Zdravím, máme menší problém se Zemanem na ploše. ESET si s ním jakž takž poradil, ale myslím že bude ještě potřeba dočistit.
Díky.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by marek (administrator) on NB-PETRASEK on 12-05-2014 17:08:24
Running from C:\Users\marek.SCREEN-PRINT\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(Egis Technology Inc. ) C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files\Acer ProShield\x86\EgisService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps.exe
(Egis Technology Inc. ) C:\Program Files\Acer ProShield\EgisTSR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(forum.viry.cz) C:\Users\marek.SCREEN-PRINT\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [961184 2011-08-02] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [798880 2011-08-02] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2697512 2011-02-17] (Synaptics Incorporated)
HKLM\...\Run: [ProShieldTSR] => C:\Program Files\Acer ProShield\EgisTSR.exe [165936 2011-06-04] (Egis Technology Inc. )
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1110096 2011-07-01] (Dritek System Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk
ShortcutTarget: qgh8zv8.lnk -> C:\PROGRA~3\299219~1\8vz8hgq.cpp (No File)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk
ShortcutTarget: qgh8zv8.lnk -> C:\PROGRA~3\299219~1\8vz8hgq.cpp (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
URLSearchHook: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
URLSearchHook: HKCU - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {8A237050-FE47-43F7-8A4B-543EEAFB03D2} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {8A237050-FE47-43F7-8A4B-543EEAFB03D2} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: EgisPBIE Sign-in Helper - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files\Acer ProShield\x86\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
DPF: HKLM-x32 {10B3A0AB-2FF7-45B4-BB50-D9ADA590EB5E} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient4.cab
DPF: HKLM-x32 {2C19D17C-ECFB-458D-95B0-456771C836F4} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient8.cab
DPF: HKLM-x32 {63B75E5F-9C2C-4101-B8FC-6BBC6389DCA7} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient5.cab
DPF: HKLM-x32 {8CE763DA-0B0F-42E2-8634-91AE02F5AAF8} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient6.cab
DPF: HKLM-x32 {A83E5F4F-FD76-498D-9196-349431421577} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient7.cab
DPF: HKLM-x32 {DB7ACFA2-9634-4C98-BC9D-FB9416153022} http://192.168.17.26/nvEPLMedia.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.17.2
FireFox:
========
FF ProfilePath: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default
FF DefaultSearchEngine: BS Player Customized Web Search
FF SelectedSearchEngine: BS Player Customized Web Search
FF Homepage: hxxp://search.conduit.com/?CUI=UN27284241795017106&ctid=CT1750559&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&octid=CT1750559&CUI=UN27284241795017106&UM=&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: BS Player ControlBar - C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2014-05-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files\Acer ProShield\FFExt
FF Extension: Online Accounts Extension - C:\Program Files\Acer ProShield\FFExt [2011-11-04]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files\Acer ProShield\FFExt20
FF Extension: Online Accounts Extension - C:\Program Files\Acer ProShield\FFExt20 [2011-11-04]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-12]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Dokumenty Google) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-19]
CHR Extension: (Disk Google) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-19]
CHR Extension: (YouTube) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19]
CHR Extension: (Vyhledávání Google) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19]
CHR Extension: (Skype Click to Call) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-25]
CHR Extension: (Peněženka Google) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
==================== Services (Whitelisted) =================
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 EgisTec Service; C:\Program Files\Acer ProShield\x86\EgisService.exe [195120 2011-06-04] (Egis Technology Inc. )
R2 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [212016 2011-06-04] (Egis Technology Inc. )
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S2 Winmgmt; C:\ProgramData\2992199F9A\kkin.faa [332544 2014-05-12] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2011-04-16] ()
