Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Problém s virem iexplore.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
judasmj
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 28 lis 2014 10:47

Problém s virem iexplore.exe

#1 Příspěvek od judasmj »

Mám problém s mým notebookem, co jsem vyčetl a zjistil, bude to asi způsobeno virem iexplore.exe, který je v mém pc. Přes RogueKiller (který jsem stáhnul a provedl test) jsem zjistil následující log:

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Rybníček [Práva správce]
Mód : Prohledat -- Datum : 11/28/2014 11:01:48

¤¤¤ Procesy : 4 ¤¤¤
[Suspicious.Path] szndesktop.exe -- C:\Users\Rybníček\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] listicka-x64.exe -- C:\Users\Rybníček\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe[7] -> Zastaveno [TermThr]
[Proc.Injected] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Zastaveno [TermProc]
[Proc.Injected] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7] -> Zastaveno [TermProc]

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Rybníček\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Rybníček\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Rybníček\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Rybníček\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000036b]) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] r0khhi41.default-1415865473570 : user_pref("browser.startup.homepage", "https://www.seznam.cz/"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] c93fbd7222e2ca2f4eaedcb32666706b
[BSP] 5cdcb7e21c7b43a7b8106ea934a29875 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 | Size: 287534 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 589486080 | Size: 15360 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 620943360 | Size: 2043 MB
User = LL1 ... OK
User = LL2 ... OK

Pomůže mi prosím někdo?
Děkuji
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém s virem iexplore.exe

#2 Příspěvek od vyosek »

Zdravim :)

Dejte prosim log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
judasmj
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 28 lis 2014 10:47

