Virus podvrhující stránky na upgrade Flash playeru

[martinracek]

Zrovna dnes jsem o toto viru četl článek na seznamu a obávám se, že jsem se stal jeho majitelem.

Díky předem za pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by Martin (administrator) on MARTIN-PC on 08-05-2014 15:34:17
Running from C:\Users\Martin\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Tanuki Software, Ltd.) C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Oracle Corporation) C:\Program Files\PS3 Media Server\jre\bin\java.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(Sonix Technology Co., Ltd.) C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(ICQ) C:\Users\Martin\AppData\Roaming\ICQM\icq.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6072936 2011-08-30] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-11-22] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-25] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM\...\Run: [tsnp2uvc] => C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe [322560 2012-02-23] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-04-04] (Microsoft Corporation)
HKU\S-1-5-21-281361865-725414244-1054193005-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-281361865-725414244-1054193005-1000\...\Run: [icq] => C:\Users\Martin\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-23] (ICQ)
HKU\S-1-5-21-281361865-725414244-1054193005-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-281361865-725414244-1054193005-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-281361865-725414244-1054193005-1000\...\MountPoints2: {71bb2f7d-4dca-11e3-a47f-8c89a5817b67} - I:\vns_full.exe
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kooperativa - PDF Server.lnk
ShortcutTarget: Kooperativa - PDF Server.lnk -> C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKCU - DefaultScope {6523815D-EF18-4922-9901-AA034BC08233} URL = http://start.funmoods.com/results.php?f ... earchTerms}
SearchScopes: HKCU - {6523815D-EF18-4922-9901-AA034BC08233} URL = http://start.funmoods.com/results.php?f ... earchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Xilisoft Download Youtube Toolbar\tbcore3.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Xilisoft Download Youtube Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Xilisoft Download Youtube Toolbar\tbcore3.dll ()
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.3.1

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\aw3k71h3.default-1388301245377
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler - C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-02-22]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-11-05]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-02-12]

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Software602 Form Filler) - C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-03]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-03]
CHR Extension: (Adobe Acrobat - Vytvořit PDF) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-07-03]
CHR Extension: (Peněženka Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-03]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [2012-09-23]

========================== Services (Whitelisted) =================

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-11-22] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [814264 2011-11-22] (ESET)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PS3 Media Server; C:\Program Files\PS3 Media Server\win32\service\wrapper.exe [384280 2012-11-27] (Tanuki Software, Ltd.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [71344 2013-10-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2011-04-20] (Atheros Communications, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-15] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2011-11-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2011-11-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2011-11-21] (ESET)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3565952 2011-09-09] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 NTIOLib_1_0_C; \??\E:\NTIOLib.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 15:34 - 2014-05-08 15:35 - 00019457 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-05-08 15:33 - 2014-05-08 15:34 - 00000000 ____D () C:\FRST
2014-05-08 15:32 - 2014-05-08 15:32 - 01053184 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2014-05-08 15:31 - 2014-05-08 15:31 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2014-05-08 15:30 - 2014-05-08 15:32 - 00000000 ____D () C:\Users\Martin\Desktop\scan
2014-05-08 15:07 - 2014-05-01 15:02 - 00000426 _____ () C:\AVScanner.ini
2014-05-03 07:29 - 2014-05-03 07:29 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\DropboxMaster
2014-05-02 21:49 - 2014-04-29 14:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 21:49 - 2014-04-29 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-30 23:00 - 2014-04-30 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 08:20 - 2014-04-14 04:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-30 08:20 - 2014-04-14 04:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-26 18:25 - 2014-04-26 18:25 - 00288406 _____ () C:\Users\Martin\Documents\hans_hagen.gwc
2014-04-25 15:01 - 2014-04-25 15:01 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-24 18:31 - 2014-04-24 18:31 - 00000000 ____D () C:\TempProjekty
2014-04-24 18:30 - 2014-04-24 18:30 - 00000989 _____ () C:\Users\Martin\Desktop\HTTrack Website Copier.lnk
2014-04-24 18:30 - 2014-04-24 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2014-04-24 18:30 - 2014-04-24 18:30 - 00000000 ____D () C:\Program Files\WinHTTrack
2014-04-18 07:05 - 2014-05-08 09:05 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-04-10 18:56 - 2014-04-10 18:56 - 00000286 _____ () C:\Users\Martin\Documents\vizitkykrkonoše.txt
2014-04-10 06:39 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 06:39 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 06:39 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 06:39 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 06:38 - 2014-03-13 07:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 06:38 - 2014-03-13 07:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 06:38 - 2014-03-13 07:10 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 06:38 - 2014-03-13 07:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 06:38 - 2014-03-13 07:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 06:38 - 2014-03-13 05:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-10 06:38 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 06:38 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 20:17 - 2014-04-08 20:17 - 00000000 ____D () C:\vlastni
2014-04-08 20:12 - 2014-04-08 21:42 - 00000000 ____D () C:\Users\Martin\Documents\My Albums
2014-04-08 19:42 - 2014-04-08 19:42 - 00000985 _____ () C:\Users\Public\Desktop\jAlbum.lnk
2014-04-08 19:41 - 2014-04-08 20:34 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\jAlbum
2014-04-08 19:41 - 2014-04-08 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jAlbum
2014-04-08 19:41 - 2014-04-08 19:42 - 00000000 ____D () C:\Program Files\jAlbum