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-16] (Marvell Semiconductor, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-12 17:08 - 2014-05-12 17:08 - 00021836 _____ () C:\Users\marek.SCREEN-PRINT\Desktop\FRST.txt
2014-05-12 17:07 - 2014-05-12 17:08 - 00000000 ____D () C:\FRST
2014-05-12 17:06 - 2014-05-12 17:06 - 02066944 _____ (Farbar) C:\Users\marek.SCREEN-PRINT\Desktop\FRST64.exe
2014-05-12 17:05 - 2014-05-12 17:05 - 00112640 _____ (forum.viry.cz) C:\Users\marek.SCREEN-PRINT\Desktop\FRSTLauncher.exe
2014-05-12 17:04 - 2014-05-12 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-12 17:04 - 2014-05-12 17:04 - 00000000 ____D () C:\ProgramData\ESET
2014-05-12 17:04 - 2014-05-12 17:04 - 00000000 ____D () C:\Program Files\ESET
2014-05-12 15:54 - 2014-05-12 15:54 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-10 09:19 - 2014-05-10 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-03 19:53 - 2014-05-03 21:12 - 920126976 _____ () C:\Users\marek.SCREEN-PRINT\Downloads\Potomci Lidí CZ dabing (2006) NOVINKA.avi
2014-04-30 00:52 - 2014-04-30 00:52 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-24 12:25 - 2014-04-24 12:25 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-24 12:25 - 2014-04-24 12:25 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-24 12:25 - 2014-04-24 12:25 - 00000000 ____D () C:\Users\marek.SCREEN-PRINT\AppData\Roaming\TeamViewer
2014-04-24 12:24 - 2014-04-24 12:24 - 06123992 _____ (TeamViewer GmbH) C:\Users\marek.SCREEN-PRINT\Downloads\TeamViewer_Setup_cs-ckq.exe
2014-04-17 20:13 - 2014-04-17 20:13 - 00000000 ____D () C:\Users\marek.SCREEN-PRINT\AppData\Local\Skype
2014-04-17 20:12 - 2014-04-17 20:12 - 00002731 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-17 20:12 - 2014-04-17 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-15 21:34 - 2014-04-15 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-04-15 21:34 - 2014-04-15 21:34 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-14 19:42 - 2014-04-14 20:55 - 1531439672 _____ () C:\Users\marek.SCREEN-PRINT\Downloads\Bony a klid CZ 1987 Komedie Drama DVDrip - Pro pamětníky.avi
==================== One Month Modified Files and Folders =======
2014-05-12 17:08 - 2014-05-12 17:08 - 00021836 _____ () C:\Users\marek.SCREEN-PRINT\Desktop\FRST.txt
2014-05-12 17:08 - 2014-05-12 17:07 - 00000000 ____D () C:\FRST
2014-05-12 17:07 - 2011-11-04 20:24 - 01845508 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 17:06 - 2014-05-12 17:06 - 02066944 _____ (Farbar) C:\Users\marek.SCREEN-PRINT\Desktop\FRST64.exe
2014-05-12 17:05 - 2014-05-12 17:05 - 00112640 _____ (forum.viry.cz) C:\Users\marek.SCREEN-PRINT\Desktop\FRSTLauncher.exe
2014-05-12 17:04 - 2014-05-12 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-12 17:04 - 2014-05-12 17:04 - 00000000 ____D () C:\ProgramData\ESET
2014-05-12 17:04 - 2014-05-12 17:04 - 00000000 ____D () C:\Program Files\ESET
2014-05-12 17:00 - 2012-03-15 17:40 - 00000392 _____ () C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
2014-05-12 16:52 - 2012-05-02 06:26 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 16:49 - 2013-12-17 22:38 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{19EFBD71-2E48-46C8-B2B8-92809C9818EA}
2014-05-12 16:49 - 2012-04-06 20:11 - 00000000 ____D () C:\Users\marek.SCREEN-PRINT\AppData\Local\CrashDumps
2014-05-12 16:48 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 16:48 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 16:46 - 2012-03-25 00:11 - 00000058 _____ () C:\Users\marek.SCREEN-PRINT\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-12 16:42 - 2013-01-19 13:02 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 16:40 - 2012-05-02 06:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 16:40 - 2012-03-19 10:57 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2014-05-12 16:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 16:40 - 2009-07-14 06:51 - 00089632 _____ () C:\Windows\setupact.log
2014-05-12 16:36 - 2012-03-22 19:49 - 00000000 ____D () C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Skype
2014-05-12 16:19 - 2013-01-19 13:02 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 15:54 - 2014-05-12 15:54 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-12 15:54 - 2012-03-19 11:02 - 00000000 ___RD () C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-12 13:05 - 2012-03-23 18:36 - 00000000 ____D () C:\Users\marek.SCREEN-PRINT\AppData\Local\StimulsoftReportsResources
