Kontrola logu po odstranění "policejního viru"

[Petr-007]

Ahoj, dneska ráno na mě vyskočila tahle šmakuláda. Snad se mi ji podařilo odstranit, ale pro jistotu bych vás rád poprosil o kontrolu logu. Díky moc

Logfile of random's system information tool 1.08 (written by random/random)
Run by fYcak at 2014-04-01 22:13:34
WIN_7 Service Pack 1
System drive C: has 277 GB (58%) free of 477 GB
Total RAM: 4061 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:18:10, on 1.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Users\fYcak\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\fYcak\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fYcak\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fYcak\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fYcak\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Czech Soccer Manager\CzechSoccerManager.exe
C:\Users\fYcak\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fYcak\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fYcak\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fYcak\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\fYcak.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Google Update] "C:\Users\fYcak\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\fYcak\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\fYcak\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-3218409291-2153134768-1775511079-1000\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background (User '?')
O4 - HKUS\S-1-5-21-3218409291-2153134768-1775511079-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3218409291-2153134768-1775511079-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10855 bytes

======Listing Processes======


======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3218409291-2153134768-1775511079-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3218409291-2153134768-1775511079-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3218409291-2153134768-1775511079-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3218409291-2153134768-1775511079-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20 6270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-05 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-05 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-09-12 5618456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"=C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2013-10-31 449760]
"Google Update"=C:\Users\fYcak\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-15 116648]
"Facebook Update"=C:\Users\fYcak\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-17 138096]
"Spotify Web Helper"=C:\Users\fYcak\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-01-16 1171968]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-04-01 22:14:05 ----D---- C:\Program Files\trend micro
2014-04-01 22:13:34 ----D---- C:\rsit
2014-04-01 18:59:23 ----D---- C:\ProgramData\ESET
2014-04-01 18:59:23 ----D---- C:\Program Files\ESET
2014-04-01 16:03:10 ----D---- C:\Program Files\CCleaner
2014-04-01 15:55:52 ----D---- C:\Program Files (x86)\GUME446.tmp
2014-04-01 12:44:19 ----D---- C:\ProgramData\NortonInstaller
2014-04-01 11:33:57 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-04-01 11:33:08 ----D---- C:\ProgramData\Malwarebytes
2014-04-01 11:33:08 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 11:33:08 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-04-01 11:33:08 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-04-01 11:33:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-04-01 09:46:18 ----D---- C:\ProgramData\Norton
2014-04-01 09:42:23 ----D---- C:\Windows\pss
2014-03-29 18:38:44 ----HD---- C:\_acestream_cache_
2014-03-29 18:38:41 ----D---- C:\Users\fYcak\AppData\Roaming\.ACEStream
2014-03-29 18:35:07 ----D---- C:\Users\fYcak\AppData\Roaming\ACEStream
2014-03-19 14:24:24 ----D---- C:\Program Files (x86)\PokerStars
2014-03-19 01:38:42 ----D---- C:\Users\fYcak\AppData\Roaming\Unity

======List of files/folders modified in the last 1 months======

2014-04-01 22:14:23 ----D---- C:\Windows\Temp
2014-04-01 22:14:05 ----RD---- C:\Program Files
2014-04-01 21:27:20 ----D---- C:\Windows\system32\config
2014-04-01 20:49:11 ----D---- C:\Windows\system32\NDF
2014-04-01 20:46:43 ----D---- C:\Windows
2014-04-01 19:19:47 ----SD---- C:\Users\fYcak\AppData\Roaming\Microsoft
2014-04-01 19:19:47 ----SD---- C:\ProgramData\Microsoft
2014-04-01 19:00:44 ----SHD---- C:\Windows\Installer
2014-04-01 19:00:28 ----D---- C:\Windows\system32\DriverStore
2014-04-01 19:00:28 ----D---- C:\Windows\system32\drivers
2014-04-01 19:00:28 ----D---- C:\Windows\system32\catroot
2014-04-01 19:00:28 ----D---- C:\Windows\inf
2014-04-01 18:59:23 ----HD---- C:\ProgramData
2014-04-01 16:05:28 ----D---- C:\Users\fYcak\AppData\Roaming\TS3Client
2014-04-01 16:05:28 ----D---- C:\Program Files (x86)\Steam
2014-04-01 16:05:05 ----D---- C:\Windows\Panther
2014-04-01 16:05:04 ----D---- C:\Windows\Logs
2014-04-01 16:05:04 ----D---- C:\Windows\debug
2014-04-01 16:03:11 ----D---- C:\Windows\system32\Tasks
2014-04-01 15:55:52 ----RD---- C:\Program Files (x86)
2014-04-01 15:34:39 ----SHD---- C:\System Volume Information
2014-04-01 15:32:40 ----D---- C:\Program Files\Common Files
2014-04-01 15:31:06 ----D---- C:\Program Files (x86)\Opera
2014-04-01 15:28:48 ----D---- C:\Windows\System32
2014-04-01 13:19:54 ----D---- C:\Program Files (x86)\Common Files
2014-04-01 12:45:57 ----D---- C:\Windows\Prefetch
2014-04-01 12:23:55 ----RSD---- C:\Windows\assembly
2014-04-01 11:59:39 ----D---- C:\Windows\Microsoft.NET
2014-04-01 11:14:46 ----D---- C:\Windows\system32\drivers\etc
2014-04-01 06:38:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-31 21:36:51 ----D---- C:\Users\fYcak\AppData\Roaming\vlc
2014-03-29 12:50:25 ----D---- C:\Windows\system32\catroot2
2014-03-25 14:00:11 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-03-24 15:21:32 ----D---- C:\ProgramData\Microsoft Help
2014-03-24 15:21:08 ----D---- C:\Users\fYcak\AppData\Roaming\Skype
2014-03-21 16:53:18 ----D---- C:\Users\fYcak\AppData\Roaming\Spotify
2014-03-19 15:32:43 ----D---- C:\Users\fYcak\AppData\Roaming\Mozilla
2014-03-19 14:19:50 ----D---- C:\Program Files (x86)\PokerStars.NET
2014-03-15 14:13:44 ----D---- C:\Windows\Tasks
2014-03-15 14:13:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-03-15 14:11:55 ----RD---- C:\Program Files (x86)\Skype
2014-03-11 13:46:50 ----D---- C:\Program Files (x86)\CS Poker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-01-12 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-01-12 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 157432]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-03-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-04-01 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-03-05 63192]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-01-12 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2012-01-12 80384]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-01-12 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-08-10 222208]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys [2012-01-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-03-03 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-03-03 1748608]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2012-01-12 27648]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-09-12 1337752]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-12-29 884152]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-29 1260472]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-04 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2012-01-12 27648]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-04 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-01-06 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2012-01-12 27648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------


