Prosim o kontrolu

[Barthez01]

Zdravím,
prosím o kontrolu hlavně kvůli hlášení z Kaspersky Internet Security:

"Hlavní skript analýzy
Microsoft Windows, verze: Windows 7 Professional, Build=7601, SP="Service Pack 1"
Obnovení systému: povoleno
>>> C:\Windows\system32\explorer.exe Heuristická analýza systému: podezření na Soubor s podezřelým názvem (vysoký stupeň pravděpodobnosti)
>>> C:\Windows\system32\user.exe Heuristická analýza systému: podezření na Soubor s podezřelým názvem (CH) (vysoký stupeň pravděpodobnosti)
>> Služby: je povolena služba, kterou lze zločinným způsobem použít k poškození počítače nebo detekci osobních dat TermService (Vzdálená plocha)
>> Služby: je povolena služba, kterou lze zločinným způsobem použít k poškození počítače nebo detekci osobních dat SSDPSRV (SSDP Discovery)
>> Služby: je povolena služba, kterou lze zločinným způsobem použít k poškození počítače nebo detekci osobních dat Schedule (Plánovač úloh)
> Služby: sada služeb závisí na tom, kde se počítač používá (doma, ve firemní síti nebo jinde)!"



Logfile of random's system information tool 1.10 (written by random/random)
Run by Uživatel at 2014-11-21 06:58:08
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 14 GB (27%) free of 50 GB
Total RAM: 8181 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:58:18, on 21.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNABFSWK.EXE
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Program Files\trend micro\Uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O9 - Extra button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7701 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe" -r
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE"
"C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNABFSWK.EXE !hide Canon LBP6020
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe" -hidden /prefetch:1
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3484.162f18e0.459620096 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3484 "\\.\pipe\gecko-crash-server-pipe.3484" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe" --proxy-stub-channel=Flash2128.66D0E980.13906 --host-broker-channel=Flash2128.66D0E980.15584 --host-pid=2128 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe" --channel=3420.0026F4B4.951385129 --proxy-stub-channel=Flash2128.66D0E980.13906 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll" --host-npapi-version=27 --type=renderer
"C:\Users\Uživatel\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\t6ybe59w.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07 209504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-10-07 800448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-07 1499968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-10-07 550080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-10-07 996544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07 176736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-10-07 655040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-07 1238336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-10-07 455360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-10-07 798912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07 6133848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07 4439128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 165912]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 363544]
"CNAP2 Launcher"=C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2010-10-14 226784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2014-07-25 1562264]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2014-07-25 311616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 261120]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-21 06:58:09 ----D---- C:\Program Files\trend micro
2014-11-21 06:58:08 ----D---- C:\rsit
2014-11-19 06:39:06 ----A---- C:\Windows\SYSWOW64\pku2u.dll
2014-11-19 06:39:06 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-19 06:39:06 ----A---- C:\Windows\system32\pku2u.dll
2014-11-19 06:39:06 ----A---- C:\Windows\system32\kerberos.dll
2014-11-12 11:32:43 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-11-12 11:32:43 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-11-12 11:32:43 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2014-11-12 11:32:43 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2014-11-12 11:32:43 ----A---- C:\Windows\system32\termsrv.dll
2014-11-12 11:32:43 ----A---- C:\Windows\system32\msaudite.dll
2014-11-12 11:32:43 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-12 11:32:43 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-11-12 11:32:43 ----A---- C:\Windows\system32\adtschema.dll
2014-11-12 11:32:38 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-11-12 11:32:38 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-11-12 11:32:38 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-11-12 11:32:38 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-11-12 11:32:38 ----A---- C:\Windows\system32\iernonce.dll
2014-11-12 11:32:38 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-11-12 11:32:38 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-11-12 11:32:38 ----A---- C:\Windows\system32\ie4uinit.exe