2014-05-10 09:19 - 2014-05-10 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 07:14 - 2013-01-19 13:02 - 00003946 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 07:14 - 2013-01-19 13:02 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 07:51 - 2012-03-19 11:21 - 00002008 ____H () C:\Users\marek.SCREEN-PRINT\Documents\Default.rdp
2014-05-03 21:12 - 2014-05-03 19:53 - 920126976 _____ () C:\Users\marek.SCREEN-PRINT\Downloads\Potomci Lidí CZ dabing (2006) NOVINKA.avi
2014-04-30 00:52 - 2014-04-30 00:52 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-30 00:52 - 2012-05-02 06:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 00:52 - 2012-05-02 06:26 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 00:52 - 2011-08-19 12:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 07:45 - 2011-11-04 21:15 - 00638634 _____ () C:\Windows\system32\perfh005.dat
2014-04-29 07:45 - 2011-11-04 21:15 - 00124474 _____ () C:\Windows\system32\perfc005.dat
2014-04-29 07:45 - 2009-07-14 07:13 - 01475124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 07:40 - 2009-07-14 06:45 - 00431640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-25 06:33 - 2013-01-19 13:02 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-24 13:31 - 2011-08-19 12:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-24 12:27 - 2012-03-19 11:02 - 00111728 _____ () C:\Users\marek.SCREEN-PRINT\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 12:25 - 2014-04-24 12:25 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-24 12:25 - 2014-04-24 12:25 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-24 12:25 - 2014-04-24 12:25 - 00000000 ____D () C:\Users\marek.SCREEN-PRINT\AppData\Roaming\TeamViewer
2014-04-24 12:25 - 2012-11-08 12:10 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-24 12:24 - 2014-04-24 12:24 - 06123992 _____ (TeamViewer GmbH) C:\Users\marek.SCREEN-PRINT\Downloads\TeamViewer_Setup_cs-ckq.exe
2014-04-17 20:13 - 2014-04-17 20:13 - 00000000 ____D () C:\Users\marek.SCREEN-PRINT\AppData\Local\Skype
2014-04-17 20:13 - 2011-08-19 12:24 - 00000000 ____D () C:\ProgramData\Skype
2014-04-17 20:12 - 2014-04-17 20:12 - 00002731 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-17 20:12 - 2014-04-17 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-15 21:34 - 2014-04-15 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-04-15 21:34 - 2014-04-15 21:34 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-15 21:34 - 2012-03-23 19:59 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-04-15 21:34 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 20:55 - 2014-04-14 19:42 - 1531439672 _____ () C:\Users\marek.SCREEN-PRINT\Downloads\Bony a klid CZ 1987 Komedie Drama DVDrip - Pro pamětníky.avi
Some content of TEMP:
====================
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\ApplnchConfig.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\contentDATs.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\siinst.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SkypeSetup.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\strings.dll
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\TB_409A.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\marek.SCREEN-PRINT\Desktop" je 33 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Policejní virus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Policejní virus
- Přílohy
-
- Addition.rar
- (296 bajtů) Staženo 66 x
Re: Policejní virus
Zdravim a pekny podvecer preji
Vas log se studuje
a pracuje se na nem 
.
Prosim o strpeni!
Vas log se studuje
a pracuje se na nem .Prosim o strpeni!
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Policejní virus
Jste u toho PC primo, nebo to nekomu delate vzdalenou spravu?? Odinstalujte McAfee Security Scan"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Policejní virus
Zdravím Vyosku, dovolím si vstup - přes remote jsem tam byl já, margoman je z toho občas trochu zmatený 
Re: Policejní virus
Zdravim spideyx
Diky za objasneni, tak pokud si na to margoman netroufa sam, tak muze vyuzit sluzeb nasi vzdalene pomoci http://www.neslape.cz/ - je to sice placena sluzba, ale zase to ma bez prace, udelal bych mu cenu 
Ale samozrejme to muzeme poresit na foru
Diky za objasneni, tak pokud si na to margoman netroufa sam, tak muze vyuzit sluzeb nasi vzdalene pomoci http://www.neslape.cz/ - je to sice placena sluzba, ale zase to ma bez prace, udelal bych mu cenu Ale samozrejme to muzeme poresit na foru"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Policejní virus
McAfee odinstalován.
