Policejní virus znova

Zpráva

#16 Příspěvek od **altrok** » 15 lis 2014 00:16

Jsem nova krev, ktera ma kazdou zmenu v mem topicu, nasynchronizovanou do telefonu, takze o vsem vim v radu nekolika minut a jako vysokoskolak mam dostatek casu se tomuto konicku venovat

Jen pozor, at nemate nastavenou napr. hibernaci po dvou hodinach ci neco podobneho, co by sken mohlo prerusit.

Rano poslete log a dokoncime to

Kachnacicek · #17 Příspěvek od **Kachnacicek** » 15 lis 2014 00:20

Paráda, velice záslužná práce, za všechny uživatele fóra děkuji!

#18 Příspěvek od **altrok** » 15 lis 2014 00:23

Nemate zac

Rano poslete log z MBAMu

Kachnacicek · #19 Příspěvek od **Kachnacicek** » 15 lis 2014 09:44

Dobré ráno, tak tady to je:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14.11.2014
Scan Time: 0:17:06
Logfile: MAM.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.14.10
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Petr

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 534647
Time Elapsed: 1 hr, 30 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 130
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{723c5374-2074-48cd-87b0-29f8bc614356}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{1b1c4b0d-2a22-4429-b8f2-47b24708a1c8}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{75BB9DCA-8C61-4530-BAB6-F3FFC2FAB3B2}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{7DB6B397-D9FC-4FD9-83E1-F095570B43F3}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{8663977E-01E4-4F5C-B343-4675834E8A9F}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{9CDF856F-42D8-4D42-94FC-C6C984923F96}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A135A71E-164F-49F2-BFA5-5F3DEEC49253}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{E59567B2-2035-4A62-8B1E-F27A426BBCA9}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BB9DCA-8C61-4530-BAB6-F3FFC2FAB3B2}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7DB6B397-D9FC-4FD9-83E1-F095570B43F3}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8663977E-01E4-4F5C-B343-4675834E8A9F}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9CDF856F-42D8-4D42-94FC-C6C984923F96}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A135A71E-164F-49F2-BFA5-5F3DEEC49253}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E59567B2-2035-4A62-8B1E-F27A426BBCA9}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1b1c4b0d-2a22-4429-b8f2-47b24708a1c8}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.SettingsPlugin.1, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.SettingsPlugin, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.SettingsPlugin, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.SettingsPlugin.1, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKU\S-1-5-21-3761197365-1669423621-406412778-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{723C5374-2074-48CD-87B0-29F8BC614356}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{723C5374-2074-48CD-87B0-29F8BC614356}, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OnlineMapFinder_9pbar Uninstall Internet Explorer, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1c6cd4b9-c965-4aa0-802e-71d3708ade10}, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{6f9ad55c-1bce-4a69-939d-1a94cd5e1db8}, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{7F7B3D8C-F4CE-4A1F-8BB4-B7E191D7D3AF}, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{BE6FA26E-397F-4462-8B44-35DA526A3F2F}, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{D2E0014A-4C61-4DEF-B7A4-CD16677961C7}, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7F7B3D8C-F4CE-4A1F-8BB4-B7E191D7D3AF}, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BE6FA26E-397F-4462-8B44-35DA526A3F2F}, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D2E0014A-4C61-4DEF-B7A4-CD16677961C7}, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6f9ad55c-1bce-4a69-939d-1a94cd5e1db8}, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.ToolbarProtector.1, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.ToolbarProtector, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.ToolbarProtector, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.ToolbarProtector.1, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{362d13c8-2644-4137-b21c-cc4c5f9021fe}, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{51e030f1-ee07-403b-9f1c-7f69c918cc6c}, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{8E782C42-DBA6-42EA-8777-78FC25EBE14A}, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{9A9559A7-A442-40AA-9218-DF9D63336F3C}, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{DFF6E03D-A978-4270-B2D8-0142897A8550}, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E782C42-DBA6-42EA-8777-78FC25EBE14A}, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9A9559A7-A442-40AA-9218-DF9D63336F3C}, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DFF6E03D-A978-4270-B2D8-0142897A8550}, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{51e030f1-ee07-403b-9f1c-7f69c918cc6c}, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{b021ffcf-c8d8-4b3d-bd24-0841eaa4df1e}, , [21919aa1d2aad5612510536a738e4fb1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{b85586b4-c048-4d01-af9b-e90c0155c75a}, , [21919aa1d2aad5612510536a738e4fb1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{BCB9F6A2-09CF-440E-A6A7-EDC1D50F9921}, , [21919aa1d2aad5612510536a738e4fb1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BCB9F6A2-09CF-440E-A6A7-EDC1D50F9921}, , [21919aa1d2aad5612510536a738e4fb1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{b85586b4-c048-4d01-af9b-e90c0155c75a}, , [21919aa1d2aad5612510536a738e4fb1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{20791338-cccd-4861-9b8a-eeb8e9f17c13}, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{e3c8490c-7c39-485c-92d0-d4eabdefbf66}, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{E9138516-84EF-4911-8133-0682F0D7E4AB}, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{EB8EFC4E-C662-4817-8E48-600B0A9BD1BA}, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E9138516-84EF-4911-8133-0682F0D7E4AB}, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EB8EFC4E-C662-4817-8E48-600B0A9BD1BA}, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{e3c8490c-7c39-485c-92d0-d4eabdefbf66}, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.FeedManager.1, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.FeedManager, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.FeedManager, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.FeedManager.1, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{567E880E-2956-4C85-AAD9-815F4DE91B0B}, , [aa0851eae29a3ef8f24346777091e818],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.HTMLMenu.1, , [aa0851eae29a3ef8f24346777091e818],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.HTMLMenu, , [aa0851eae29a3ef8f24346777091e818],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.HTMLMenu, , [aa0851eae29a3ef8f24346777091e818],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.HTMLMenu.1, , [aa0851eae29a3ef8f24346777091e818],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{567E880E-2956-4C85-AAD9-815F4DE91B0B}, , [aa0851eae29a3ef8f24346777091e818],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{92f2db89-80f1-46ad-a83c-e056b10d75b9}, , [5e54