Re: Problém s virem iexplore.exe

#3 Příspěvek od judasmj »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Rybníček (administrator) on HP on 28-11-2014 21:52:01
Running from C:\Users\Rybníček\Downloads
Loaded Profile: Rybníček (Available profiles: Rybníček & děcka & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2012-05-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-04-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-01] (Google Inc.)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [Google Update] => "C:\Users\Rybní
ek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1251328 2014-05-23] (Informer Technologies, Inc.)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-3087643151-4065238412-3609415455-1005\User: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... C1DEA82F6C}
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.as ... }&srch=dsp
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {09C6C372-9F8F-456E-8061-7253A0BA6369} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=make&s={searchTerms}&f=4
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 170BEC1550
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {342294F9-CDBB-4AEF-A926-E83B4CBD46FE} URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {3674A15D-2E74-4FE1-B0E8-6605A88885B9} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {442AB0FD-D8B5-4C37-9F3B-A26E52A4DBB8} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} URL = http://search.alot.com/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {815E58F7-985A-4CFD-954A-9F68CC6283F4} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {B533207A-3DB8-4B27-80ED-72619561C706} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {BDA4E7D3-18F9-41F5-BE45-9609B2A8B948} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {D78B7974-0771-4CDA-B2B1-7A410783E8AD} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {E663DA7A-8F11-42C4-AB70-03C6AA94B6D8} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {E82D9284-47B4-4829-A611-A17CB452F8F9} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... C1DEA82F6C}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/a ... oader6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Rybníček\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570
FF Homepage: https://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3087643151-4065238412-3609415455-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Rybníček\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3087643151-4065238412-3609415455-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Rybníček\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Seznam lištička - C:\Users\Rybníček\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-11-25]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-29]
FF Extension: No Name - C:\Users\Rybníček\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570\extensions\sepherdwilbur@aol.com [Not Found]
FF Extension: No Name - sepherdwilbur@aol.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Rybníček\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rybníček\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Rybníček\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (SweetIM for Facebook) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2012-10-20]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-07-11]
CHR Extension: (Peněženka Google) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2012-10-20]
CHR Extension: (Gmail) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-10-20]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-04-29]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-10-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2010-09-19] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2010-09-19] (Macrovision Europe Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-03] (Symantec Corporation)
S2 PCSpeedUpService; C:\Program Files\Zrychleni Pocitace\PCSpeedUpService.exe [37600 2011-05-17] (Speedchecker)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [42496 2010-05-20] (Motorola, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-04-27] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-28] ()
U2 HPDrvMntSvc.exe; "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 21:52 - 2014-11-28 21:57 - 00026302 _____ () C:\Users\Rybníček\Downloads\FRST.txt
2014-11-28 21:50 - 2014-11-28 21:52 - 00000000 ____D () C:\FRST
2014-11-28 21:46 - 2014-11-28 21:49 - 02117632 _____ (Farbar) C:\Users\Rybníček\Downloads\FRST64.exe
2014-11-28 11:16 - 2014-11-28 11:16 - 14108320 _____ (Microsoft Corporation) C:\Users\Rybníček\Downloads\mseinstall.exe
2014-11-28 10:34 - 2014-11-28 10:34 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-11-28 10:34 - 2014-11-28 10:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-28 10:33 - 2014-11-28 10:34 - 15196248 _____ () C:\Users\Rybníček\Downloads\RogueKiller.exe
2014-11-28 08:12 - 2014-11-28 21:39 - 00000168 _____ () C:\windows\setupact.log
2014-11-28 08:12 - 2014-11-28 08:12 - 00000000 _____ () C:\windows\setuperr.log
2014-11-28 08:11 - 2014-11-28 08:11 - 00000346 _____ () C:\windows\PFRO.log
2014-11-24 22:57 - 2014-11-27 11:02 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-11-24 22:57 - 2014-11-24 22:57 - 00000000 ____D () C:\Users\Rybníček\AppData\Local\globalUpdate
2014-11-24 20:13 - 2014-11-24 21:08 - 974362212 _____ () C:\Users\Rybníček\Downloads\Vrazdy-podle-Predlohy-(1995)-drama,S.Weaver,CZ-dab,DTVMir,117'.avi
2014-11-24 20:04 - 2014-11-24 21:12 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\DivX
2014-11-24 20:01 - 2014-11-27 23:17 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-11-24 20:00 - 2014-11-27 23:17 - 00000000 ____D () C:\ProgramData\DivX
2014-11-24 20:00 - 2014-11-24 20:00 - 00000000 ____D () C:\Users\Rybníček\AppData\Local\12812
2014-11-24 20:00 - 2014-11-24 20:00 - 00000000 ____D () C:\Program Files (x86)\Seznam.cz
2014-11-24 19:59 - 2014-11-28 08:18 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\Seznam.cz
2014-11-24 19:58 - 2014-11-24 19:59 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\moters
2014-11-24 19:58 - 2014-11-24 19:58 - 00418536 _____ () C:\Users\Rybníček\Downloads\DivX.Web.Player.Installer__8420_il21356.exe
2014-11-19 19:55 - 2014-11-19 19:55 - 01214292 _____ () C:\Users\Rybníček\Downloads\prezentace DOD_AEK_upravená1.pptx
2014-11-19 09:53 - 2014-11-19 09:53 - 00000000 ____D () C:\Users\Rybníček\AppData\Local\{2C612C0A-8696-4CD4-B7A3-746A1281E393}
2014-11-19 08:29 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 08:29 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 08:29 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 08:29 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-15 18:56 - 2014-11-15 18:56 - 00000000 ____D () C:\Users\Rybníček\AppData\Local\{AD15A77D-BFA6-4933-A0E8-2AFA9D90AFC0}
2014-11-12 08:33 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 08:33 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 08:33 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 08:33 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 08:33 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 08:33 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 08:33 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 08:33 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 08:33 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 08:33 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 08:33 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 08:33 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 08:33 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 08:33 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 08:32 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 08:32 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 08:32 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 08:32 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 08:32 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 08:32 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 08:32 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 08:32 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-12 08:32 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 08:32 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 08:32 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 08:32 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 08:32 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 08:32 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 08:31 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 08:31 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 08:31 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 08:31 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 08:31 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 08:30 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 08:30 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 08:30 - 2014-10-26 02:56 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 08:30 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-12 08:30 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 08:30 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 08:30 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-12 08:30 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-12 08:30 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 08:30 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 08:30 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-12 08:30 - 2014-10-26 00:22 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-11-12 08:30 - 2014-10-26 00:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-12 08:29 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 08:29 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-11 08:04 - 2014-11-11 08:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 07:24 - 2014-11-10 07:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-10 07:24 - 2014-11-10 07:24 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-01 21:23 - 2014-11-01 21:23 - 00006293 _____ () C:\Users\Rybníček\AppData\Local\recently-used.xbel
2014-11-01 08:28 - 2014-11-01 08:28 - 00032877 _____ () C:\Users\Rybníček\Downloads\kolekce.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 21:59 - 2014-07-07 19:50 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\Software Informer
2014-11-28 21:48 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 21:48 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 21:44 - 2011-12-18 21:50 - 01516965 _____ () C:\windows\WindowsUpdate.log
2014-11-28 21:44 - 2010-09-09 22:18 - 00669132 _____ () C:\windows\system32\perfh005.dat
2014-11-28 21:44 - 2010-09-09 22:18 - 00141760 _____ () C:\windows\system32\perfc005.dat
2014-11-28 21:44 - 2009-07-14 06:13 - 01584626 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-28 21:41 - 2011-02-01 10:21 - 00000948 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-28 21:39 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-28 12:21 - 2012-04-07 06:23 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 12:20 - 2011-02-01 10:21 - 00000952 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-28 12:08 - 2011-02-01 11:06 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\Skype
2014-11-28 11:30 - 2011-07-11 07:47 - 00000974 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087643151-4065238412-3609415455-1002UA.job
2014-11-28 11:17 - 2011-02-04 13:25 - 00002198 _____ () C:\windows\epplauncher.mif
2014-11-28 08:13 - 2011-05-03 10:29 - 02058240 ___SH () C:\Users\Rybníček\Desktop\Thumbs.db
2014-11-27 12:16 - 2011-10-24 12:07 - 02302422 _____ () C:\Users\Rybníček\Desktop\PigeonPlannerBackup.zip
2014-11-27 11:21 - 2012-04-07 06:23 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 11:21 - 2012-04-07 06:23 - 00003852 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 11:21 - 2011-08-25 06:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-27 11:11 - 2011-02-13 19:07 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\pigeonplanner
2014-11-25 18:55 - 2014-08-08 07:06 - 00000000 ____D () C:\Users\Rybníček\AppData\Local\CrashDumps
2014-11-25 18:55 - 2012-05-07 19:32 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-11-25 18:30 - 2011-07-11 07:47 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087643151-4065238412-3609415455-1002Core.job
2014-11-25 09:15 - 2014-01-15 12:59 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\HpUpdate
2014-11-21 13:59 - 2011-02-07 18:40 - 00000000 ____D () C:\Users\Rybníček\Documents\Holubi
2014-11-20 17:47 - 2014-10-08 10:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-20 17:47 - 2010-09-19 16:47 - 00000000 ____D () C:\ProgramData\Skype
2014-11-15 18:53 - 2009-07-14 06:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-14 18:25 - 2011-07-11 07:47 - 00003950 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3087643151-4065238412-3609415455-1002UA
2014-11-14 18:25 - 2011-07-11 07:47 - 00003554 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3087643151-4065238412-3609415455-1002Core
2014-11-14 18:12 - 2012-01-17 22:10 - 00000000 ____D () C:\Users\Rybníček\AppData\Local\PokerStars
2014-11-14 18:12 - 2012-01-17 22:10 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-11-14 10:53 - 2011-02-01 17:46 - 00000000 ____D () C:\windows\rescache
2014-11-13 09:15 - 2011-02-01 10:21 - 00003948 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 09:15 - 2011-02-01 10:21 - 00003696 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 08:58 - 2014-08-29 06:22 - 00000000 ____D () C:\Users\Rybníček\Desktop\Původní data aplikace Firefox
2014-11-13 08:52 - 2009-07-14 05:45 - 04971184 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 08:48 - 2014-05-06 11:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-12 16:37 - 2011-02-04 11:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 16:29 - 2013-07-19 15:51 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 16:22 - 2011-02-04 09:33 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-12 09:31 - 2014-04-20 15:45 - 00000000 ____D () C:\Users\Rybníček\Desktop\LR
2014-11-12 08:05 - 2012-05-04 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 07:24 - 2011-06-20 10:31 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-10 07:24 - 2011-02-02 18:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-30 12:25 - 2011-02-04 13:31 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\děcka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rybníček\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 10:29