==================== One Month Modified Files and Folders =======

2014-05-08 15:35 - 2014-05-08 15:34 - 00019457 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-05-08 15:34 - 2014-05-08 15:33 - 00000000 ____D () C:\FRST
2014-05-08 15:32 - 2014-05-08 15:32 - 01053184 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2014-05-08 15:32 - 2014-05-08 15:30 - 00000000 ____D () C:\Users\Martin\Desktop\scan
2014-05-08 15:31 - 2014-05-08 15:31 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2014-05-08 15:22 - 2013-07-03 20:43 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 14:56 - 2013-09-02 08:36 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 14:22 - 2013-07-03 20:43 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 09:10 - 2009-07-14 06:34 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 09:10 - 2009-07-14 06:34 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 09:07 - 2013-04-21 20:24 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Dropbox
2014-05-08 09:07 - 2013-02-13 03:46 - 01571394 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 09:06 - 2013-04-21 20:27 - 00000000 ___RD () C:\Users\Martin\Dropbox
2014-05-08 09:05 - 2014-04-18 07:05 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-05-08 09:05 - 2013-11-16 22:11 - 00000000 ____D () C:\ProgramData\PMS
2014-05-08 09:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 09:04 - 2009-07-14 06:39 - 00070226 _____ () C:\Windows\setupact.log
2014-05-06 21:20 - 2013-02-22 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGet
2014-05-06 21:20 - 2013-02-14 13:35 - 00000000 ____D () C:\GeoGet
2014-05-03 07:29 - 2014-05-03 07:29 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\DropboxMaster
2014-05-03 07:29 - 2013-04-21 20:27 - 00001021 _____ () C:\Users\Martin\Desktop\Dropbox.lnk
2014-05-03 07:29 - 2013-04-21 20:26 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-01 15:02 - 2014-05-08 15:07 - 00000426 _____ () C:\AVScanner.ini
2014-04-30 23:00 - 2014-04-30 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 22:58 - 2013-02-14 11:11 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\FileZilla
2014-04-29 14:47 - 2014-05-02 21:49 - 14357504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 14:25 - 2014-05-02 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:00 - 2014-02-12 10:46 - 00005182 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-04-29 14:00 - 2014-01-11 11:56 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-29 14:00 - 2014-01-11 11:56 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-29 09:22 - 2013-07-03 20:44 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-28 20:56 - 2013-02-12 22:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-28 20:56 - 2013-02-12 22:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-26 18:25 - 2014-04-26 18:25 - 00288406 _____ () C:\Users\Martin\Documents\hans_hagen.gwc
2014-04-26 18:24 - 2013-02-12 21:01 - 01593238 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 15:01 - 2014-04-25 15:01 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-25 15:01 - 2013-02-13 20:39 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe
2014-04-24 18:31 - 2014-04-24 18:31 - 00000000 ____D () C:\TempProjekty
2014-04-24 18:30 - 2014-04-24 18:30 - 00000989 _____ () C:\Users\Martin\Desktop\HTTrack Website Copier.lnk
2014-04-24 18:30 - 2014-04-24 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2014-04-24 18:30 - 2014-04-24 18:30 - 00000000 ____D () C:\Program Files\WinHTTrack
2014-04-19 10:57 - 2013-06-16 08:50 - 00000000 ____D () C:\Users\Martin\AppData\Local\GeoGet
2014-04-14 04:11 - 2014-04-30 08:20 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:07 - 2014-04-30 08:20 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 16:00 - 2014-01-18 17:35 - 00000000 ____D () C:\Users\Martin\Documents\Trasy1
2014-04-12 15:50 - 2013-07-06 17:22 - 00000000 ____D () C:\Users\Martin\Documents\Trasy
2014-04-12 15:45 - 2013-07-03 18:34 - 00000000 ____D () C:\Users\Martin\Documents\ezTour_Workspace
2014-04-12 15:42 - 2013-02-12 22:32 - 00102672 _____ () C:\Windows\PFRO.log
2014-04-11 06:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-10 21:49 - 2013-02-12 21:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 21:48 - 2013-07-10 22:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 21:47 - 2013-02-12 23:48 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 18:56 - 2014-04-10 18:56 - 00000286 _____ () C:\Users\Martin\Documents\vizitkykrkonoše.txt
2014-04-09 19:50 - 2013-11-30 22:22 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\VSO
2014-04-08 21:42 - 2014-04-08 20:12 - 00000000 ____D () C:\Users\Martin\Documents\My Albums
2014-04-08 20:34 - 2014-04-08 19:41 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\jAlbum
2014-04-08 20:17 - 2014-04-08 20:17 - 00000000 ____D () C:\vlastni
2014-04-08 19:42 - 2014-04-08 19:42 - 00000985 _____ () C:\Users\Public\Desktop\jAlbum.lnk
2014-04-08 19:42 - 2014-04-08 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jAlbum
2014-04-08 19:42 - 2014-04-08 19:41 - 00000000 ____D () C:\Program Files\jAlbum

Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjqlmc.dll
C:\Users\Martin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Martin\AppData\Local\Temp\sfareca00001.dll
C:\Users\Martin\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================

Light Image Resizer 4.0.4.3 (HKLM\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.0.4.3 - ObviousIdea)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin\Desktop" je 315 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-281361865-725414244-1054193005-1000\...\MountPoints2: {71bb2f7d-4dca-11e3-a47f-8c89a5817b67} - I:\vns_full.exe
SearchScopes: HKCU - DefaultScope {6523815D-EF18-4922-9901-AA034BC08233} URL = http://start.funmoods.com/results.php?f ... earchTerms}
SearchScopes: HKCU - {6523815D-EF18-4922-9901-AA034BC08233} URL = http://start.funmoods.com/results.php?f ... earchTerms}
FF Plugin: @microsoft.com/GENUINE - disabled No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
C:\Windows\Tasks\AutoKMS.job
C:\ProgramData\McAfee
C:\Users\Martin\AppData\Local\Temp
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[martinracek]

Tak nakonec koukám že to je nějak moc dlouhé tak přikládám v příloze

[Rudy]

Smazáno. Nastala nějaká změna?

[martinracek]

vypadá to že už by to mohlo být v pohodě díky

[Rudy]

Rádo se stalo!