af8c601c280ef73e308d649d1fe1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{e496510f-5578-4d99-a2af-cf5cc818cb9e}, , [5e54af8c601c280ef73e308d649d1fe1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E9921A0-9EF1-426E-B37D-52A807A69B5F}, , [5e54af8c601c280ef73e308d649d1fe1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{8E092F32-2256-40F3-881B-553CCE9CA252}, , [5e54af8c601c280ef73e308d649d1fe1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E9921A0-9EF1-426E-B37D-52A807A69B5F}, , [5e54af8c601c280ef73e308d649d1fe1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E092F32-2256-40F3-881B-553CCE9CA252}, , [5e54af8c601c280ef73e308d649d1fe1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{e496510f-5578-4d99-a2af-cf5cc818cb9e}, , [5e54af8c601c280ef73e308d649d1fe1],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cf17265b-a9e4-4306-9d4f-e77ff52c3b76}, , [634f6dce08741323cf66e3daff0227d9],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.MultipleButton.1, , [634f6dce08741323cf66e3daff0227d9],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.MultipleButton, , [634f6dce08741323cf66e3daff0227d9],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.MultipleButton, , [634f6dce08741323cf66e3daff0227d9],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.MultipleButton.1, , [634f6dce08741323cf66e3daff0227d9],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{43580f65-cb67-43d0-b094-9c9cd04954da}, , [f1c11e1d3943c472e94c9726bc450af6],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.ScriptButton.1, , [f1c11e1d3943c472e94c9726bc450af6],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.ScriptButton, , [f1c11e1d3943c472e94c9726bc450af6],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.ScriptButton, , [f1c11e1d3943c472e94c9726bc450af6],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.ScriptButton.1, , [f1c11e1d3943c472e94c9726bc450af6],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0ffda7cd-9969-4290-9def-d974299d6513}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{e65b6c42-3b93-4279-8117-10172692fe83}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{0CCD06F1-9AC4-4149-BFC2-C52850CFAD05}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{787E8797-5B60-4670-A6E1-3A1F42F85BDB}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{BF663D28-83EA-48AC-9929-5377CC286C38}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{EFBCA5BB-E701-4421-B719-5D5562D8E825}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0CCD06F1-9AC4-4149-BFC2-C52850CFAD05}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{787E8797-5B60-4670-A6E1-3A1F42F85BDB}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BF663D28-83EA-48AC-9929-5377CC286C38}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EFBCA5BB-E701-4421-B719-5D5562D8E825}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{e65b6c42-3b93-4279-8117-10172692fe83}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8cb29ad2-ca79-46e5-865c-8d56b2bce662}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8CB29AD2-CA79-46E5-865C-8D56B2BCE662}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ddc2e15c-8ee0-4cb5-8660-d5f3f5449468}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.PseudoTransparentPlugin.1, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.PseudoTransparentPlugin, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.PseudoTransparentPlugin, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.PseudoTransparentPlugin.1, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DDC2E15C-8EE0-4CB5-8660-D5F3F5449468}, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{667b70a0-66eb-47b2-992d-48e0a09a1bf6}, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{251a849e-0172-4be9-8dec-34b5eb12d3b3}, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA641423-6B7E-4BE8-88C4-C746DF4DA3C5}, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{D43FF045-355C-4E76-B49E-21246D837EB7}, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA641423-6B7E-4BE8-88C4-C746DF4DA3C5}, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D43FF045-355C-4E76-B49E-21246D837EB7}, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{251a849e-0172-4be9-8dec-34b5eb12d3b3}, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.HTMLPanel.1, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.HTMLPanel, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.HTMLPanel, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.HTMLPanel.1, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{667B70A0-66EB-47B2-992D-48E0A09A1BF6}, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\OnlineMapFinder_9p, , [d6dc7bc09be13df9098a495833d1d030],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3761197365-1669423621-406412778-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\OnlineMapFinder_9p, , [02b00b30126a9e98177d9908f1134ab6],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3761197365-1669423621-406412778-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\OnlineMapFinder_9p, , [dbd7ad8ef3891f173d6d7dd84cb717e9],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3761197365-1669423621-406412778-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\OnlineMapFinder_9p, , [b9f93704e79541f53a70cb8a70937789],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f6ff115d-457d-4522-9bc2-86a49212e7ad}, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{301de3c5-8b01-4327-b60f-881b95c42c64}, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{05761199-5D9F-46F2-87EB-94C213147BC4}, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B941AC3D-C665-4F4D-A182-CA3139AD4B48}, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{05761199-5D9F-46F2-87EB-94C213147BC4}, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B941AC3D-C665-4F4D-A182-CA3139AD4B48}, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{301de3c5-8b01-4327-b60f-881b95c42c64}, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.ThirdPartyInstaller.1, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\OnlineMapFinder_9p.ThirdPartyInstaller, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.ThirdPartyInstaller, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OnlineMapFinder_9p.ThirdPartyInstaller.1, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F6FF115D-457D-4522-9BC2-86A49212E7AD}, , [6d45ba811d5f71c54919e72648bb9e62],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 15
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists\ie_default_search_provider, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists\ie_enable, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\chrome, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\ThirdPartyInstallers, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\assists, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\gen1, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\Message, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\Settings, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Users\Petr\AppData\LocalLow\OnlineMapFinder_9p, , [278b3dfe661657dfbe19ed2758ab728e],
PUP.Optional.MindSpark.A, C:\Users\Petr\AppData\LocalLow\OnlineMapFinder_9p\bar, , [278b3dfe661657dfbe19ed2758ab728e],
PUP.Optional.MindSpark.A, C:\Users\Petr\AppData\LocalLow\OnlineMapFinder_9p\bar\Settings, , [278b3dfe661657dfbe19ed2758ab728e],