2014-11-12 11:32:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-11-12 11:32:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-11-12 11:32:37 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-11-12 11:32:37 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 11:32:37 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-11-12 11:32:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 11:32:36 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-11-12 11:32:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-11-12 11:32:36 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-11-12 11:32:36 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-11-12 11:32:36 ----A---- C:\Windows\system32\urlmon.dll
2014-11-12 11:32:36 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 11:32:36 ----A---- C:\Windows\system32\iedkcs32.dll
2014-11-12 11:32:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-11-12 11:32:35 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-11-12 11:32:35 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-11-12 11:32:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-11-12 11:32:35 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-11-12 11:32:35 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 11:32:35 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-12 11:32:35 ----A---- C:\Windows\system32\iesetup.dll
2014-11-12 11:32:35 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-12 11:32:34 ----A---- C:\Windows\system32\iertutil.dll
2014-11-12 11:32:34 ----A---- C:\Windows\system32\ieapfltr.dll
2014-11-12 11:32:33 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-11-12 11:32:33 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-11-12 11:32:33 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-11-12 11:32:33 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-11-12 11:32:33 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-11-12 11:32:33 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-11-12 11:32:33 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-12 11:32:33 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-12 11:32:32 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-11-12 11:32:32 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-12 11:32:32 ----A---- C:\Windows\system32\ieui.dll
2014-11-12 11:32:32 ----A---- C:\Windows\system32\ieframe.dll
2014-11-12 11:32:32 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-12 11:32:31 ----A---- C:\Windows\system32\wininet.dll
2014-11-12 11:32:31 ----A---- C:\Windows\system32\vbscript.dll
2014-11-12 11:32:31 ----A---- C:\Windows\system32\jscript9diag.dll
2014-11-12 11:32:31 ----A---- C:\Windows\system32\jscript9.dll
2014-11-12 11:32:30 ----A---- C:\Windows\system32\msrating.dll
2014-11-12 11:32:30 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-11-12 11:32:30 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 11:31:06 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-11-12 11:31:06 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-11-12 11:31:06 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-12 11:31:06 ----A---- C:\Windows\system32\msxml3.dll
2014-11-12 11:31:05 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2014-11-12 11:31:05 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-12 11:31:04 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-11-12 11:31:04 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-11-12 11:31:04 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-11-12 11:31:04 ----A---- C:\Windows\system32\EncDump.dll
2014-11-12 11:31:04 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-12 11:31:04 ----A---- C:\Windows\system32\AudioSes.dll
2014-11-12 11:31:04 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-12 11:31:04 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-12 11:31:00 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-11-12 11:31:00 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-11-12 11:31:00 ----A---- C:\Windows\system32\schannel.dll
2014-11-12 11:31:00 ----A---- C:\Windows\system32\ncrypt.dll
2014-11-12 11:30:59 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-11-12 11:30:59 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-11-12 11:30:59 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-11-12 11:30:59 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-11-12 11:30:59 ----A---- C:\Windows\system32\wdigest.dll
2014-11-12 11:30:59 ----A---- C:\Windows\system32\TSpkg.dll
2014-11-12 11:30:59 ----A---- C:\Windows\system32\msv1_0.dll
2014-11-12 11:30:59 ----A---- C:\Windows\system32\credssp.dll
2014-11-12 11:25:13 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-11-12 11:25:13 ----A---- C:\Windows\system32\packager.dll
2014-11-12 11:25:12 ----A---- C:\Windows\system32\win32k.sys
2014-11-12 11:25:11 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-11-12 11:25:11 ----A---- C:\Windows\system32\oleaut32.dll
2014-11-11 14:56:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-10-23 17:27:14 ----D---- C:\Users\Uživatel\AppData\Roaming\WinRAR
2014-10-23 17:26:57 ----D---- C:\Program Files\WinRAR