Díky moc za pomoc

[Rudy]

Zdravím!
V logu není nic, co by se podobalo policejnímu viru vidět. Pro jistotu udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Petr-007]

MBAM jsem používal k léčení, tak předpokládám, že i log bude v pořádku, protože už nic nenaš, můžu ale poslat ještě předešlé logy?
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1.4.2014
Scan Time: 23:22:05
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.01.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: fYcak

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 269667
Time Elapsed: 16 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Rudy]

Klidně pošlete, myslím ale, že tam nic nebude. MBAM je skutečně čistý.

[Petr-007]

Tady je tedy první:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1.4.2014
Scan Time: 11:58:40
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.04.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: fYcak

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270954
Time Elapsed: 19 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com, Quarantined, [1c2dfe01d8a262d49a69642418ea58a8],

Files: 8
PUP.Optional.SweetIM, C:\Users\fYcak\AppData\Local\Temp\mgsqlite3.7z, Quarantined, [fa4f07f81763b383146392bfae5633cd],
RiskWare.Tool.CK, C:\Users\fYcak\AppData\Local\Temp\Resources\KMSKG\Keygen.exe, Quarantined, [40094ab501796ec87dc3795b847dec14],
PUP.Optional.OpenCandy, C:\Users\fYcak\Downloads\windows-movie-maker-2.6.4037.0.exe, Quarantined, [1d2cd22d1e5c2a0c8d5968e956ae7b85],
PUP.Optional.Inbox, C:\Users\fYcak\Downloads\TVSetup (1).exe, Quarantined, [08417d82bcbee74f2cd056f44db4ac54],
PUP.Optional.Inbox, C:\Users\fYcak\Downloads\TVSetup.exe, Quarantined, [5eeb847ba3d7f4423dbf7dcd0bf614ec],
PUP.Optional.Smart, C:\Users\fYcak\Downloads\FlvPlayer.exe, Quarantined, [6cdd6b948eec77bfc7a21634a35eea16],
PUP.Optional.SInstalator, C:\Users\fYcak\Downloads\Skype - 005 (1).exe, Quarantined, [361356a91c5ed36391e25011010004fc],
PUP.Optional.SInstalator, C:\Users\fYcak\Downloads\Skype - 005.exe, Quarantined, [d27726d9b4c6082eb5be64fd02ffcf31],

Physical Sectors: 0
(No malicious items detected)


(end)

A druhý:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1.4.2014
Scan Time: 12:23:03
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.01.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: fYcak

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 278652
Time Elapsed: 21 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
Trojan.Agent.ED, C:\ProgramData\ik7ifk.cpp, Quarantined, [9d896eb74b302511dd668cb102fe29d7],
Trojan.Agent.ED, C:\ProgramData\yygs3o.cpp, Quarantined, [b175f53099e2d75f02415de033cd9070],
Trojan.Agent.ED, C:\Users\fYcak\AppData\Local\Temp\mydt.dll, Quarantined, [909634f15427d3636fd4da63ac5439c7],
Trojan.Agent.ED, C:\Users\fYcak\AppData\Local\Temp\ik7ifk.cpp, Quarantined, [f72f180d3f3cf541e55e90ad67991de3],
Trojan.Agent.ED, C:\Users\fYcak\AppData\Local\Temp\yygs3o.cpp, Quarantined, [180e978e9dde9d99bc87c17c3bc540c0],
Trojan.Agent.ED, C:\Users\fYcak\AppData\Local\Temp\mm5E.dll, Quarantined, [210584a1fd7e84b2ee55a39a768af50b],

Physical Sectors: 0
(No malicious items detected)


(end)

Jediný problém, který mi teď ale vznikl, je ten, že mi nefunguje spodní lišta, několikrát se zasekne ukazatel wifi signálu, takže mám plný signál i kilometr od routeru, když tam přepínám mezi okny, zůstane jenom žlutě blikající a nepřepne mě to do něj... Vůbec nevím, čím by to mohlo být...

[Rudy]

Jsou tam zbytky. Vše smažte.

[Petr-007]

Vše smazánu, za tu dobu se občas objeví onen problém s lištou a jednou se objevilo i BSOD. Jinak ntb funguje alespoň tak, že mohu psát, velice děkuji

[Rudy]

Otevřte adresář c:\windows\minidump, jeho obsah zabalte do raru a přiložte k vašemu příštímu postu. koukneme se, co v systému padá.

[Petr-007]

Zdravím,

zararovaná složka minidump je tady: http://leteckaposta.cz/581577776

[Rudy]

Shazuje vám to wifi adaptér. Zkuste přeinstalovat jeho ovladač.