Files: 66
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbar.dll, , [872bc07ba7d5e84ebd783489df22e51b],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbprtct.dll, , [9f13f14a4d2ffd39132228954eb39868],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pdatact.dll, , [7a382219d0ac44f2d065cbf23dc4c23e],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pdlghk.dll, , [21919aa1d2aad5612510536a738e4fb1],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pdlghk64.dll, , [31812912552721152d08ab12f809629e],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pfeedmg.dll, , [3280b18aa1db0f272312f8c5f60bc040],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9phighin.exe, , [496955e6750764d2a98cc5f861a0fe02],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9phkstub.dll, , [634f2c0f7507ba7ca39215a811f0c040],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9phtmlmu.dll, , [aa0851eae29a3ef8f24346777091e818],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9phttpct.dll, , [5e54af8c601c280ef73e308d649d1fe1],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pidle.dll, , [991950ebabd178be0134f3cad0314bb5],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pmedint.exe, , [f3bf7fbcdd9f94a2a0952b92b44d04fc],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pmlbtn.dll, , [634f6dce08741323cf66e3daff0227d9],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pPlugin.dll, , [872be8539ddfe05687aed7e6d1307987],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9preghk.dll, , [b9f9f14a027a55e1b87d15a8f60b02fe],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pregiet.dll, , [5f539f9c5d1f6fc7d95c8b3289785aa6],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pscript.dll, , [f1c11e1d3943c472e94c9726bc450af6],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pskin.dll, , [8f231823c4b832042e07ab1241c0e917],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pskplay.exe, , [baf8003b611bca6cc471cfee41c0d927],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll, , [436fa695cdaf69cd9b9ae2dbfa071ee2],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrchMn.exe, , [cae8182389f32214ba7b6756d22f16ea],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9psrchmr.dll, , [3a7855e6bac22d093cf94b724fb215eb],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\APPINTEGRATORSTUB.DLL, , [248ed8638cf065d16fc69429bd441de3],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\AppIntegratorStub64.dll, , [b9f90932f5874de90332e0ddb948ab55],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\ASSISTMONITOR.DLL, , [a0123dfe89f3da5cfe3777466899b14f],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\ASSISTMONITOR64.DLL, , [961c35063d3f66d08baa3984ba47dc24],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\CREXT.DLL, , [842e46f5cab2f145bf76704d44bd35cb],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\CrExtP9p.exe, , [6151300b03794beba392b90451b07090],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\DPNMNGR.DLL, , [7c362e0d0d6f63d3dd58ba0326dbc43c],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\FF-NativeMessagingDispatcher.dll, , [07ab033865174ee8ed4884391ae75da3],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\HKFXMGR.DLL, , [476b5fdc84f8d363a095fdc0a55c9967],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\HKFXMGR64.DLL, , [5d5541fa5329ec4ace67efceb24f8e72],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\HPG.DLL, , [189add5e413b40f6d85dead3c04129d7],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\Hpg64.dll, , [fbb7e556f18bf4429c999a2343bef709],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\T8EPMSUP.DLL, , [0da5ad8e304cec4a40f54a73f40d0af6],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\T8EXTEX.DLL, , [b4fe74c7cdaf072ff3422f8efd04f10f],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\T8EXTPEX.DLL, , [0ba775c6adcf64d21b1aaf0e4bb633cd],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\T8HTML.DLL, , [258d300b5a221c1a77be4d70c33ece32],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\T8RES.DLL, , [7042af8c215b48eeea4b516ca65b7987],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\T8TICKER.DLL, , [169ca7942953f34395a08934cd34a15f],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\TOOLBARGUARD.DLL, , [69491e1d2b5137ffb97c8538b051c63a],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\TOOLBARGUARD64.DLL, , [40720833730994a22015a914fe03df21],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\VERIFY.DLL, , [c9e99e9db5c7ef473500aa13fd048977],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL, , [575b89b27dff5bdbea4b0cb147ba1de3],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL, , [f1c13b000e6eb680013414a902ff3bc5],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE, , [01b195a6c3b93ff7d85d3f7e0df4ac54],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists\ie_enable\ARBITER.DLL, , [3b7708335c202d09092ca51849b847b9],
PUP.Optional.MindSpark, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists\ie_enable\ARBITER64.DLL, , [c5edf843ee8e06304de8348919e839c7],
Trojan.Reveton, C:\_OTM\MovedFiles\11142014_213213\C_PROGRA~3\3330BE86.cpp, , [852d2d0e91ebe551126736ad04fd0ff1],
PUP.Optional.Inbox, E:\Program Files\Inbox Toolbar\Inbox.dll, , [d4de72c93745023480d953cf758ce41c],
PUP.Optional.Inbox, E:\Program Files\Inbox Toolbar\Inbox.exe, , [a30fe2590973ed4923360e14f908e818],
PUP.MailPassView, E:\Program Files\NirSoft\Mail PassView\mailpv.exe, , [733fd566e399c07607e55ff721e4916f],
PUP.Optional.AudioToAudioToolBar.A, E:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe, , [496990ab710b9c9a9e4ca68f8e7206fa],
PUP.Optional.MindSpark.A, E:\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL, , [ecc656e50b715bdb96311339c63a41bf],
PUP.Optional.MindSpark.A, E:\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL, , [3c7636052359ba7c735c89ee7590e21e],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9ptpinst.dll, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\BOOTSTRAP.JS, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\installKeys.js, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\LOGO.BMP, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\TPIMANAGERCONSOLE.EXE, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\assists\ie_enable\CONFIG.XML, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\assists\COMMON.T8S, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\gen1\COMMON.T8S, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\Message\COMMON.T8S, , [6d45ba811d5f71c54919e72648bb9e62],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\OnlineMapFinder_9p\bar\Settings\s_pid.dat, , [6d45ba811d5f71c54919e72648bb9e62],

