03-22]

Chrome:
=======
CHR HomePage: hxxp://sk.twitch.tv/riotgames
CHR Plugin: (Shockwave Flash) - C:\Users\TomÃÂÃÂ¡ÃÂÃÂ¡\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Tomáš\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Tomáš\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tomáš\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows LiveÃÂÃÂ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\TomÃÂÃÂ¡ÃÂÃÂ¡\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (PenÃÂÃÂÃÂÃÂ¾enka Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Media Hint) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbogbchcdigifagelnlmhlenmofdgbao [2013-05-03]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Tomáš\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [aokajfbiecoocfkmphfmchmknpfglflm] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7662\ch\MediaViewV1alpha7662.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Tomáš\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [fifojoglloippfpjioancpinliefbpnc] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha507\ch\MediaViewerV1alpha507.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [fpjidekkfjpolnaepdimdnfopkcfndlf] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha285\ch\WebexpEnhancedV1alpha285.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [jhmldiekoecphipogilfpoheneihhnkf] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home782\ch\MediaWatchV1home782.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [ochojhaacpkllcfoakiaioklfjgmobpe] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3678\ch\MediaViewV1alpha3678.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [oejjbmgafckaophpmaojejnckjeoghfk] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta660\ch\VideoPlayerV3beta660.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [ofnmofmfcjickilbjhkeapmdiehnjgnn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6416\ch\WebexpEnhancedV1alpha6416.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2014-03-20]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2007-01-22] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [56096 2007-02-14] (National Instruments, Inc.)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [64288 2007-02-14] (National Instruments, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [207648 2007-02-14] (National Instruments, Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-08] ()

==================== Drivers (Whitelisted) ====================

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-07] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-28 15:12 - 2014-03-28 15:12 - 00022628 _____ () C:\Users\Tomáš\Desktop\FRST.txt
2014-03-28 15:08 - 2014-03-28 15:08 - 00021536 _____ () C:\Users\Tomáš\Downloads\FRST.txt
2014-03-28 15:07 - 2014-03-28 15:07 - 00029696 _____ () C:\Users\Tomáš\AppData\Local\MSGBOX.EXE
2014-03-28 15:07 - 2014-03-28 15:07 - 00015327 _____ () C:\Users\Tomáš\Desktop\LM.bat
2014-03-28 15:06 - 2014-03-28 15:08 - 00000000 ____D () C:\FRST
2014-03-28 15:06 - 2014-03-28 15:07 - 00112640 _____ (forum.viry.cz) C:\Users\Tomáš\Desktop\FRSTLauncher.exe
2014-03-28 15:05 - 2014-03-28 15:06 - 02157056 _____ (Farbar) C:\Users\Tomáš\Desktop\FRST64.exe
2014-03-23 13:04 - 2014-03-23 13:04 - 00000222 _____ () C:\Users\Tomáš\Desktop\PAYDAY 2.url
2014-03-22 20:23 - 2014-03-22 20:23 - 00000000 ____D () C:\Program Files (x86)\MediaWatchV1
2014-03-22 10:01 - 2014-03-28 13:32 - 00000392 _____ () C:\Windows\setupact.log
2014-03-22 10:01 - 2014-03-22 10:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 21:12 - 2014-03-17 21:12 - 00000017 _____ () C:\Users\Tomáš\Desktop\LOL Undefined - BUG.txt
2014-03-13 21:21 - 2014-03-13 21:21 - 00000000 ____D () C:\Users\Tomáš\Documents\záloha
2014-03-13 13:44 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 13:44 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 13:44 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 13:44 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 13:44 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 13:44 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 13:44 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 13:44 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 13:44 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 13:44 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 13:44 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 13:43 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 13:43 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 13:43 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 13:43 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 13:43 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 13:43 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 13:43 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 13:43 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 13:43 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 13:43 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 13:43 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 13:43 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 13:43 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 13:43 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 13:43 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 13:43 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 13:43 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 13:43 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 13:43 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 13:43 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 13:43 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 13:43 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 13:43 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 13:43 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 13:43 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 13:43 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 13:43 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 13:43 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 13:43 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 13:43 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 13:43 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 13:43 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 13:43 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 13:43 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 13:43 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 13:43 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 13:43 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-08 11:06 - 2014-03-08 11:06 - 00000010 _____ () C:\Users\Tomáš\Desktop\CA - pw.txt
2014-03-06 15:40 - 2014-03-06 15:40 - 00000000 ____D () C:\Program Files\DIFX
2014-03-06 15:01 - 2014-03-06 15:01 - 00000000 ____D () C:\Users\Tomáš\AppData\Local\2K Games
2014-03-06 14:44 - 2014-03-16 14:10 - 00000000 ____D () C:\Users\Tomáš\Documents\Arduino
2014-03-06 14:44 - 2014-03-06 14:44 - 00000000 ____D () C:\Users\Tomáš\AppData\Roaming\Arduino
2014-03-06 14:43 - 2014-03-06 14:44 - 00000000 ____D () C:\Users\Tomáš\Desktop\Arduino
2014-02-27 20:23 - 2014-03-15 20:23 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-02-27 14:09 - 2014-02-27 14:09 - 00002731 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-27 14:09 - 2014-02-27 14:09 - 00000000 ____D () C:\Users\Tomáš\AppData\Local\Skype