Zatím to zkusme takhle, spideyx pomáhá. Kdyby to nešlo, tak to budem řešit dál
Zatím to zkusme takhle, spideyx pomáhá. Kdyby to nešlo, tak to budem řešit dál
Re: Policejní virus
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk ShortcutTarget: kkin.lnk -> nikk.dll,work (No File) Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk ShortcutTarget: qgh8zv8.lnk -> C:\PROGRA~3\299219~1\8vz8hgq.cpp (No File) Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk ShortcutTarget: kkin.lnk -> nikk.dll,work (No File) Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk ShortcutTarget: qgh8zv8.lnk -> C:\PROGRA~3\299219~1\8vz8hgq.cpp (No File) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com URLSearchHook: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File URLSearchHook: HKCU - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {8A237050-FE47-43F7-8A4B-543EEAFB03D2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559 SearchScopes: HKCU - {8A237050-FE47-43F7-8A4B-543EEAFB03D2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559 BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File Toolbar: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File FF DefaultSearchEngine: BS Player Customized Web Search FF SelectedSearchEngine: BS Player Customized Web Search FF Homepage: hxxp://search.conduit.com/?CUI=UN272842 ... hSource=13 FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.as ... ource=2&q= FF SearchPlugin: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default\searchplugins\conduit.xml CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] DisableService: c2cautoupdatesvc DisableService: c2cpnrsvc S2 Winmgmt; C:\ProgramData\2992199F9A\kkin.faa [332544 2014-05-12] (Microsoft Corporation) C:\ProgramData\2992199F9A C:\Program Files\McAfee Security Scan 2014-05-12 17:06 - 2014-05-12 17:06 - 02066944 _____ (Farbar) C:\Users\marek.SCREEN-PRINT\Desktop\FRST64.exe 2014-05-12 17:05 - 2014-05-12 17:05 - 00112640 _____ (forum.viry.cz) C:\Users\marek.SCREEN-PRINT\Desktop\FRSTLauncher.exe C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\ApplnchConfig.exe C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\contentDATs.exe C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\siinst.exe C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SkypeSetup.exe C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\strings.dll C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\TB_409A.exe Hosts: End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Policejní virus
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01
Ran by Marek at 2014-05-15 16:24:28 Run:1
Running from C:\Users\marek.SCREEN-PRINT\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk
ShortcutTarget: qgh8zv8.lnk -> C:\PROGRA~3\299219~1\8vz8hgq.cpp (No File)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk
ShortcutTarget: qgh8zv8.lnk -> C:\PROGRA~3\299219~1\8vz8hgq.cpp (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
URLSearchHook: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
URLSearchHook: HKCU - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {8A237050-FE47-43F7-8A4B-543EEAFB03D2} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {8A237050-FE47-43F7-8A4B-543EEAFB03D2} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
Toolbar: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
FF DefaultSearchEngine: BS Player Customized Web Search
FF SelectedSearchEngine: BS Player Customized Web Search
FF Homepage: hxxp://search.conduit.com/?CUI=UN272842 ... hSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF SearchPlugin: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default\searchplugins\conduit.xml
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
DisableService: c2cautoupdatesvc
DisableService: c2cpnrsvc
S2 Winmgmt; C:\ProgramData\2992199F9A\kkin.faa [332544 2014-05-12] (Microsoft Corporation)
C:\ProgramData\2992199F9A
C:\Program Files\McAfee Security Scan
2014-05-12 17:06 - 2014-05-12 17:06 - 02066944 _____ (Farbar) C:\Users\marek.SCREEN-PRINT\Desktop\FRST64.exe
2014-05-12 17:05 - 2014-05-12 17:05 - 00112640 _____ (forum.viry.cz) C:\Users\marek.SCREEN-PRINT\Desktop\FRSTLauncher.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\ApplnchConfig.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\contentDATs.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\siinst.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SkypeSetup.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\strings.dll
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\TB_409A.exe
Hosts:
End
*****************
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe not found.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk => Moved successfully.
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File) not found.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk => Moved successfully.
C:\PROGRA~3\299219~1\8vz8hgq.cpp not found.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk not found.