Physical Sectors: 0
(No malicious items detected)

(end)

#20 Příspěvek od **altrok** » 15 lis 2014 11:30

Dobre dopoledne. Vsechny nalezy krome ... presunte do karanteny/smazte

Kód: Vybrat vše

Trojan.Reveton, C:\_OTM\MovedFiles\11142014_213213\C_PROGRA~3\3330BE86.cpp, , [852d2d0e91ebe551126736ad04fd0ff1],

Soubor C:\_OTM\MovedFiles\11142014_213213\C_PROGRA~3\3330BE86.cpp Vas poprosim zabalit do archivu, klidne zaheslovat a uploadnout nekam na net (ulozto, leteckaposta.cz...), at se na Zemana taky muzu podivat. Nespoustejte ho!

Dejte pak novy log z FRST. Vsechny stity (AV, FW) nechte zapnute.

Kachnacicek · #21 Příspěvek od **Kachnacicek** » 15 lis 2014 11:47

Sakra, už jsem ho přesunul spolu se zbytek do karantény, jde z ní nějak dostat?

E:/ Už sem na to přišel, vteřinku

E2:/ tady to je, mělo by být bez hesla: http://leteckaposta.cz/818681436

#22 Příspěvek od **altrok** » 15 lis 2014 12:00

Pozor, at soubor nespustite!

Spustte MBAM 2.0
Nahore zalozka Historie
vlevo polozka Karantena
vyberte polozku C:\_OTM\MovedFiles\11142014_213213\C_PROGRA~3\3330BE86.cpp
klik na Obnovit

Dejte pak novy FRST log (pri druhem a dalsim spusteni musite rucne zatrhnout moznost Addition.txt)

Kachnacicek · #23 Příspěvek od **Kachnacicek** » 15 lis 2014 12:04

Máte ho na letecké poště, odkaz výše.

Log zde, FRST soubor. Kdyžtak dodám addition jestli je potřeba:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Petr (administrator) on PETR-PC on 14-11-2014 12:02:44
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr & UpdatusUser (Available profiles: Petr & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\vsnp325.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Windows\FixCamera.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Petr\Desktop\frstlauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [snp325] => C:\Windows\vsnp325.exe [835584 2007-05-10] ()
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKU\S-1-5-21-3761197365-1669423621-406412778-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3761197365-1669423621-406412778-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.240.163.170 62.204.224.2