==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém s virem iexplore.exe

#4 Příspěvek od vyosek »

:arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbar
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
judasmj
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 28 lis 2014 10:47

Re: Problém s virem iexplore.exe

#5 Příspěvek od judasmj »

pořád se provádí scan pomocí malwarebytes, už to docela trvá, ale nedá se... jen se zeptám, až to proběhne, mám provést i další akce, které jste uvedl v dalších dvou odtrzích?
Nahoru
judasmj
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 28 lis 2014 10:47

Re: Problém s virem iexplore.exe

#6 Příspěvek od judasmj »

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17148

Java version: 1.6.0_23

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 2072264704, free: 255713280

Downloaded database version: v2014.11.28.08
Downloaded database version: v2014.11.22.01
Initializing...
======================
------------ Kernel report ------------
11/28/2014 22:11:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\Drivers\btmusb.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\ole32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\wininet.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shell32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002bd8430
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800266e050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002bd8430, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002bd9040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002bd8430, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002663950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800266e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DA9CE7A5

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 614400
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 616448 Numsec = 588869632

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 589486080 Numsec = 31457280

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 620943360 Numsec = 4184064

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Infected: HKLM\SOFTWARE\WOW6432NODE\ClickPotatoLite --> [Adware.ClickPotato]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém s virem iexplore.exe

#7 Příspěvek od vyosek »

Ano, provedte i dalsi kroky, jinak bych je nepsal :)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
judasmj
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 28 lis 2014 10:47

Re: Problém s virem iexplore.exe

#8 Příspěvek od judasmj »

# AdwCleaner v4.102 - Report created 29/11/2014 at 07:53:05
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rybníček - HP
# Running from : C:\Users\Rybníček\Downloads\adwcleaner_4.102.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\Rybníček\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Rybníček\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c8730ca5-3f82-41cc-65e2-01b87600cd89}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v33.1 (x86 cs)