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File) not found.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk not found.
C:\PROGRA~3\299219~1\8vz8hgq.cpp not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A237050-FE47-43F7-8A4B-543EEAFB03D2} => Key deleted successfully.
HKCR\CLSID\{8A237050-FE47-43F7-8A4B-543EEAFB03D2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Value deleted successfully.
HKCR\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default\searchplugins\conduit.xml => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
c2cautoupdatesvc service was disabled
c2cpnrsvc service was disabled
Winmgmt => Service restored successfully.
C:\ProgramData\2992199F9A => Moved successfully.
"C:\Program Files\McAfee Security Scan" => File/Directory not found.
C:\Users\marek.SCREEN-PRINT\Desktop\FRST64.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\ApplnchConfig.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\siinst.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\strings.dll => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\TB_409A.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
The system needed a reboot.
==== End of Fixlog ====
Ran by Marek at 2014-05-15 16:24:28 Run:1
Running from C:\Users\marek.SCREEN-PRINT\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk
ShortcutTarget: qgh8zv8.lnk -> C:\PROGRA~3\299219~1\8vz8hgq.cpp (No File)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File)
Startup: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk
ShortcutTarget: qgh8zv8.lnk -> C:\PROGRA~3\299219~1\8vz8hgq.cpp (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
URLSearchHook: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
URLSearchHook: HKCU - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {8A237050-FE47-43F7-8A4B-543EEAFB03D2} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {8A237050-FE47-43F7-8A4B-543EEAFB03D2} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
Toolbar: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
FF DefaultSearchEngine: BS Player Customized Web Search
FF SelectedSearchEngine: BS Player Customized Web Search
FF Homepage: hxxp://search.conduit.com/?CUI=UN272842 ... hSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF SearchPlugin: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default\searchplugins\conduit.xml
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
DisableService: c2cautoupdatesvc
DisableService: c2cpnrsvc
S2 Winmgmt; C:\ProgramData\2992199F9A\kkin.faa [332544 2014-05-12] (Microsoft Corporation)
C:\ProgramData\2992199F9A
C:\Program Files\McAfee Security Scan
2014-05-12 17:06 - 2014-05-12 17:06 - 02066944 _____ (Farbar) C:\Users\marek.SCREEN-PRINT\Desktop\FRST64.exe
2014-05-12 17:05 - 2014-05-12 17:05 - 00112640 _____ (forum.viry.cz) C:\Users\marek.SCREEN-PRINT\Desktop\FRSTLauncher.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\ApplnchConfig.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\contentDATs.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\siinst.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SkypeSetup.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\strings.dll
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\TB_409A.exe
Hosts:
End
*****************
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe not found.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk => Moved successfully.
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File) not found.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk => Moved successfully.
C:\PROGRA~3\299219~1\8vz8hgq.cpp not found.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkin.lnk not found.
ShortcutTarget: kkin.lnk -> nikk.dll,work (No File) not found.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qgh8zv8.lnk not found.
C:\PROGRA~3\299219~1\8vz8hgq.cpp not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A237050-FE47-43F7-8A4B-543EEAFB03D2} => Key deleted successfully.
HKCR\CLSID\{8A237050-FE47-43F7-8A4B-543EEAFB03D2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Value deleted successfully.
HKCR\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default\searchplugins\conduit.xml => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
c2cautoupdatesvc service was disabled
c2cpnrsvc service was disabled
Winmgmt => Service restored successfully.
C:\ProgramData\2992199F9A => Moved successfully.
"C:\Program Files\McAfee Security Scan" => File/Directory not found.
C:\Users\marek.SCREEN-PRINT\Desktop\FRST64.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\ApplnchConfig.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\siinst.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\strings.dll => Moved successfully.
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\TB_409A.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
The system needed a reboot.
==== End of Fixlog ====
Re: Policejní virus
Jak se chova PC???
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Policejní virus
Něco předtím provedl i ESET, ale chtěl jsem ať to Marek radši pročistí.
Při remote jsem žádné problémy nepozoroval, Mara taky nic nehlásí.
Při remote jsem žádné problémy nepozoroval, Mara taky nic nehlásí.
Re: Policejní virus
Tak jeste uklidime 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?