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3761197365-1669423621-406412778-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Petr\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-12]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.seznam.cz/?clid=22668"
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-05]
CHR Extension: (Peněženka Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10733184 2007-11-22] (Sonix Co. Ltd.)
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 22:51 - 2014-11-14 09:38 - 00022670 _____ () C:\Windows\PFRO.log
2014-11-14 22:49 - 2014-11-14 22:50 - 00000000 ____D () C:\AdwCleaner
2014-11-14 22:49 - 2014-11-14 22:49 - 02140160 _____ () C:\Users\Petr\Downloads\adwcleaner_4.101.exe
2014-11-14 22:37 - 2014-11-14 12:02 - 00029696 _____ () C:\Users\Petr\AppData\Local\MSGBOX.EXE
2014-11-14 22:10 - 2014-11-14 22:10 - 02116608 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2014-11-14 22:10 - 2014-11-14 12:02 - 00000000 ____D () C:\FRST
2014-11-14 22:05 - 2014-11-14 22:05 - 00000000 __SHD () C:\Users\Petr\AppData\Local\EmieBrowserModeList
2014-11-14 21:32 - 2014-11-14 21:32 - 00000000 ____D () C:\_OTM
2014-11-14 20:49 - 2014-11-14 21:38 - 00000000 ____D () C:\Program Files\trend micro
2014-11-14 20:49 - 2014-11-14 20:53 - 00000000 ____D () C:\rsit
2014-11-14 20:48 - 2014-11-14 20:48 - 01222144 _____ () C:\Users\Petr\Downloads\RSITx64.exe
2014-11-14 19:14 - 2014-11-14 20:33 - 00000000 ____D () C:\NPE
2014-11-14 19:09 - 2014-11-14 20:44 - 00000000 ____D () C:\Users\Petr\AppData\Local\NPE
2014-11-14 19:09 - 2014-11-14 19:10 - 00000000 ____D () C:\ProgramData\Norton
2014-11-14 19:09 - 2014-11-14 19:09 - 03082384 ____N (Symantec Corporation) C:\Users\Petr\Downloads\NPE.exe
2014-11-14 19:06 - 2014-11-14 19:06 - 00000000 ____D () C:\Windows\pss
2014-11-14 12:02 - 2014-11-14 12:02 - 00015327 _____ () C:\Users\Petr\Desktop\LM.bat
2014-11-14 12:02 - 2014-11-14 12:02 - 00007322 _____ () C:\Users\Petr\Desktop\FRST.txt
2014-11-14 12:01 - 2014-11-14 12:01 - 00112640 _____ (forum.viry.cz) C:\Users\Petr\Desktop\frstlauncher.exe
2014-11-14 09:42 - 2014-11-14 11:47 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 09:42 - 2014-11-14 09:47 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 09:40 - 2014-11-14 09:40 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Šablony
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Soubory cookie
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Poslední
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Okolní tiskárny
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Okolní síť
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Nabídka Start
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Dokumenty
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Documents\Obrázky
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Documents\Hudba
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Documents\Filmy
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\Data aplikací
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Data aplikací
2014-11-14 09:40 - 2014-11-14 09:40 - 00000000 ____D () C:\Users\TEMP
2014-11-14 09:40 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 09:40 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 09:37 - 2014-11-14 09:37 - 00030088 _____ () C:\Users\Petr\Desktop\MAM.txt
2014-11-14 00:16 - 2014-11-14 11:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 00:15 - 2014-11-14 00:15 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-14 00:15 - 2014-11-14 00:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-14 00:15 - 2014-11-14 00:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-14 00:15 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-14 00:15 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-14 00:15 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-14 00:14 - 2014-11-14 00:15 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Petr\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-12 08:15 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 08:15 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 08:15 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 08:15 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 08:15 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 08:15 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 08:15 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 08:15 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 08:15 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 08:15 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 08:15 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 08:15 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 08:15 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 08:15 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 08:15 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 08:15 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 08:15 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 08:15 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 08:15 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 08:15 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 08:15 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 08:15 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 08:15 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 08:15 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 08:15 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 08:15 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:15 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 08:15 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 08:15 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 08:15 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 08:15 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 08:15 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 08:15 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 08:15 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 08:15 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 08:15 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 08:15 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:15 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 08:15 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 08:15 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 08:15 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 08:15 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 08:15 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 08:15 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 08:15 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 08:15 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 08:15 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 08:15 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 08:15 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 08:15 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 08:15 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 08:15 