==================== One Month Modified Files and Folders =======

2014-03-28 15:12 - 2014-03-28 15:12 - 00022628 _____ () C:\Users\Tomáš\Desktop\FRST.txt
2014-03-28 15:12 - 2012-08-13 16:09 - 00000000 ____D () C:\Users\Tomáš\AppData\Roaming\Skype
2014-03-28 15:12 - 2011-10-18 09:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-28 15:08 - 2014-03-28 15:08 - 00021536 _____ () C:\Users\Tomáš\Downloads\FRST.txt
2014-03-28 15:08 - 2014-03-28 15:06 - 00000000 ____D () C:\FRST
2014-03-28 15:07 - 2014-03-28 15:07 - 00029696 _____ () C:\Users\Tomáš\AppData\Local\MSGBOX.EXE
2014-03-28 15:07 - 2014-03-28 15:07 - 00015327 _____ () C:\Users\Tomáš\Desktop\LM.bat
2014-03-28 15:07 - 2014-03-28 15:06 - 00112640 _____ (forum.viry.cz) C:\Users\Tomáš\Desktop\FRSTLauncher.exe
2014-03-28 15:06 - 2014-03-28 15:05 - 02157056 _____ (Farbar) C:\Users\Tomáš\Desktop\FRST64.exe
2014-03-28 14:32 - 2013-04-11 14:54 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 14:21 - 2012-08-22 18:50 - 00000000 ____D () C:\Users\Tomáš\AppData\Local\PMB Files
2014-03-28 14:21 - 2012-08-22 18:50 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-28 14:16 - 2012-08-14 19:11 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001UA.job
2014-03-28 14:16 - 2012-08-14 19:11 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001Core.job
2014-03-28 13:40 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 13:40 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 13:39 - 2012-02-18 05:22 - 01844832 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 13:34 - 2013-06-25 16:45 - 00000356 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-28 13:32 - 2014-03-22 10:01 - 00000392 _____ () C:\Windows\setupact.log
2014-03-28 13:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 18:26 - 2013-12-19 19:44 - 00000000 ____D () C:\Users\Tomáš\AppData\Local\Battle.net
2014-03-24 20:23 - 2012-11-03 16:06 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2014-03-23 17:06 - 2013-12-25 20:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-23 13:04 - 2014-03-23 13:04 - 00000222 _____ () C:\Users\Tomáš\Desktop\PAYDAY 2.url
2014-03-22 20:24 - 2014-01-29 15:23 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2014-03-22 20:23 - 2014-03-22 20:23 - 00000000 ____D () C:\Program Files (x86)\MediaWatchV1
2014-03-22 10:01 - 2014-03-22 10:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-21 23:21 - 2013-12-19 19:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-21 23:20 - 2013-12-19 19:52 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-21 14:12 - 2014-02-08 00:07 - 00000000 ____D () C:\Users\Tomáš\AppData\Local\Razer
2014-03-21 14:12 - 2014-02-08 00:07 - 00000000 ____D () C:\ProgramData\Razer
2014-03-21 14:12 - 2014-02-08 00:07 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-03-21 13:55 - 2013-04-07 16:22 - 00000000 ____D () C:\Users\Tomáš\Desktop\Songs
2014-03-20 22:04 - 2012-12-09 17:26 - 00000000 ____D () C:\Program Files (x86)\QuadCoreM2
2014-03-19 07:32 - 2012-11-03 15:50 - 00000000 ____D () C:\Users\Tomáš\AppData\Roaming\uTorrent
2014-03-17 21:12 - 2014-03-17 21:12 - 00000017 _____ () C:\Users\Tomáš\Desktop\LOL Undefined - BUG.txt
2014-03-17 19:05 - 2012-02-18 06:10 - 00669132 _____ () C:\Windows\system32\perfh005.dat
2014-03-17 19:05 - 2012-02-18 06:10 - 00141760 _____ () C:\Windows\system32\perfc005.dat
2014-03-17 19:05 - 2009-07-14 06:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 14:12 - 2012-10-28 11:03 - 00446464 ___SH () C:\Users\Tomáš\Documents\Thumbs.db
2014-03-16 14:10 - 2014-03-06 14:44 - 00000000 ____D () C:\Users\Tomáš\Documents\Arduino
2014-03-16 14:10 - 2013-09-20 09:27 - 00000000 ____D () C:\Users\Tomáš\Documents\Films
2014-03-16 14:10 - 2013-03-22 11:54 - 00000000 ____D () C:\Users\Tomáš\Documents\My Games
2014-03-15 20:27 - 2012-08-14 19:13 - 00002372 _____ () C:\Users\Tomáš\Desktop\Google Chrome.lnk
2014-03-15 20:23 - 2014-02-27 20:23 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-14 17:33 - 2013-03-08 19:02 - 00000000 ____D () C:\Users\Tomáš\AppData\Roaming\TS3Client