[r0khhi41.default-1415865473570\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "149e60212cf2fedfd02a64a18975ecb0");

-\\ Google Chrome v

[C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
[C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=PTV2&o=15851&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=H3&apn_dtid=YYYYYYYYCZ&apn_uid=83A7CD3F-368B-4A1A-B10B-A3E3301BBDA4&apn_sauid=0818F495-DB65-4513-AFBC-814C1932240C
[C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=PTV2&o=15851&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=H3&apn_dtid=YYYYYYYYCZ&apn_uid=83A7CD3F-368B-4A1A-B10B-A3E3301BBDA4&apn_sauid=0818F495-DB65-4513-AFBC-814C1932240C
[C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.zusuh.cz/?page=websearch&srchtext={searchTerms}
[C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?q={searchTerms}&ln=en&src=95&barid=%7Bbaa07787-1a91-11e2-9e36-1cc1dea82f6c%7D&sf=0

*************************

AdwCleaner[R0].txt - [7445 octets] - [29/11/2014 07:39:38]
AdwCleaner[S0].txt - [6302 octets] - [29/11/2014 07:53:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6362 octets] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém s virem iexplore.exe

#9 Příspěvek od vyosek »

Tak a jeste Zoek
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
judasmj
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 28 lis 2014 10:47

Re: Problém s virem iexplore.exe

#10 Příspěvek od judasmj »

Zoek.exe v5.0.0.0 Updated 28-11-2014
Tool run by Rybnˇźek on so 29.11.2014 at 8:02:33,33.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\RYBNEK~1\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.11.2014 8:19:30 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\DivX deleted successfully
C:\PROGRA~2\DsNET Corp deleted successfully
C:\PROGRA~2\ExpressDownloader deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\Program Files\Common Files\McAfee deleted successfully
C:\Users\RYBNEK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\PhotoFiltre deleted successfully
C:\Users\RYBNEK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Playlist Creator 3 deleted successfully
C:\PROGRA~3\Roxio deleted successfully
C:\PROGRA~3\WinZip deleted successfully
C:\Users\Default\AppData\\LocalLow deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\DCKA~1\AppData\Local\PDFC deleted successfully
C:\Users\DCKA~1\AppData\Local\VirtualStore deleted successfully
C:\Users\RYBNEK~1\AppData\Local\PDFC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F6A9017-CDCB-41D9-B45B-797472115CD6} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44A4EA87-C6F8-41A4-92C2-9D760D529B3} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C57CD12-7C2-4A4C-B971-AE7CD0293ABC} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CB4E554-4935-4B09-97E-65464C61F72} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562C7DB6-479B-4301-9582-20F3C7B5B5B} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56ABC6B0-BACD-4F83-AE92-A7C736EFF3D6} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{585822E4-3691-4AA8-93CD-E498BE113EDA} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DE654C-2D29-4FF3-9134-864254EC3E4D} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989DA397-C7D5-494F-9C6A-55662233CA} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A4C7670-D331-45BD-B246-7DFFB2591E39} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A367D83C-13D6-4018-8D5-2E69199398B} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1549617-A73D-4A0C-80B5-8AEA5560C514} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C749FADA-BF77-4D7F-8175-56164D39DF17} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E48014F9-225C-4E3B-9E46-6933C431D9AC} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F31725C9-DDAB-4C81-8741-C6C913229419} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F46CA817-91BE-4E2A-9261-AA18F77D4740} deleted successfully
HKEY_USERS\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F745BC54-1CFC-459B-9522-B037F0124681} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\DCKA~1\AppData\Roaming\Mozilla\Firefox\Profiles\6qrghwej.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");

Added to C:\Users\DCKA~1\AppData\Roaming\Mozilla\Firefox\Profiles\6qrghwej.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\RYBNEK~1\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/");

Added to C:\Users\RYBNEK~1\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\DCKA~1\AppData\Roaming\Mozilla\Firefox\Profiles\6qrghwej.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_29.11.2014_0844_.backup

ProfilePath: C:\Users\RYBNEK~1\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570

user.js not found
---- Lines crossrider removed from prefs.js ----
user_pref("extensions.crossrider.bic", "149e60212cf2fedfd02a64a18975ecb0");
---- FireFox user.js and prefs.js backups ----

prefs_29.11.2014_0844_.backup

==== Deleting Files \ Folders ======================

C:\Users\RYBNEK~1\AppData\Local\12812 deleted
C:\PROGRA~3\DivX deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\pref.js deleted
C:\prefs.js deleted
C:\found.000 deleted
C:\found.001 deleted
C:\Users\RYBNEK~1\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [15.02.2014 18:03]

==== Firefox Extensions ======================

ProfilePath: C:\Users\RYBNEK~1\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570
- Undetermined - C:\Users\RybnĂ­ÄŤek\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570\extensions\sepherdwilbur@aol.com
- Undetermined - sepherdwilbur@aol.com
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[29.04.2011 20:17]

RealPlayer HTML5Video Downloader Extension - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
RealPlayer HTML5Video Downloader Extension - RYBNEK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk

==== Chromium Startpages ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.seznam.cz/",


==== Chromium Fix ======================

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\RYBNEK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
"Default_Page_URL"="http://www.bing.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{09C6C372-9F8F-456E-8061-7253A0BA6369} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_16194"
{342294F9-CDBB-4AEF-A926-E83B4CBD46FE} Seznam Url="http://search.seznam.cz/?q={searchTerms ... arch_16194"
{3674A15D-2E74-4FE1-B0E8-6605A88885B9} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194"
{442AB0FD-D8B5-4C37-9F3B-A26E52A4DBB8} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_16194"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... HP_csCZ417"
{815E58F7-985A-4CFD-954A-9F68CC6283F4} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_16194"
{B533207A-3DB8-4B27-80ED-72619561C706} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_16194"
{BDA4E7D3-18F9-41F5-BE45-9609B2A8B948} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_16194"
{D78B7974-0771-4CDA-B2B1-7A410783E8AD} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_16194"
{E663DA7A-8F11-42C4-AB70-03C6AA94B6D8} WebHledani Url="http://www.webhledani.cz/results.aspx?i ... earchTerms}"
{E82D9284-47B4-4829-A611-A17CB452F8F9} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_16194"
{EFD90A5C-C40F-45D9-92AB-A3DAE671237A} Bing Url="http://www.bing.com/search?q={searchTer ... -SearchBox"

==== Reset Google Chrome ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\RYBNEK~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\RYBNEK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\DCKA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DCKA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\DCKA~1\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DCKA~1\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DCKA~1\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RYBNEK~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RYBNEK~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR0XKNV8 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\DCKA~1\AppData\Local\Mozilla\Firefox\Profiles\5knnfh9y.default\Cache emptied successfully
C:\Users\DCKA~1\AppData\Local\Mozilla\Firefox\Profiles\6qrghwej.default\cache2 emptied successfully
C:\Users\RYBNEK~1\AppData\Local\Mozilla\Firefox\Profiles\4hkp1k4t.default\Cache emptied successfully
C:\Users\RYBNEK~1\AppData\Local\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\RYBNEK~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=25 folders=14 1072877 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\DCKA~1\AppData\Local\Temp emptied successfully
C:\Users\RYBNEK~1\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\RYBNEK~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\RYBNEK~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR0XKNV8" not found

==== EOF on so 29.11.2014 at 8:56:39,44 ======================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém s virem iexplore.exe

#11 Příspěvek od vyosek »

Jak se chova PC??
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
judasmj
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 28 lis 2014 10:47

Re: Problém s virem iexplore.exe

#12 Příspěvek od judasmj »

Vypadá to, že lépe. Moc Vám děkuji. V případě, že by se objevil ještě nějaký problém, zkusil bych se ozvat. Děkuji.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém s virem iexplore.exe

#13 Příspěvek od vyosek »

Fajn, dejte prosim novy log z FRST a docistime zbytky :)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
judasmj
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 28 lis 2014 10:47

Re: Problém s virem iexplore.exe

#14 Příspěvek od judasmj »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Rybníček (administrator) on HP on 29-11-2014 09:34:01
Running from C:\Users\Rybníček\Downloads
Loaded Profile: Rybníček (Available profiles: Rybníček & děcka & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2012-05-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-04-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-01] (Google Inc.)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [Google Update] => "C:\Users\Rybní
ek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1251328 2014-05-23] (Informer Technologies, Inc.)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
GroupPolicyUsers\S-1-5-21-3087643151-4065238412-3609415455-1005\User: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {09C6C372-9F8F-456E-8061-7253A0BA6369} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {342294F9-CDBB-4AEF-A926-E83B4CBD46FE} URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {3674A15D-2E74-4FE1-B0E8-6605A88885B9} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {442AB0FD-D8B5-4C37-9F3B-A26E52A4DBB8} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {815E58F7-985A-4CFD-954A-9F68CC6283F4} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {B533207A-3DB8-4B27-80ED-72619561C706} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {BDA4E7D3-18F9-41F5-BE45-9609B2A8B948} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {D78B7974-0771-4CDA-B2B1-7A410783E8AD} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {E663DA7A-8F11-42C4-AB70-03C6AA94B6D8} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> {E82D9284-47B4-4829-A611-A17CB452F8F9} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3087643151-4065238412-3609415455-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/a ... oader6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Rybníček\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570
FF NewTab: hxxp://www.google.com/
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3087643151-4065238412-3609415455-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Rybníček\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3087643151-4065238412-3609415455-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Rybníček\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Seznam lištička - C:\Users\Rybníček\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-11-25]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-29]
FF Extension: No Name - C:\Users\Rybníček\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570\extensions\sepherdwilbur@aol.com [Not Found]
FF Extension: No Name - sepherdwilbur@aol.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-29]
CHR Extension: (Dokumenty Google) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-29]
CHR Extension: (Disk Google) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-29]
CHR Extension: (YouTube) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Tabulky Google) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-29]
CHR Extension: (Peněženka Google) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Rybníček\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2010-09-19] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2010-09-19] (Macrovision Europe Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-03] (Symantec Corporation)
S2 PCSpeedUpService; C:\Program Files\Zrychleni Pocitace\PCSpeedUpService.exe [37600 2011-05-17] (Speedchecker)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [42496 2010-05-20] (Motorola, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [135384 2014-11-28] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-04-27] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-28] ()
U2 HPDrvMntSvc.exe; "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 09:00 - 2014-11-29 09:00 - 00019677 _____ () C:\Users\Rybníček\Desktop\zoek-results.txt
2014-11-29 08:53 - 2014-11-29 08:02 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-11-29 08:16 - 2014-11-29 08:56 - 00019677 _____ () C:\zoek-results.log
2014-11-29 08:02 - 2014-11-29 08:45 - 00000000 ____D () C:\zoek_backup
2014-11-29 08:02 - 2014-11-29 08:02 - 01294848 _____ () C:\Users\Rybníček\Downloads\zoek.exe
2014-11-29 08:01 - 2014-11-29 08:01 - 00006478 _____ () C:\Users\Rybníček\Desktop\AdwCleaner[S0].txt
2014-11-29 07:39 - 2014-11-29 07:53 - 00000000 ____D () C:\AdwCleaner
2014-11-29 07:38 - 2014-11-29 07:38 - 02148864 _____ () C:\Users\Rybníček\Downloads\adwcleaner_4.102.exe
2014-11-28 22:12 - 2014-11-28 23:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-28 22:12 - 2014-11-28 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-28 22:11 - 2014-11-28 22:11 - 00135384 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-28 22:10 - 2014-11-28 23:35 - 00000000 ____D () C:\Users\Rybníček\Desktop\mbar
2014-11-28 22:10 - 2014-11-28 22:10 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-28 22:09 - 2014-11-28 22:10 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Rybníček\Downloads\mbar-1.08.2.1001.exe
2014-11-28 22:06 - 2014-11-28 22:06 - 00045989 _____ () C:\Users\Rybníček\Desktop\FRST.txt
2014-11-28 22:06 - 2014-11-28 22:06 - 00035582 _____ () C:\Users\Rybníček\Desktop\Addition.txt
2014-11-28 22:00 - 2014-11-28 22:03 - 00035582 _____ () C:\Users\Rybníček\Downloads\Addition.txt
2014-11-28 21:52 - 2014-11-29 09:35 - 00021435 _____ () C:\Users\Rybníček\Downloads\FRST.txt
2014-11-28 21:50 - 2014-11-29 09:34 - 00000000 ____D () C:\FRST
2014-11-28 21:46 - 2014-11-28 21:49 - 02117632 _____ (Farbar) C:\Users\Rybníček\Downloads\FRST64.exe
2014-11-28 11:16 - 2014-11-28 11:16 - 14108320 _____ (Microsoft Corporation) C:\Users\Rybníček\Downloads\mseinstall.exe
2014-11-28 10:34 - 2014-11-28 10:34 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-11-28 10:34 - 2014-11-28 10:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-28 10:33 - 2014-11-28 10:34 - 15196248 _____ () C:\Users\Rybníček\Downloads\RogueKiller.exe
2014-11-28 08:12 - 2014-11-29 08:56 - 00000336 _____ () C:\windows\setupact.log
2014-11-28 08:12 - 2014-11-28 08:12 - 00000000 _____ () C:\windows\setuperr.log
2014-11-28 08:11 - 2014-11-29 08:55 - 00000994 _____ () C:\windows\PFRO.log
2014-11-24 20:13 - 2014-11-24 21:08 - 974362212 _____ () C:\Users\Rybníček\Downloads\Vrazdy-podle-Predlohy-(1995)-drama,S.Weaver,CZ-dab,DTVMir,117'.avi
2014-11-24 20:04 - 2014-11-24 21:12 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\DivX
2014-11-24 20:00 - 2014-11-24 20:00 - 00000000 ____D () C:\Program Files (x86)\Seznam.cz
2014-11-24 19:59 - 2014-11-28 08:18 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\Seznam.cz
2014-11-24 19:58 - 2014-11-24 19:59 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\moters
2014-11-24 19:58 - 2014-11-24 19:58 - 00418536 _____ () C:\Users\Rybníček\Downloads\DivX.Web.Player.Installer__8420_il21356.exe
2014-11-19 19:55 - 2014-11-19 19:55 - 01214292 _____ () C:\Users\Rybníček\Downloads\prezentace DOD_AEK_upravená1.pptx