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 08:15 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 08:15 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 08:15 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 08:15 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 08:15 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 08:15 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 08:15 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 08:15 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 08:15 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 08:15 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 08:15 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 08:15 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 08:15 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 08:15 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 08:15 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 08:15 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 08:14 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 08:14 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 08:14 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 08:14 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 08:14 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 08:14 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 08:14 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 08:14 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:14 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 08:14 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 08:14 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 08:14 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 08:14 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 08:14 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 08:14 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 08:14 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 08:14 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 08:14 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 08:14 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 08:14 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 08:14 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 08:14 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 08:14 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 08:14 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 08:14 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 08:14 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 08:14 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 08:14 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 08:14 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 08:14 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 08:14 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 08:14 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 08:14 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 08:14 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:14 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-10 10:05 - 2014-11-10 10:05 - 00110504 _____ () C:\Users\Petr\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-10 07:26 - 2014-11-14 09:38 - 00001776 _____ () C:\Windows\setupact.log
2014-11-10 07:26 - 2014-11-12 15:43 - 00413256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-10 07:26 - 2014-11-10 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-22 14:37 - 2014-10-22 14:37 - 00001202 _____ () C:\Users\Petr\Downloads\DPHDP3-0025943642-20141022-153730.xml
2014-10-22 14:37 - 2014-10-22 14:37 - 00001026 _____ () C:\Users\Petr\Downloads\DPHDP3-0025943642-20141022-152849-pracovni.xml
2014-10-16 10:00 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 10:00 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 10:00 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 10:00 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 10:00 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 10:00 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 09:59 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 09:59 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:59 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 09:59 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 09:59 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 09:59 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 09:59 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:59 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:59 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 09:59 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 09:59 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 09:59 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 09:59 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 09:53 - 2014-10-16 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 21:46 - 2013-09-12 23:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-14 21:30 - 2014-07-25 19:45 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-14 19:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-14 11:56 - 2013-09-18 13:04 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Skype
2014-11-14 11:52 - 2013-10-01 18:00 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 09:46 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 09:46 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 09:43 - 2011-04-12 09:34 - 00668542 _____ () C:\Windows\system32\perfh005.dat
2014-11-14 09:43 - 2011-04-12 09:34 - 00141202 _____ () C:\Windows\system32\perfc005.dat
2014-11-14 09:43 - 2009-07-14 06:13 - 01583226 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 09:42 - 2014-08-07 16:25 - 01652223 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 09:42 - 2013-09-12 18:05 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 09:42 - 2013-09-12 18:05 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 09:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 16:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 15:41 - 2014-05-06 19:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 13:15 - 2013-09-17 20:21 - 00000000 ____D () C:\Users\Petr\Documents\Outlook
2014-11-12 12:52 - 2013-10-01 18:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 12:52 - 2013-10-01 18:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 12:52 - 2013-10-01 18:00 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 14:55 - 2014-02-02 17:53 - 00000000 ____D () C:\Users\Petr\Desktop\PENSION PRACOVNÍ
2014-11-09 16:19 - 2013-10-04 13:10 - 00000000 ____D () C:\Users\Petr\Documents\honza
2014-11-09 09:25 - 2014-06-30 13:03 - 00002171 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-03 18:09 - 2013-10-12 15:03 - 00921624 _____ () C:\img2-001.raw
2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-16 09:53 - 2013-09-18 13:04 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-16 09:53 - 2013-09-18 13:04 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Petr\AppData\Local\Temp\Quarantine.exe
C:\Users\Petr\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 08:50