2014-03-14 14:20 - 2013-08-15 00:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-14 14:15 - 2012-09-25 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 14:15 - 2012-09-10 14:06 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-14 03:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-14 03:28 - 2009-07-14 05:45 - 00435216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 03:27 - 2013-03-14 11:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 03:27 - 2013-03-14 11:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:21 - 2014-03-13 21:21 - 00000000 ____D () C:\Users\Tomáš\Documents\záloha
2014-03-13 21:20 - 2013-05-06 14:23 - 00000000 ____D () C:\Users\Tomáš\AppData\Roaming\DAEMON Tools Lite
2014-03-13 21:19 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther
2014-03-11 21:32 - 2013-04-11 14:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:32 - 2013-04-11 14:54 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 21:32 - 2011-10-18 09:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-08 11:06 - 2014-03-08 11:06 - 00000010 _____ () C:\Users\Tomáš\Desktop\CA - pw.txt
2014-03-06 15:52 - 2013-09-20 09:32 - 00000000 ____D () C:\Users\Tomáš\Documents\Screen
2014-03-06 15:40 - 2014-03-06 15:40 - 00000000 ____D () C:\Program Files\DIFX
2014-03-06 15:04 - 2013-11-10 10:07 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-03-06 15:01 - 2014-03-06 15:01 - 00000000 ____D () C:\Users\Tomáš\AppData\Local\2K Games
2014-03-06 15:01 - 2013-03-22 11:54 - 00000000 ____D () C:\Users\Tomáš\AppData\Local\SKIDROW
2014-03-06 14:44 - 2014-03-06 14:44 - 00000000 ____D () C:\Users\Tomáš\AppData\Roaming\Arduino
2014-03-06 14:44 - 2014-03-06 14:43 - 00000000 ____D () C:\Users\Tomáš\Desktop\Arduino
2014-03-01 07:05 - 2014-03-13 13:43 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 13:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 13:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 13:44 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 13:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 13:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 13:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 13:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 13:43 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 13:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 13:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 13:43 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 13:43 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 13:43 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 13:43 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 13:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 13:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 13:43 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 13:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 13:44 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 13:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:43 - 2014-03-13 13:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:42 - 2014-03-13 13:43 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 13:43 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 13:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 13:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 13:43 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 13:43 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 13:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 13:43 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 13:43 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 13:44 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 13:43 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 13:43 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 13:43 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 13:43 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 13:44 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 13:43 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 13:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 15:26 - 2014-02-07 23:58 - 01560276 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 14:09 - 2014-02-27 14:09 - 00002731 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-27 14:09 - 2014-02-27 14:09 - 00000000 ____D () C:\Users\Tomáš\AppData\Local\Skype
2014-02-27 14:09 - 2011-10-18 09:10 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Tomáš\AppData\Local\Temp\set-app.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-14 03:46