======List of files/folders modified in the last 1 month======

2014-11-21 06:58:18 ----D---- C:\Windows\Prefetch
2014-11-21 06:58:13 ----D---- C:\Windows\Temp
2014-11-21 06:58:09 ----RD---- C:\Program Files
2014-11-21 06:55:50 ----D---- C:\ProgramData\Kaspersky Lab
2014-11-21 06:44:54 ----D---- C:\Windows\system32\config
2014-11-21 06:31:12 ----SHD---- C:\System Volume Information
2014-11-19 10:41:54 ----D---- C:\Windows\winsxs
2014-11-19 10:41:29 ----D---- C:\Windows\SysWOW64
2014-11-19 10:41:29 ----D---- C:\Windows\System32
2014-11-19 06:38:07 ----D---- C:\Windows\system32\catroot
2014-11-19 06:38:06 ----D---- C:\Windows\system32\catroot2
2014-11-12 20:26:27 ----D---- C:\Windows\rescache
2014-11-12 17:26:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-11-12 15:16:15 ----RSD---- C:\Windows\assembly
2014-11-12 15:16:15 ----D---- C:\Windows\Microsoft.NET
2014-11-12 14:44:11 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-12 14:44:11 ----D---- C:\Windows\system32\cs-CZ
2014-11-12 14:44:09 ----D---- C:\Windows\system32\drivers
2014-11-12 14:44:09 ----D---- C:\Program Files\Internet Explorer
2014-11-12 14:44:08 ----D---- C:\Windows\SYSWOW64\en-US
2014-11-12 14:44:07 ----D---- C:\Windows\system32\en-US
2014-11-12 14:44:04 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-12 12:24:39 ----SHD---- C:\Windows\Installer
2014-11-12 12:23:19 ----D---- C:\Windows\inf
2014-11-12 12:23:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-12 12:21:39 ----D---- C:\Windows\system32\MRT
2014-11-12 12:20:14 ----A---- C:\Windows\system32\MRT.exe
2014-11-12 10:13:15 ----RD---- C:\Program Files (x86)
2014-11-12 10:13:14 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-04 14:30:58 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2014-10-07 458336]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2014-10-07 625248]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2013-10-20 29792]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2013-04-12 15456]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2013-05-14 55904]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2014-10-07 178272]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2014-10-07 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2013-10-20 29280]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2014-06-16 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2014-06-16 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2014-06-16 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2014-06-16 158024]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S4 klflt;klflt; C:\Windows\system32\DRIVERS\klflt.sys [2014-10-07 115296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-20 214512]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-11 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-09 1255736]

-----------------EOF-----------------

[altrok]

Dobry den

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Clean
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928

• Upozorneni: tento sken zabere od 30 minut po nekolik hodin

[Barthez01]

Log z adwCleaner:

# AdwCleaner v4.101 - Report created 21/11/2014 at 18:46:54
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Uživatel - PC
# Running from : C:\Users\Uživatel\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Myfree Codec

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 cs)


*************************

AdwCleaner[R0].txt - [1735 octets] - [21/11/2014 18:21:40]
AdwCleaner[S0].txt - [1628 octets] - [21/11/2014 18:46:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1688 octets] ##########

[Barthez01]

Log z MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21.11.2014
Scan Time: 18:55:52
Logfile: log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.21.11
Rootkit Database: v2014.11.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: UA3ivatel

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 421402
Time Elapsed: 50 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[altrok]

Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[Barthez01]

Log FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Uživatel (administrator) on PC on 21-11-2014 20:04:43
Running from C:\Users\Uživatel\Desktop
Loaded Profile: Uživatel (Available profiles: Uživatel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABFSWK.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2794215358-1274547333-1573782362-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2794215358-1274547333-1573782362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.254

FireFox:
========
FF ProfilePath: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\t6ybe59w.default
FF Homepage: hxxp://www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-10-07]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/deta ... ddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-20] (Kaspersky Lab ZAO)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-10-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-10-07] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-10-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-20] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-10-07] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-20] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-10-07] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 20:04 - 2014-11-21 20:05 - 00010319 _____ () C:\Users\Uživatel\Desktop\FRST.txt
2014-11-21 20:02 - 2014-11-21 20:04 - 00000000 ____D () C:\FRST
2014-11-21 20:02 - 2014-11-21 20:02 - 02117632 _____ (Farbar) C:\Users\Uživatel\Desktop\FRST64.exe
2014-11-21 18:54 - 2014-11-21 18:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 18:54 - 2014-11-21 18:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-21 18:54 - 2014-11-21 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-21 18:54 - 2014-11-21 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-21 18:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 18:54 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 18:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-21 18:53 - 2014-11-21 18:53 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Uživatel\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-21 18:21 - 2014-11-21 18:46 - 00000000 ____D () C:\AdwCleaner
2014-11-21 18:20 - 2014-11-21 18:20 - 02140160 _____ () C:\Users\Uživatel\Desktop\adwcleaner_4.101.exe
2014-11-21 06:58 - 2014-11-21 06:58 - 00000000 ____D () C:\rsit
2014-11-21 06:58 - 2014-11-21 06:58 - 00000000 ____D () C:\Program Files\trend micro
2014-11-21 06:56 - 2014-11-21 06:56 - 01222144 _____ () C:\Users\Uživatel\Downloads\RSITx64.exe
2014-11-19 06:39 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 06:39 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 06:39 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 06:39 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-12 11:32 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 11:32 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 11:32 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 11:32 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 11:32 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 11:32 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 11:32 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 11:32 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 11:32 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 11:32 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 11:32 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 11:32 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 11:32 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 11:32 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 11:32 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 11:32 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 11:32 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 11:32 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 11:32 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 11:32 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 11:32 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 11:32 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 11:32 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 11:32 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 11:32 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 11:32 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 11:32 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 11:32 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 11:32 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 11:32 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 11:32 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 11:32 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 11:32 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 11:32 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 11:32 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 11:32 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 11:32 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 11:32 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 11:32 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 11:32 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 11:32 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 11:32 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 11:32 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 11:32 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 11:32 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 11:32 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 11:32 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 11:32 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 11:32 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 11:32 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 11:32 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 11:32 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 11:32 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 11:32 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 11:32 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 11:32 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 11:32 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 11:32 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 11:32 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 11:32 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 11:32 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 11:32 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 11:32 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 11:32 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 11:32 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 11:31 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 11:31 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 11:31 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 11:31 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 11:31 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 11:31 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 11:31 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 11:31 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 11:31 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 11:31 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 11:31 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 11:31 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 11:31 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 11:31 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 11:31 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 11:31 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 11:31 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 11:31 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 11:30 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 11:30 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 11:30 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 11:30 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 11:30 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 11:30 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 11:30 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 11:30 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 11:25 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 11:25 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 11:25 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 11:25 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 11:25 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 14:56 - 2014-11-11 14:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 00:25 - 2014-11-08 00:25 - 05927424 _____ () C:\Users\Uživatel\Downloads\cenik_08_11_2014.xls
2014-11-04 23:19 - 2014-11-04 23:19 - 00700928 _____ () C:\Users\Uživatel\Downloads\taxonomy.cs-CZ.xls
2014-11-02 14:37 - 2014-11-02 15:28 - 00000000 ____D () C:\Users\Uživatel\Desktop\Baron.cz
2014-11-01 20:58 - 2014-11-21 13:02 - 00013824 _____ () C:\Users\Uživatel\Desktop\sklad.xls
2014-10-26 17:08 - 2014-10-26 20:44 - 00000000 ____D () C:\Users\Uživatel\Documents\Texty cdVet
2014-10-23 17:27 - 2014-10-23 17:27 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\WinRAR
2014-10-23 17:27 - 2014-10-23 17:27 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-23 17:27 - 2014-10-23 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-23 17:26 - 2014-10-23 17:27 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-23 17:26 - 2014-10-23 17:26 - 01943128 _____ () C:\Users\Uživatel\Downloads\winrar-x64-511cz.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 20:02 - 2014-10-07 15:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-21 19:21 - 2014-09-17 16:46 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 18:55 - 2009-07-14 05:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 18:55 - 2009-07-14 05:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 18:51 - 2014-09-09 09:47 - 01935601 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 18:47 - 2010-11-21 04:47 - 00849942 _____ () C:\Windows\PFRO.log
2014-11-21 18:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 18:47 - 2009-07-14 05:51 - 00033408 _____ () C:\Windows\setupact.log
2014-11-13 22:51 - 2009-07-14 06:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-12 20:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 17:26 - 2014-09-17 16:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 17:26 - 2014-09-17 16:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 17:26 - 2014-09-17 16:46 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 14:46 - 2009-07-14 05:45 - 00292728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 12:23 - 2011-04-12 09:34 - 00631054 _____ () C:\Windows\system32\perfh005.dat
2014-11-12 12:23 - 2011-04-12 09:34 - 00121708 _____ () C:\Windows\system32\perfc005.dat
2014-11-12 12:23 - 2009-07-14 06:13 - 01489048 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 12:21 - 2014-09-09 11:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 12:20 - 2014-09-09 11:00 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 10:13 - 2014-09-12 17:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-22 14:28 - 2014-09-09 10:03 - 00000000 ____D () C:\Users\Uživatel

Some content of TEMP:
====================
C:\Users\Uživatel\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Uživatel\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Uživatel\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Uživatel\AppData\Local\Temp\Quarantine.exe
C:\Users\Uživatel\AppData\Local\Temp\sqlite3.dll
C:\Users\Uživatel\AppData\Local\Temp\~5D3C.exe
C:\Users\Uživatel\AppData\Local\Temp\~6C76.exe
C:\Users\Uživatel\AppData\Local\Temp\~6F3.exe
C:\Users\Uživatel\AppData\Local\Temp\~7480.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 10:09

==================== End Of Log ============================

[Barthez01]

Log Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Uživatel at 2014-11-21 20:05:24
Running from C:\Users\Uživatel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Out of date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon LBP6020 (HKLM\...\Canon LBP6020) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware verze 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 cs)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 cs)) (Version: 31.2.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-2794215358-1274547333-1573782362-1000\...\MyFreeCodec) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{43245B34-BAEA-4716-B877-38E7E7026698}) (Version: 4.10.9764 - Apache Software Foundation)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2BA16FE1-EF0E-4FC4-8D32-391B4A4AD5F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-05-28 12:57 - 2014-07-25 09:39 - 00036864 _____ () C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
2014-05-28 12:58 - 2014-07-25 09:40 - 14937600 _____ () C:\Program Files (x86)\Samsung\Kies\Theme\Kies.Theme.dll
2014-05-28 12:58 - 2014-07-25 09:39 - 00594944 _____ () C:\Program Files (x86)\Samsung\Kies\Common\Kies.UI.dll
2014-05-28 12:57 - 2014-07-25 09:39 - 00023040 _____ () C:\Program Files (x86)\Samsung\Kies\MVVM\Kies.MVVM.dll
2014-04-30 18:43 - 2014-04-30 18:43 - 00057856 _____ () C:\Program Files (x86)\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
2014-11-11 14:56 - 2014-11-11 14:56 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-12 17:26 - 2014-11-12 17:26 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2794215358-1274547333-1573782362-500 - Administrator - Disabled)
Guest (S-1-5-21-2794215358-1274547333-1573782362-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2794215358-1274547333-1573782362-1002 - Limited - Enabled)
Uživatel (S-1-5-21-2794215358-1274547333-1573782362-1000 - Administrator - Enabled) => C:\Users\Uživatel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 06:49:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 00:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 06:32:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 02:33:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 10:56:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 06:42:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 03:26:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:43:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 06:35:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 02:11:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/21/2014 06:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/21/2014 06:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/21/2014 06:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (11/21/2014 06:46:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/21/2014 06:04:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (11/20/2014 02:43:09 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (11/18/2014 05:13:53 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (11/15/2014 10:04:42 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (11/14/2014 06:27:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (11/13/2014 09:48:09 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.


Microsoft Office Sessions:
=========================
Error: (11/21/2014 06:49:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 00:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 06:32:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 02:33:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 10:56:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 06:42:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 03:26:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:43:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 06:35:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 02:11:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2014-11-21 19:12:26.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-21 19:12:26.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-21 19:12:26.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-21 18:58:22.803
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-21 18:58:22.803
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-21 18:58:22.803
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-21 18:17:24.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-21 18:17:24.237
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-21 18:17:24.235
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-21 18:17:24.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz
Percentage of memory in use: 31%
Total physical RAM: 8181.49 MB
Available physical RAM: 5642.54 MB
Total Pagefile: 16361.16 MB
Available Pagefile: 13573.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:13.71 GB) NTFS
Drive d: () (Fixed) (Total:104.55 GB) (Free:103.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 153.4 GB) (Disk ID: EC26907F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[altrok]

Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
  FF Plugin: @microsoft.com/GENUINE -> disabled No File
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
  2014-11-21 06:58 - 2014-11-21 06:58 - 00000000 ____D () C:\Program Files\trend micro
  Hosts:
  EmptyTemp:
  End
  

[Barthez01]

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
Ran by Uživatel at 2014-11-21 20:29:58 Run:1
Running from C:\Users\Uživatel\Desktop
Loaded Profile: Uživatel (Available profiles: Uživatel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2014-11-21 06:58 - 2014-11-21 06:58 - 00000000 ____D () C:\Program Files\trend micro
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files\trend micro => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 1.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[altrok]

Preventivka je u konce. Z zadneho z logu neni videt infekce, takze Vas Kaspersky ochranil. Ja tedy po sobe uklidim.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[Barthez01]

Mám problém s aktualizací Kaspersky Internet Security. Od 12.11.2014 mi nejde aktualizace. Aktualizační soubory se stáhnout, ale všechny soubory se nepodaří aktualizovat.

Nevíte, co s tím?

[altrok]

S timto se obratte na podporu Kasperskeho.