==================== End Of Log ============================

#24 Příspěvek od **altrok** » 15 lis 2014 12:09

Za vzorek dekuji... po obede prozkoumam

Dejte i Addition.txt

Kachnacicek · #25 Příspěvek od **Kachnacicek** » 15 lis 2014 12:12

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Petr at 2014-11-14 12:03:15
Running from C:\Users\Petr\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

325 USB PC Camera (HKLM-x32\...\{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}) (Version: 0.6.0.001 - Sonix)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Aktualizace NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Malwarebytes Anti-Malware verze 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NVIDIA Ovladače grafiky 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
Ovládací panel NVIDIA 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Unity Web Player (HKU\S-1-5-21-3761197365-1669423621-406412778-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

28-10-2014 07:03:43 Windows Update
31-10-2014 07:33:28 Windows Update
04-11-2014 07:32:39 Windows Update
07-11-2014 08:07:24 Windows Update
11-11-2014 08:41:47 Windows Update
12-11-2014 15:29:25 Windows Update
14-11-2014 20:30:21 Removed Skype Click to Call

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-14 22:37 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {25756B1B-042D-46F4-8831-C565B8B29535} - System32\Tasks\{46EFE624-7479-4367-888B-DC2DDEC09257} => Iexplore.exe http://ui.skype.com/ui/0/6.16.0.105/cs/ ... age=tsMain
Task: {32982B74-126F-4C6A-9CB9-CFFC6A7DF556} - System32\Tasks\{69850C83-440A-4574-B4B1-2F096A3D03F4} => C:\Users\Petr\Desktop\AdbeRdr11006_en_US.exe
Task: {3E989801-E155-4612-A09C-DAD4F89ED53B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3761197365-1669423621-406412778-1000
Task: {781344A5-D65B-4203-A1A5-BCB86EBE1EB1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
Task: {7CE11444-D452-4561-B294-A4E75268BA03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {9F1EBDB1-D73D-4BD0-A39B-7BD290C41F4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {E5FC9340-F59A-469F-81D9-71408C4B1792} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {FC4D1D60-B54C-42D8-9274-06364ECF31CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {FDAEAC68-B943-47EB-A289-437B2B6DCC98} - System32\Tasks\{B8841227-FB1C-418D-97EC-159FCCDC6A99} => Chrome.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-12 23:50 - 2013-01-31 10:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-18 12:58 - 2007-05-10 12:18 - 00835584 _____ () C:\Windows\vsnp325.exe
2013-09-18 12:58 - 2007-07-11 15:09 - 00020480 _____ () C:\Windows\FixCamera.exe
2014-08-04 17:46 - 2014-08-04 17:46 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-14 19:09 - 2014-11-14 19:09 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14111400\algo.dll
2014-08-04 17:46 - 2014-08-04 17:46 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-29 15:05 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 15:05 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 15:05 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 15:05 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: tsnp325 => C:\Windows\tsnp325.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3761197365-1669423621-406412778-500 - Administrator - Disabled)
Guest (S-1-5-21-3761197365-1669423621-406412778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3761197365-1669423621-406412778-1002 - Limited - Enabled)
Petr (S-1-5-21-3761197365-1669423621-406412778-1000 - Administrator - Enabled) => C:\Users\Petr
UpdatusUser (S-1-5-21-3761197365-1669423621-406412778-1004 - Limited - Enabled) => C:\Users\TEMP

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 09:40:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Petr-PC)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.