==================== End Of Log ============================

#4 Příspěvek od **Rudy** » 28 bře 2014 16:46

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2594327001-1102094556-2147035336-1001\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-03-08] (NEXON Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKCU - 0FA8977B6EA44364BDCEB65687141F86 URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... D53DC56E28
SearchScopes: HKCU - {EC6799E0-254E-41F5-A009-7F601080A877} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=A62A06E1-BD51-481A-BA48-0DBC35BBAEE9&apn_sauid=AC649C86-EC30-4B58-B15A-0CDD1D72457D
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\25vdod95.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
C:\Program Files (x86)\BetterSurf
C:\ProgramData\NexonEU
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha285.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha285\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha285\ff [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha6416.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6416\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6416\ff [2014-01-09]
CHR Plugin: (Google Update) - C:\Users\TomÃÂÃÂ¡ÃÂÃÂ¡\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Tomáš\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2014-03-20]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001UA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001Core.job
C:\Users\Tomáš\AppData\Local\Temp
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001Core.job => C:\Users\Tomáa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001UA.job => C:\Users\Tomáa\AppData\Local\Google\Update\GoogleUpdate.exe
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Paint2 · #5 Příspěvek od **Paint2** » 28 bře 2014 16:55

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Tomáš at 2014-03-28 16:56:14 Run:1
Running from C:\Users\Tomáš\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2594327001-1102094556-2147035336-1001\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-03-08] (NEXON Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKCU - 0FA8977B6EA44364BDCEB65687141F86 URL = http://dts.search-results.com/sr?src=ie ... 2444902&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... D53DC56E28
SearchScopes: HKCU - {EC6799E0-254E-41F5-A009-7F601080A877} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=A62A06E1-BD51-481A-BA48-0DBC35BBAEE9&apn_sauid=AC649C86-EC30-4B58-B15A-0CDD1D72457D
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\25vdod95.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
C:\Program Files (x86)\BetterSurf
C:\ProgramData\NexonEU
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha285.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha285\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha285\ff [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha6416.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6416\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6416\ff [2014-01-09]
CHR Plugin: (Google Update) - C:\Users\TomAÂA?Â!AÂ?A?Â!\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Tomáš\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2014-03-20]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001UA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001Core.job
C:\Users\Tomáš\AppData\Local\Temp
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001Core.job => C:\Users\Tomáa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001UA.job => C:\Users\Tomáa\AppData\Local\Google\Update\GoogleUpdate.exe
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\S-1-5-21-2594327001-1102094556-2147035336-1001\Software\Microsoft\Windows\CurrentVersion\Run\\KPeerNexonEU => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\0FA8977B6EA44364BDCEB65687141F86 => Key deleted successfully.
HKCR\CLSID\0FA8977B6EA44364BDCEB65687141F86 => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC6799E0-254E-41F5-A009-7F601080A877} => Key deleted successfully.
HKCR\CLSID\{EC6799E0-254E-41F5-A009-7F601080A877} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data => Key not found.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Should not be moved.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
"C:\Program Files (x86)\BetterSurf" => File/Directory not found.
C:\ProgramData\NexonEU => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame => Key deleted successfully.
C:\ProgramData\NexonEU\NGM\npnxgameEU.dll not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\xz123@ya456.com => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\12x3q@3244516.com => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@bettersurfplus.com => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha285.net => Value deleted successfully.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha285\ff => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha6416.net => Value deleted successfully.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6416\ff => Moved successfully.
C:\Users\TomAÂA?Â!AÂ?A?Â!\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap => Key deleted successfully.
"C:\Program Files (x86)\BetterSurf\ch\Chrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key deleted successfully.
C:\Users\Tomáš\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl => Key deleted successfully.
"C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco => Key deleted successfully.
"C:\Program Files (x86)\Better-Surf\ch\Chrome.crx" => File/Directory not found.
c2cautoupdatesvc => Service stopped successfully.
c2cautoupdatesvc => Service deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001Core.job => Moved successfully.

"C:\Users\Tomáš\AppData\Local\Temp" directory move:

C:\Users\Tomáš\AppData\Local\Temp\Acer.swf => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\AdobeARM.log => Moved successfully.
Could not move "C:\Users\Tomáš\AppData\Local\Temp\aipflib.log" => Scheduled to move on reboot.
C:\Users\Tomáš\AppData\Local\Temp\aminsis.txt => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\CVR785D.tmp.cvr => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\CVR9273.tmp.cvr => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\CVRC5E0.tmp.cvr => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.AA5852 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.as5312 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.AW5212 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.bE5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.kl5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.KQ6416 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.MC5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.rj4544 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.sj1108 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.TS5312 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.Vy5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.Xe5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.XV3808 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.ze4736 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\D3.Zh3880 => Moved successfully.
Could not move "C:\Users\Tomáš\AppData\Local\Temp\etilqs_s6pg4bHOLbRoSlL" => Scheduled to move on reboot.
Could not move "C:\Users\Tomáš\AppData\Local\Temp\etilqs_SskkNMSf8boB5iM" => Scheduled to move on reboot.
Could not move "C:\Users\Tomáš\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Tomáš\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\jusched.log => Moved successfully.
Could not move "C:\Users\Tomáš\AppData\Local\Temp\LManager.log" => Scheduled to move on reboot.
Could not move "C:\Users\Tomáš\AppData\Local\Temp\LMworker.log" => Scheduled to move on reboot.
C:\Users\Tomáš\AppData\Local\Temp\S2.BG3808 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.bV5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.LL3880 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.lQ5312 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.Md5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.mV5212 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.na5852 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.Ne6416 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.PR1108 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.qO5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.Re5312 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.uf4736 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.xh5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.xQ4544 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\S2.YG5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\set-app.exe => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.ap4544 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.as3880 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.bA5312 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.BD4736 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.Bo5312 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.DA6416 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.Ee5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.Nz5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.PB3808 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.pK5212 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.qC5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.qR5852 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.RM1108 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.RY5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WoW.tE5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.Cc3880 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.CV3808 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.ea1108 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.fG5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.Gq4736 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.Hp5212 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.II6416 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.Jr5312 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.Kb5312 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.lt5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.lu5852 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.Tx5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.wa4544 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.wf5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\WTCG.Xo5624 => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\{3BF022ED-6379-4EF6-B0CF-69B760B36A4A}.tmp => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\~56E.bat => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\~56E.tmp => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\~nsu.tmp\Au_.exe => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\TCDB.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\is-VUTFG.tmp\_isetup\_setup64.tmp => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\is-VUTFG.tmp\_isetup\_shfoldr.dll => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\HP\AtStatus\hpinkstsb011lm.log => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\5528_21260\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\5528_21260\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\5528_21260\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\5016_4796\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\5016_4796\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\5016_4796\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\5012_2747\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\5012_2747\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\5012_2747\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\4968_7057\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\4968_7057\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\4968_7057\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\4964_31793\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\4964_31793\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\4964_31793\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3984_24429\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3984_24429\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3984_24429\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3784_1629\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3784_1629\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3784_1629\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3360_28930\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3360_28930\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3360_28930\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3360_17593\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3360_17593\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3360_17593\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3348_6504\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3348_6504\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\3348_6504\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\2436_13094\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\2436_13094\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\2436_13094\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\2232_19366\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\2232_19366\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\2232_19366\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\2164_15040\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\2164_15040\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\2164_15040\manifest.json => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\12652_11139\crl-set => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\12652_11139\manifest.fingerprint => Moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\12652_11139\manifest.json => Moved successfully.
Could not move "C:\Users\Tomáš\AppData\Local\Temp" directory. => Scheduled to move on reboot.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001Core.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594327001-1102094556-2147035336-1001UA.job not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-28 16:59:09)<=

C:\Users\Tomáš\AppData\Local\Temp\aipflib.log => Is moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\etilqs_s6pg4bHOLbRoSlL => Is moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\etilqs_SskkNMSf8boB5iM => Is moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\LManager.log => Is moved successfully.
C:\Users\Tomáš\AppData\Local\Temp\LMworker.log => Is moved successfully.
C:\Users\Tomáš\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

#6 Příspěvek od **Rudy** » 28 bře 2014 17:48

Smazáno. Problém trvá, nebo je troják pryč?

Paint2 · #7 Příspěvek od **Paint2** » 28 bře 2014 17:49

Vypadá to, že je troják pryč. Moc děkuji za pomoc a ochotu.

#8 Příspěvek od **Rudy** » 28 bře 2014 18:08

Rádo se stalo!

VIRY.CZ

Trojan Dropper

Trojan Dropper

Re: Trojan Dropper

Re: Trojan Dropper

Re: Trojan Dropper

Re: Trojan Dropper

Re: Trojan Dropper

Re: Trojan Dropper

Re: Trojan Dropper