2014-11-19 08:29 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 08:29 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 08:29 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 08:29 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-12 08:33 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 08:33 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 08:33 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 08:33 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 08:33 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 08:33 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 08:33 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 08:33 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 08:33 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 08:33 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 08:33 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 08:33 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 08:33 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 08:33 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 08:32 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 08:32 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 08:32 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 08:32 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 08:32 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 08:32 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 08:32 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 08:32 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 08:32 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 08:32 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-12 08:32 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 08:32 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 08:32 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 08:32 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 08:32 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 08:32 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 08:31 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 08:31 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 08:31 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 08:31 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 08:31 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 08:30 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 08:30 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 08:30 - 2014-10-26 02:56 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 08:30 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-12 08:30 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 08:30 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 08:30 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-12 08:30 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 08:30 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-12 08:30 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 08:30 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-12 08:30 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 08:30 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 08:30 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-12 08:30 - 2014-10-26 00:22 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-11-12 08:30 - 2014-10-26 00:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-12 08:29 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 08:29 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-11 08:04 - 2014-11-11 08:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 07:24 - 2014-11-10 07:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-10 07:24 - 2014-11-10 07:24 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-01 21:23 - 2014-11-01 21:23 - 00006293 _____ () C:\Users\Rybníček\AppData\Local\recently-used.xbel
2014-11-01 08:28 - 2014-11-01 08:28 - 00032877 _____ () C:\Users\Rybníček\Downloads\kolekce.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 09:36 - 2014-07-07 19:50 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\Software Informer
2014-11-29 09:30 - 2011-07-11 07:47 - 00000974 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087643151-4065238412-3609415455-1002UA.job
2014-11-29 09:21 - 2012-04-07 06:23 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-29 09:20 - 2011-02-01 10:21 - 00000952 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-29 09:20 - 2011-02-01 10:21 - 00000948 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 09:04 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 09:04 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 09:03 - 2011-12-18 21:50 - 01569325 _____ () C:\windows\WindowsUpdate.log
2014-11-29 09:02 - 2010-09-09 22:18 - 00669132 _____ () C:\windows\system32\perfh005.dat
2014-11-29 09:02 - 2010-09-09 22:18 - 00141760 _____ () C:\windows\system32\perfc005.dat
2014-11-29 09:02 - 2009-07-14 06:13 - 01584626 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-29 08:56 - 2011-11-16 21:46 - 00000008 __RSH () C:\Users\Rybníček\ntuser.pol
2014-11-29 08:56 - 2011-02-01 09:53 - 00000000 ____D () C:\Users\Rybníček
2014-11-29 08:56 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-29 08:44 - 2009-07-14 04:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-11-28 22:41 - 2011-02-01 11:06 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\Skype
2014-11-28 11:17 - 2011-02-04 13:25 - 00002198 _____ () C:\windows\epplauncher.mif
2014-11-28 08:13 - 2011-05-03 10:29 - 02058240 ___SH () C:\Users\Rybníček\Desktop\Thumbs.db
2014-11-27 12:16 - 2011-10-24 12:07 - 02302422 _____ () C:\Users\Rybníček\Desktop\PigeonPlannerBackup.zip
2014-11-27 11:21 - 2012-04-07 06:23 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 11:21 - 2012-04-07 06:23 - 00003852 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 11:21 - 2011-08-25 06:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-27 11:11 - 2011-02-13 19:07 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\pigeonplanner
2014-11-25 18:55 - 2014-08-08 07:06 - 00000000 ____D () C:\Users\Rybníček\AppData\Local\CrashDumps
2014-11-25 18:55 - 2012-05-07 19:32 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-11-25 18:30 - 2011-07-11 07:47 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087643151-4065238412-3609415455-1002Core.job
2014-11-25 09:15 - 2014-01-15 12:59 - 00000000 ____D () C:\Users\Rybníček\AppData\Roaming\HpUpdate
2014-11-21 13:59 - 2011-02-07 18:40 - 00000000 ____D () C:\Users\Rybníček\Documents\Holubi
2014-11-20 17:47 - 2014-10-08 10:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-20 17:47 - 2010-09-19 16:47 - 00000000 ____D () C:\ProgramData\Skype
2014-11-15 18:53 - 2009-07-14 06:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-14 18:25 - 2011-07-11 07:47 - 00003950 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3087643151-4065238412-3609415455-1002UA
2014-11-14 18:25 - 2011-07-11 07:47 - 00003554 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3087643151-4065238412-3609415455-1002Core
2014-11-14 18:12 - 2012-01-17 22:10 - 00000000 ____D () C:\Users\Rybníček\AppData\Local\PokerStars
2014-11-14 18:12 - 2012-01-17 22:10 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-11-14 10:53 - 2011-02-01 17:46 - 00000000 ____D () C:\windows\rescache
2014-11-13 09:15 - 2011-02-01 10:21 - 00003948 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 09:15 - 2011-02-01 10:21 - 00003696 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 08:58 - 2014-08-29 06:22 - 00000000 ____D () C:\Users\Rybníček\Desktop\Původní data aplikace Firefox
2014-11-13 08:52 - 2009-07-14 05:45 - 04971184 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 08:48 - 2014-05-06 11:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-12 16:37 - 2011-02-04 11:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 16:29 - 2013-07-19 15:51 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 16:22 - 2011-02-04 09:33 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-12 09:31 - 2014-04-20 15:45 - 00000000 ____D () C:\Users\Rybníček\Desktop\LR
2014-11-12 08:05 - 2012-05-04 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 07:24 - 2011-06-20 10:31 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-10 07:24 - 2011-02-02 18:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-30 12:25 - 2011-02-04 13:31 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 10:29

==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém s virem iexplore.exe

#15 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2012-05-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-04-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-01] (Google Inc.)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [Google Update] => "C:\Users\Rybní
ek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1251328 2014-05-23] (Informer Technologies, Inc.)
HKU\S-1-5-21-3087643151-4065238412-3609415455-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
GroupPolicyUsers\S-1-5-21-3087643151-4065238412-3609415455-1005\User: Group Policy on Chrome detected <======= ATTENTION

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FF Extension: No Name - C:\Users\Rybníček\AppData\Roaming\Mozilla\Firefox\Profiles\r0khhi41.default-1415865473570\extensions\sepherdwilbur@aol.com [Not Found]
FF Extension: No Name - sepherdwilbur@aol.com [Not Found]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

S2 PCSpeedUpService; C:\Program Files\Zrychleni Pocitace\PCSpeedUpService.exe [37600 2011-05-17] (Speedchecker)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-28] ()

C:\Program Files\Zrychleni Pocitace
2014-11-29 09:00 - 2014-11-29 09:00 - 00019677 _____ () C:\Users\Rybníček\Desktop\zoek-results.txt
2014-11-29 08:53 - 2014-11-29 08:02 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-11-29 08:16 - 2014-11-29 08:56 - 00019677 _____ () C:\zoek-results.log
2014-11-29 08:02 - 2014-11-29 08:45 - 00000000 ____D () C:\zoek_backup
2014-11-29 08:02 - 2014-11-29 08:02 - 01294848 _____ () C:\Users\Rybníček\Downloads\zoek.exe
2014-11-29 08:01 - 2014-11-29 08:01 - 00006478 _____ () C:\Users\Rybníček\Desktop\AdwCleaner[S0].txt
2014-11-29 07:39 - 2014-11-29 07:53 - 00000000 ____D () C:\AdwCleaner
2014-11-29 07:38 - 2014-11-29 07:38 - 02148864 _____ () C:\Users\Rybníček\Downloads\adwcleaner_4.102.exe
2014-11-28 22:12 - 2014-11-28 23:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-28 22:12 - 2014-11-28 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-28 22:11 - 2014-11-28 22:11 - 00135384 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-28 22:10 - 2014-11-28 23:35 - 00000000 ____D () C:\Users\Rybníček\Desktop\mbar
2014-11-28 22:10 - 2014-11-28 22:10 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-28 22:09 - 2014-11-28 22:10 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Rybníček\Downloads\mbar-1.08.2.1001.exe
2014-11-28 22:06 - 2014-11-28 22:06 - 00045989 _____ () C:\Users\Rybníček\Desktop\FRST.txt
2014-11-28 22:06 - 2014-11-28 22:06 - 00035582 _____ () C:\Users\Rybníček\Desktop\Addition.txt
2014-11-28 22:00 - 2014-11-28 22:03 - 00035582 _____ () C:\Users\Rybníček\Downloads\Addition.txt
2014-11-28 21:52 - 2014-11-29 09:35 - 00021435 _____ () C:\Users\Rybníček\Downloads\FRST.txt
2014-11-28 10:34 - 2014-11-28 10:34 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-11-28 10:34 - 2014-11-28 10:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-28 10:33 - 2014-11-28 10:34 - 15196248 _____ () C:\Users\Rybníček\Downloads\RogueKiller.exe
2014-11-28 08:12 - 2014-11-29 08:56 - 00000336 _____ () C:\windows\setupact.log
2014-11-28 08:12 - 2014-11-28 08:12 - 00000000 _____ () C:\windows\setuperr.log
2014-11-28 08:11 - 2014-11-29 08:55 - 00000994 _____ () C:\windows\PFRO.log

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“