Error: (11/14/2014 09:40:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Petr-PC)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.

Error: (11/14/2014 09:40:52 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Petr-PC)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Error: (11/14/2014 09:40:52 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\UpdatusUser\ntuser.dat

Error: (11/14/2014 09:40:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 10:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 10:39:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 08:51:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program RSITx64.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: ebc

Čas spuštění: 01d0004412a4f6d4

Čas ukončení: 0

Cesta k aplikaci: C:\Users\Petr\Downloads\RSITx64.exe

ID hlášení:

Error: (11/12/2014 08:08:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 09:39:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/14/2014 09:38:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
aswKbd

Error: (11/14/2014 09:38:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba avast! Firewall neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/14/2014 10:51:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
aswKbd

Error: (11/14/2014 10:51:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba avast! Firewall neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/14/2014 10:38:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
aswKbd

Error: (11/14/2014 10:38:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba avast! Firewall neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/14/2014 10:38:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (11/14/2014 10:38:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
%%1056

Error: (11/14/2014 10:37:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/14/2014 10:37:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento stav nastal již 1krát.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 280 Processor
Percentage of memory in use: 34%
Total physical RAM: 4094.12 MB
Available physical RAM: 2672.97 MB
Total Pagefile: 8186.41 MB
Available Pagefile: 6509.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:878.02 GB) NTFS
Drive d: (Ubuntu 12.10 amd) (CDROM) (Total:0.75 GB) (Free:0 GB) CDFS
Drive e: () (Fixed) (Total:149.04 GB) (Free:102.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: E425E425)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 27E0F948)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Na Zemana koukněte, dobrou chuť k obědu.

#26 Příspěvek od **altrok** » 15 lis 2014 12:36

Dekuji, obed byl velice smakovni

Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7

Otestujte na virustotal.com C:\Users\Petr\Desktop\AdbeRdr11006_en_US.exe

Jeste doporucim odinstalovat Google Toolbar

Jen zkontrolujte, ze mate zapnuty firewall... start -> ovladaci panely -> centrum akci

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-11-14 22:37 - 2014-11-14 12:02 - 00029696 _____ () C:\Users\Petr\AppData\Local\MSGBOX.EXE
Hosts:
EmptyTemp:
End

Kachnacicek · #27 Příspěvek od **Kachnacicek** » 15 lis 2014 12:54

To jste udělal dobře, copak jste měl dobrého?

Toolbar odinstalován, defender vypnut, firewall zapnut. Jen sem nenašel onen soubor na ploše

Log zde:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Petr at 2014-11-14 12:50:30 Run:2
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr & UpdatusUser (Available profiles: Petr & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-11-14 22:37 - 2014-11-14 12:02 - 00029696 _____ () C:\Users\Petr\AppData\Local\MSGBOX.EXE
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Users\Petr\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 35.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#28 Příspěvek od **altrok** » 15 lis 2014 12:58

Knedlo, vepro, zelo... pekne jen z domacich surovin... jak to dneska leti.. tzv BIO produkt

to aby se mi pred fotbalem dobre behalo

Soubor na plose neresme

Vydirajici Zeman zazehnan, tak jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Kachnacicek · #29 Příspěvek od **Kachnacicek** » 15 lis 2014 13:09

Tak to jste si pošmakoval

Bude to všechno, jen se ještě zeptám, můžu odinstalovat MAM?

Děkuji moc za vše, hezkou sobotu

#30 Příspěvek od **altrok** » 15 lis 2014 13:12

MBAM muzete odinstalovat nebo i ponechat (zde ho vyuzivame prave jako jednorazovy sken)... s nicim v PC by kolidovat nemel.

Nemate zac, rad jsem pomohl

Preju Vam prijemny prodlouzeny vikend... mejte se a treba zase nekdy

VIRY.CZ

Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova