Policejní vírus zablokoval prohlížeč

Zpráva

rakato11 · #1 Příspěvek od **rakato11** » 04 kvě 2015 08:00

Přikládám log z RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by Otakar Vavrečka at 2015-05-04 08:58:06
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 76 GB (48%) free of 158 GB
Total RAM: 3066 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:51, on 4.5.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Otakar Vavrečka\AppData\Local\Viber\Viber.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
C:\Users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files\Mamemail\Mamemail Postak\Postak.exe
C:\Users\Otakar Vavrečka\Desktop\Gmail Notifier Plus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Otakar Vavrečka\Desktop\RSIT.exe
C:\Program Files\trend micro\Otakar Vavrečka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\Windows\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\Windows\system32\MSTMON_Y.EXE STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Viber] "C:\Users\Otakar Vavrečka\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [MP3 Skype Recorder] C:\Users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\OTAKAR~1\AppData\Local\Temp\E_S6B3B.tmp" /EF "HKCU"
O4 - Startup: Mámemail Pošťák.lnk = C:\Program Files\Mamemail\Mamemail Postak\Postak.exe
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR-Sound_Organizer - Sony Corporation - C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6800 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe#
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf6a811f49157b.job - C:\Program Files\Google\Update\GoogleUpdate.exe# /c#
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8b84abba174e.job - C:\Program Files\Google\Update\GoogleUpdate.exe# /ua /installsource scheduler#

=========Mozilla firefox=========

ProfilePath - C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default

prefs.js - "browser.search.useDBForOrder" - ""
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/MycameraPlugin]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\extensions\
{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hppwrsav"=C:\SCANJET\PrecisionScanLT\hppwrsav.exe [1999-06-07 23552]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"KONICA MINOLTA PagePro 1300WStatusDisplay"=C:\Windows\system32\MSTMON_N.EXE [2004-11-25 151552]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"KONICA MINOLTA PagePro 1400W STD"=C:\Windows\system32\MSTMON_Y.EXE [2006-03-01 184320]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-01-28 5088456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Viber"=C:\Users\Otakar Vavrečka\AppData\Local\Viber\Viber.exe [2014-09-02 936656]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-10-29 4826904]
"MP3 Skype Recorder"=C:\Users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [2014-08-08 1544704]
"Seznam Postak"=C:\Users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"EPSON Stylus SX200 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ImageBrowser EX Agent.lnk - C:\Program Files\Canon\ImageBrowser EX\MFManager.exe

C:\Users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Mámemail Pošťák.lnk - C:\Program Files\Mamemail\Mamemail Postak\Postak.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-04-28 06:22:28 ----D---- C:\Program Files\Mamemail
2015-04-23 05:29:46 ----D---- C:\Program Files\Mozilla Firefox
2015-04-15 12:19:06 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 12:19:06 ----A---- C:\Windows\system32\clfs.sys
2015-04-15 12:19:01 ----A---- C:\Windows\system32\ntdll.dll
2015-04-15 12:19:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-15 12:19:00 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-04-15 12:18:59 ----A---- C:\Windows\system32\wdigest.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\TSpkg.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\sspisrv.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\sspicli.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\srcore.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\srclient.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\smss.exe
2015-04-15 12:18:59 ----A---- C:\Windows\system32\schannel.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\secur32.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\rstrui.exe
2015-04-15 12:18:59 ----A---- C:\Windows\system32\ncrypt.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\msv1_0.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\msaudite.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\lsass.exe
2015-04-15 12:18:59 ----A---- C:\Windows\system32\lsasrv.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\kerberos.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-04-15 12:18:59 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-04-15 12:18:59 ----A---- C:\Windows\system32\csrsrv.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\credssp.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\auditpol.exe
2015-04-15 12:18:59 ----A---- C:\Windows\system32\apisetschema.dll
2015-04-15 12:18:59 ----A---- C:\Windows\system32\adtschema.dll
2015-04-15 12:18:58 ----A---- C:\Windows\system32\msobjs.dll
2015-04-15 12:18:49 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 12:18:48 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 12:18:48 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-04-15 12:18:48 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-04-15 12:18:47 ----A---- C:\Windows\system32\urlmon.dll
2015-04-15 12:18:47 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 12:18:47 ----A---- C:\Windows\system32\iernonce.dll
2015-04-15 12:18:47 ----A---- C:\Windows\system32\iedkcs32.dll
2015-04-15 12:18:47 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-15 12:18:46 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-15 12:18:46 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-15 12:18:46 ----A---- C:\Windows\system32\jscript9diag.dll
2015-04-15 12:18:46 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-15 12:18:46 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-15 12:18:46 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-15 12:18:45 ----A---- C:\Windows\system32\msrating.dll
2015-04-15 12:18:44 ----A---- C:\Windows\system32\wininet.dll
2015-04-15 12:18:44 ----A---- C:\Windows\system32\iesetup.dll
2015-04-15 12:18:44 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 12:18:42 ----A---- C:\Windows\system32\ieui.dll
2015-04-15 12:18:42 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-15 12:18:41 ----A---- C:\Windows\system32\ieframe.dll
2015-04-15 12:18:39 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-15 12:18:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-04-15 12:18:38 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-04-15 12:18:37 ----A---- C:\Windows\system32\iertutil.dll
2015-04-15 12:18:36 ----A---- C:\Windows\system32\mshtml.dll
2015-04-15 12:18:34 ----A---- C:\Windows\system32\vbscript.dll
2015-04-15 12:18:34 ----A---- C:\Windows\system32\jscript9.dll
2015-04-15 12:16:20 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 12:16:20 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 12:16:20 ----A---- C:\Windows\system32\wups.dll
2015-04-15 12:16:20 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 12:16:20 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 12:16:20 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 12:16:20 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 12:16:20 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 12:16:20 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 12:16:19 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 12:16:19 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 12:16:06 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 12:16:04 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 12:16:04 ----A---- C:\Windows\system32\msxml3.dll
2015-04-10 07:35:23 ----D---- C:\ProgramData\ESET

======List of files/folders modified in the last 1 month======

2015-05-04 08:58:09 ----D---- C:\Program Files\trend micro
2015-05-04 08:58:08 ----D---- C:\Windows\temp
2015-05-04 07:58:55 ----RD---- C:\Program Files
2015-05-04 07:58:20 ----SHD---- C:\System Volume Information
2015-05-04 07:50:08 ----D---- C:\Windows\system32\config
2015-05-04 07:41:07 ----AD---- C:\Windows\System32
2015-05-04 07:41:06 ----D---- C:\Windows\inf
2015-05-04 07:41:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-05-04 07:38:28 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\ViberPC
2015-05-04 07:37:14 ----A---- C:\Windows\VTWAIN.INI
2015-05-03 11:38:56 ----D---- C:\Windows\rescache
2015-05-02 20:04:10 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\Skype
2015-04-29 14:31:28 ----D---- C:\Windows\system32\NDF
2015-04-29 14:10:24 ----SHD---- C:\Windows\Installer
2015-04-29 14:09:53 ----D---- C:\ProgramData\Skype
2015-04-25 20:46:35 ----RD---- C:\Users
2015-04-25 20:24:37 ----SHD---- C:\$RECYCLE.BIN
2015-04-23 08:00:03 ----D---- C:\Windows
2015-04-23 07:59:55 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-04-23 06:30:57 ----D---- C:\Windows\Panther
2015-04-23 06:30:57 ----D---- C:\Windows\debug
2015-04-23 06:26:25 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\uTorrent
2015-04-22 11:51:10 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\vlc
2015-04-22 09:12:45 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla
2015-04-20 08:10:13 ----D---- C:\Program Files\EAGLE-6.4.0
2015-04-17 12:22:39 ----D---- C:\Windows\Microsoft.NET
2015-04-17 12:21:55 ----RSD---- C:\Windows\assembly
2015-04-15 21:32:20 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 13:46:35 ----D---- C:\Windows\winsxs
2015-04-15 13:44:16 ----D---- C:\Windows\system32\en-US
2015-04-15 13:44:16 ----D---- C:\Windows\system32\drivers
2015-04-15 13:44:16 ----D---- C:\Windows\system32\cs-CZ
2015-04-15 13:44:15 ----D---- C:\Windows\PolicyDefinitions
2015-04-15 13:44:15 ----D---- C:\Program Files\Internet Explorer
2015-04-15 13:42:34 ----D---- C:\Windows\system32\MRT
2015-04-15 13:35:07 ----A---- C:\Windows\system32\MRT.exe
2015-04-15 12:12:17 ----D---- C:\Windows\system32\catroot2
2015-04-10 07:35:56 ----D---- C:\Windows\system32\DriverStore
2015-04-10 07:35:23 ----D---- C:\ProgramData
2015-04-06 10:29:27 ----D---- C:\Windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-03-10 51824]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2013-06-03 46096]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-05-09 21576]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-03-10 193464]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-03-10 135808]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-03-10 37928]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-03-10 176448]
R3 5U876UVC;HP Webcam [2 MP series]; C:\Windows\system32\DRIVERS\5U876.sys [2009-11-13 114688]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2013-09-26 4268608]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 MLPTDR_N;MLPTDR_N; \??\C:\Windows\system32\MLPTDR_N.SYS [2003-07-18 18848]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 catchme;catchme; \??\C:\Users\OTAKAR~1\AppData\Local\Temp\catchme.sys []
S3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2013-10-10 13464]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-17 143872]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-13 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-23 148080]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer; C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2012-11-08 174176]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-23 1343400]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 04 kvě 2015 08:53

Krasny den Vam preju

Prohlizec mate v soucasne dobe stale zablokovany?

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

rakato11 · #3 Příspěvek od **rakato11** » 04 kvě 2015 09:12

Tak prohlížeč se mi podařilo různým klikáním zprovoznit.
Zde dávám log z AdwCleaner, doufám že jsem vše provedl správně.

# AdwCleaner v4.203 - Log vytvořen 04/05/2015 v 10:04:45
# Aktualizováno 30/04/2015 by Xplode
# Databáze : 2015-05-02.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x86)
# Uživatelské jméno : Otakar Vavrečka - PC-OTAKAR
# Spuštěno z : C:\Users\Otakar Vavrečka\Desktop\adwcleaner_4.203.exe
# Nastavení : Čištění

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\ytd video downloader
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Složka Smazáno : C:\Program Files\oTweak
Složka Smazáno : C:\Users\Otakar Vavrečka\AppData\Local\FileViewPro
Složka Smazáno : C:\Users\Otakar Vavrečka\AppData\Local\DriverToolkit
Složka Smazáno : C:\Users\Otakar Vavrečka\AppData\Roaming\Ignite
Složka Smazáno : C:\Users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oTweak Software
Složka Smazáno : C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Soubor Smazáno : C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage
Soubor Smazáno : C:\Windows\system32\drivers\sp_rsdrv2.sys

***** [ Naplánované úlohy ] *****

Úloha Smazáno : Start Registry Reviver
Úloha Smazáno : ParetoLogic Update Version3 Startup Task

***** [ Zástupci ] *****

***** [ Registry ] *****

***** [ Prohlížeče ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v37.0.2 (x86 cs)

-\\ Google Chrome v39.0.2171.99

[C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&b ... 6&tsp=4920
[C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121125&babsrc=SP_ss&mntrId=c8b9cbef000000000000c417fe29afa8
[C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&b ... 6&tsp=4920
[C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Default_Search_Provider_Data] : hxxp://www.delta-search.com/?q={searchTerms}&b ... 6&tsp=4920

*************************

AdwCleaner[R2].txt - [1208 bytů] - [02/11/2014 12:02:14]
AdwCleaner[R3].txt - [2878 bytů] - [04/05/2015 10:02:48]
AdwCleaner[S2].txt - [1270 bytů] - [02/11/2014 12:08:21]
AdwCleaner[S3].txt - [2787 bytů] - [04/05/2015 10:04:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2845 bytů] ##########

#4 Příspěvek od **altrok** » 04 kvě 2015 09:42

Pri navsteve jakeho webu k zablokovani doslo?

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928

Upozorneni: tento sken zabere od 30 minut po nekolik hodin

rakato11 · #5 Příspěvek od **rakato11** » 04 kvě 2015 21:25

K zablokování došlo když jsem hledal inspiraci na porno serveru

.

provedl jsem vlastní sken s pomocí MBAM ale nejsem si jist zda jsem získal správný log. Během skenu mi 2x vyskočila nalezená hrozba ale pomocí antivírusu co mám nainstalovaný ESET Smart Security 8, ty jsem dal do karantény, jedna hrozba se mi objevila v historii MBAM.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4.5.2015
Čas skenování: 19:17:54
Protokol: Záznam.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.05.04.05
Databáze rootkitů: v2015.04.21.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Otakar VavreÄ?ka

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 679622
Uplynulý čas: 2 hod, 50 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

rakato11 · #6 Příspěvek od **rakato11** » 04 kvě 2015 21:34

Ještě jsem našel toto:

rakato11 · #7 Příspěvek od **rakato11** » 04 kvě 2015 21:38

A ještě toto:

#8 Příspěvek od **altrok** » 04 kvě 2015 21:38

Jsme lidi, takze proc se hanbit

Doporucuji na podobne aktivity pouzivat nastroje typu Sandboxie, VirtualBox apod.

V jakem umisteni ESET hlasil nalezy?

rakato11 · #9 Příspěvek od **rakato11** » 05 kvě 2015 05:19

Říká se "Ráno moudřejší večera", tak jsem se asi dopracoval k logu který požadujete

, nalezl jsem jej zde v této složce: C:\ProgramData\Malwarebytes\Malware-bytes Anti-Malware\Logs\mbam-log-2015-05-04(18-55-28).xml
Zde je

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="1" datetime="2015-05-04T11:11:00.509754+02:00" source="Manual" type="Update" username="SYSTEM" systemname="PC-OTAKAR" fromVersion="2015.2.25.1" last_modified_tag="34fb7b6f-1aed-486b-a826-cac6f173b3af" name="Rootkit Database" toVersion="2015.4.21.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-05-04T11:11:00.537756+02:00" source="Manual" type="Update" username="SYSTEM" systemname="PC-OTAKAR" fromVersion="2015.3.9.1" last_modified_tag="0463bb7a-6427-467a-b506-66e457483fe5" name="Remediation Database" toVersion="2015.4.22.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-05-04T11:11:24.091103+02:00" source="Manual" type="Update" username="SYSTEM" systemname="PC-OTAKAR" fromVersion="2015.3.9.5" last_modified_tag="5d112160-4452-4ac9-86fa-be3dc7033712" name="Malware Database" toVersion="2015.5.4.2"></record>
<record severity="debug" LoggingEventType="4" datetime="2015-05-04T14:05:00.053074+02:00" source="Protection" type="Error" username="SYSTEM" systemname="PC-OTAKAR" code="13" last_modified_tag="f3d59ea7-f7d8-448d-a006-58c6bdaf0129" message="IsLicensed"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-05-04T14:05:00.084274+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="PC-OTAKAR" last_modified_tag="22b6cb1b-52bb-4e38-8ae9-cfc6db837b71" result="Stopping" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-05-04T14:05:00.084274+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="PC-OTAKAR" last_modified_tag="62d74bfa-2c88-4e97-8b68-fb9fd51e87f0" result="Stopped" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="4" datetime="2015-05-04T18:48:02.241882+02:00" source="Protection" type="Error" username="SYSTEM" systemname="PC-OTAKAR" code="13" last_modified_tag="3d381bf5-c28f-4375-97ee-b9cc0ed71c29" message="IsLicensed"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-05-04T18:48:02.257482+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="PC-OTAKAR" last_modified_tag="b43cc2bc-1838-4eac-b0a8-f36ec1297589" result="Stopping" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-05-04T18:48:02.257482+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="PC-OTAKAR" last_modified_tag="42eb2094-ed8d-4817-a9a2-60b30049a9b5" result="Stopped" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-05-04T18:55:54.146105+02:00" source="Manual" type="Update" username="SYSTEM" systemname="PC-OTAKAR" fromVersion="2015.5.4.2" last_modified_tag="572d7e83-abc3-47c1-95ff-152f241c0118" name="Malware Database" toVersion="2015.5.4.4"></record>
<record severity="debug" scantype="threat" LoggingEventType="6" starttime="2015-05-04T18:55:54+02:00" datetime="2015-05-04T19:15:36.420727+02:00" source="Manual" type="Scan" username="SYSTEM" systemname="PC-OTAKAR" last_modified_tag="7f4bcc94-81f0-4341-b234-67236e0583c3" duration="1155" malwaredetections="0" nonmalwaredetections="1" scanresult="completed"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-05-04T19:17:53.779583+02:00" source="Manual" type="Update" username="SYSTEM" systemname="PC-OTAKAR" fromVersion="2015.5.4.4" last_modified_tag="7c648a4c-2121-4d34-90bc-6025538f270a" name="Malware Database" toVersion="2015.5.4.5"></record>
<record severity="debug" scantype="custom" LoggingEventType="6" starttime="2015-05-04T19:17:54+02:00" datetime="2015-05-04T22:08:33.571266+02:00" source="Manual" type="Scan" username="SYSTEM" systemname="PC-OTAKAR" last_modified_tag="d869b070-c1c3-4b44-a6b7-22cdb709549e" duration="10238" malwaredetections="0" nonmalwaredetections="0" scanresult="completed"></record>
</logs>

S dnešním datumem se tam objevilo ještě toto:

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="4" datetime="2015-05-05T05:41:41.579888+02:00" source="Protection" type="Error" username="SYSTEM" systemname="PC-OTAKAR" code="13" last_modified_tag="59a303dc-4366-4abe-96e9-4e0b8349b244" message="IsLicensed"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-05-05T05:41:41.579888+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="PC-OTAKAR" last_modified_tag="575d5cae-f815-4d2f-8c3d-be8dd30f61f7" result="Stopping" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-05-05T05:41:41.595488+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="PC-OTAKAR" last_modified_tag="f8ddb414-05f6-47d2-a10e-6d2605b37ad8" result="Stopped" subtype="Malware Protection"></record>
</logs>

Ještě jsem našel toto:

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/05/04 18:55:54 +0200</date>
<logfile>mbam-log-2015-05-04 (18-55-28).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.6.1022</version>
<malware-database>v2015.05.04.04</malware-database>
<rootkit-database>v2015.04.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>Otakar Vavrečka</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>368046</objects>
<time>1155</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>1</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<folder><path>C:\Users\Otakar Vavrečka\AppData\Roaming\Sweetpacks</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>2f75d3bc6e1c2b0b0b76734555ae22de</hash></folder>
</items>
</mbam-log>

a ještě

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/05/04 19:17:54 +0200</date>
<logfile>mbam-log-2015-05-04 (19-16-31).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.6.1022</version>
<malware-database>v2015.05.04.05</malware-database>
<rootkit-database>v2015.04.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>Otakar Vavrečka</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>custom</type>
<result>completed</result>
<objects>679622</objects>
<time>10238</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>

#10 Příspěvek od **altrok** » 05 kvě 2015 19:53

V jakem umisteni ESET hlasil nalezy?

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

rakato11 · #11 Příspěvek od **rakato11** » 06 kvě 2015 07:41

Zde je sken karantény ESET kde hlásil ESET nálezy:

rakato11 · #12 Příspěvek od **rakato11** » 06 kvě 2015 07:43

log FRST.txt + Addition.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-05-2015
Ran by Otakar Vavrečka (administrator) on PC-OTAKAR on 06-05-2015 08:26:21
Running from C:\Users\Otakar Vavrečka\Desktop
Loaded Profiles: Otakar Vavrečka (Available profiles: Otakar Vavrečka & Guest)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\SCANJET\PrecisionScanLT\hppwrsav.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Otakar Vavrečka\AppData\Local\Viber\Viber.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
() C:\Users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(TB development & investment, s.r.o.) C:\Program Files\Mamemail\Mamemail Postak\Postak.exe
(Baptiste Girod) C:\Users\Otakar Vavrečka\Desktop\Gmail Notifier Plus.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe
(forum.viry.cz) C:\Users\Otakar Vavrečka\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hppwrsav] => C:\SCANJET\PrecisionScanLT\hppwrsav.exe [23552 1999-06-07] ()
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] => C:\Windows\system32\MSTMON_N.EXE [151552 2004-11-25] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [KONICA MINOLTA PagePro 1400W STD] => C:\Windows\system32\MSTMON_Y.EXE [184320 2006-03-01] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET)
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\...\Run: [Viber] => C:\Users\Otakar Vavrečka\AppData\Local\Viber\Viber.exe [936656 2014-09-02] ()
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\...\Run: [MP3 Skype Recorder] => C:\Users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [1544704 2014-08-08] ()
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\...\Run: [Seznam Postak] => C:\Users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe [491040 2012-01-10] ()
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\...\Run: [EPSON Stylus SX200 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [188928 2007-12-13] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-05-14]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mámemail Pošťák.lnk [2015-04-28]
ShortcutTarget: Mámemail Pošťák.lnk -> C:\Program Files\Mamemail\Mamemail Postak\Postak.exe (TB development & investment, s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2014-12-22] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2014-12-22] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2014-12-22] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2014-12-22] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2014-12-22] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2014-12-22] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-505298747-3480647553-2469496864-1000 -> {AA1A8F4B-E651-4E8B-B7F0-B1F0544A65BF} URL = http://tv.seznam.cz/hledej?w={searchTer ... kSearch_12
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-505298747-3480647553-2469496864-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-505298747-3480647553-2469496864-1000: @talk.google.com/O1DPlugin -> C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-505298747-3480647553-2469496864-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-505298747-3480647553-2469496864-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Otakar Vavrečka\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Otakar Vavrečka\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Widevine Media Optimizer - C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2014-09-03]
FF Extension: Video DownloadHelper - C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-23]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Otakar Vavreka\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Otakar Vavreka\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
CHR Profile: C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-21]
CHR Extension: (Google Drive) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-21]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2013-02-21]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2013-02-21]
CHR Extension: (YouTube) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-21]
CHR Extension: (Google Search) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-21]
CHR Extension: (Avast Online Security) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-28]
CHR Extension: (IMPI) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap [2013-03-07]
CHR Extension: (Google Wallet) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2013-02-21]
CHR Extension: (Gmail) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-21]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2015-01-28] (ESET)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U876UVC; C:\Windows\System32\DRIVERS\5U876.sys [114688 2009-11-13] (Ricoh co.,Ltd.)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-03-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [176448 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37928 2015-03-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [51824 2015-03-10] (ESET)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S2 MLPTDR_N; C:\Windows\system32\MLPTDR_N.SYS [18848 2003-07-18] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2013-06-03] (Corel Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-10-10] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\OTAKAR~1\AppData\Local\Temp\catchme.sys [X]
S3 StarOpen; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:26 - 2015-05-06 08:27 - 00019021 _____ () C:\Users\Otakar Vavrečka\Desktop\FRST.txt
2015-05-06 08:26 - 2015-05-06 08:26 - 00000000 ____D () C:\FRST
2015-05-06 08:24 - 2015-05-06 08:24 - 00112640 _____ (forum.viry.cz) C:\Users\Otakar Vavrečka\Desktop\FRSTLauncher.exe
2015-05-06 08:23 - 2015-05-06 08:23 - 01140736 _____ (Farbar) C:\Users\Otakar Vavrečka\Desktop\FRST.exe
2015-05-04 22:13 - 2015-05-04 22:13 - 00001173 _____ () C:\Users\Otakar Vavrečka\Desktop\Záznam.txt
2015-05-04 14:04 - 2015-05-04 14:04 - 00000356 _____ () C:\Windows\PFRO.log
2015-05-04 11:10 - 2015-05-05 06:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-04 11:10 - 2015-05-04 11:10 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-04 11:10 - 2015-05-04 11:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-04 11:10 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-04 11:10 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-04 11:10 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-04 11:07 - 2015-05-04 11:08 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Otakar Vavrečka\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-04 10:01 - 2015-05-04 10:01 - 02204160 _____ () C:\Users\Otakar Vavrečka\Desktop\adwcleaner_4.203.exe
2015-05-04 08:57 - 2015-05-04 08:57 - 01107968 _____ () C:\Users\Otakar Vavrečka\Desktop\RSIT.exe
2015-05-03 16:13 - 2015-05-03 18:02 - 00000000 ____D () C:\Users\Otakar Vavrečka\Desktop\Náš dům
2015-04-28 08:01 - 2015-04-28 08:09 - 00000000 ____D () C:\Users\Otakar Vavrečka\Desktop\Štěpení ovocných stromů
2015-04-28 06:23 - 2015-04-28 06:23 - 00000000 ____D () C:\Users\Otakar Vavrečka\AppData\Local\TB_development_&_investme
2015-04-28 06:22 - 2015-05-03 20:41 - 00001133 _____ () C:\Users\Public\Desktop\Mámemail Pošťák.lnk
2015-04-28 06:22 - 2015-05-03 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mámemail Pošťák
2015-04-28 06:22 - 2015-05-03 20:41 - 00000000 ____D () C:\Program Files\Mamemail
2015-04-23 08:00 - 2015-05-06 07:53 - 00003310 _____ () C:\Windows\setupact.log
2015-04-23 08:00 - 2015-04-23 08:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-23 06:32 - 2015-04-23 06:32 - 00018896 _____ () C:\Users\Otakar Vavrečka\Documents\cc_20150423_063210.reg
2015-04-23 06:32 - 2015-04-23 06:32 - 00001334 _____ () C:\Users\Otakar Vavrečka\Documents\cc_20150423_063237.reg
2015-04-23 05:29 - 2015-04-23 05:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-22 09:57 - 2015-04-22 09:57 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-20 18:50 - 2015-04-20 18:50 - 03432388 _____ () C:\Users\Otakar Vavrečka\Desktop\Toolstation - Not Under My Roof (Low).mp4
2015-04-20 08:00 - 2015-04-20 08:05 - 00000000 ____D () C:\Users\Otakar Vavrečka\Desktop\Hláška EAGLE
2015-04-15 12:19 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 12:19 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 12:19 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 12:19 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 12:19 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 12:18 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 12:18 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 12:18 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 12:18 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 12:18 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 12:18 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 12:18 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 12:18 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 12:18 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 12:18 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 12:18 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 12:18 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 12:18 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 12:18 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 12:18 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 12:18 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 12:18 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 12:18 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 12:18 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 12:18 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 12:18 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 12:18 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 12:18 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 12:18 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 12:18 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 12:18 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 12:18 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 12:18 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 12:18 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 12:18 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 12:18 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 12:18 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 12:18 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 12:18 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 12:18 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 12:18 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 12:18 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 12:18 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 12:18 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 12:18 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 12:18 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 12:18 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 12:18 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 12:18 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 12:18 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 12:18 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 12:16 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 12:16 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 12:16 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 12:16 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 12:16 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 12:16 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 12:16 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 12:16 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 12:16 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 12:16 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 12:16 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 12:16 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 12:16 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 12:16 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-10 07:35 - 2015-04-10 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-04-10 07:35 - 2015-04-10 07:35 - 00000000 ____D () C:\ProgramData\ESET

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:00 - 2009-07-14 06:34 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 08:00 - 2009-07-14 06:34 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-06 07:59 - 2011-02-22 15:31 - 01206959 _____ () C:\Windows\WindowsUpdate.log
2015-05-06 07:55 - 2014-09-15 17:27 - 00000000 ____D () C:\Users\Otakar Vavrečka\AppData\Roaming\ViberPC
2015-05-06 07:54 - 2014-09-15 17:25 - 00000000 ____D () C:\Users\Otakar Vavrečka\AppData\Local\Viber
2015-05-06 07:54 - 2011-05-21 08:43 - 00000039 _____ () C:\Windows\VTWAIN.INI
2015-05-06 07:53 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-05 20:31 - 2014-10-15 20:11 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-05 20:22 - 2011-02-23 00:03 - 00000000 ____D () C:\Users\Otakar Vavrečka\AppData\Roaming\Skype
2015-05-05 07:48 - 2011-02-22 15:51 - 01587926 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-04 10:13 - 2014-11-02 12:02 - 00000000 ____D () C:\AdwCleaner
2015-05-04 08:58 - 2015-01-23 14:01 - 00000000 ____D () C:\rsit
2015-05-04 08:58 - 2014-09-13 13:29 - 00000000 ____D () C:\Program Files\trend micro
2015-05-03 17:13 - 2013-04-05 15:57 - 00000495 _____ () C:\stub.log
2015-05-03 11:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-29 14:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-29 14:09 - 2011-02-23 00:03 - 00000000 ____D () C:\ProgramData\Skype
2015-04-23 07:59 - 2014-11-03 22:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-23 06:30 - 2011-02-23 00:26 - 00000000 ____D () C:\Windows\Panther
2015-04-23 06:26 - 2014-09-18 22:30 - 00000000 ____D () C:\Users\Otakar Vavrečka\AppData\Roaming\uTorrent
2015-04-22 11:51 - 2013-04-10 08:18 - 00000000 ____D () C:\Users\Otakar Vavrečka\AppData\Roaming\vlc
2015-04-22 09:12 - 2011-02-22 17:09 - 00000000 ____D () C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla
2015-04-20 08:36 - 2015-01-26 06:55 - 00000000 ____D () C:\Users\Otakar Vavrečka\Documents\eagle
2015-04-20 08:10 - 2013-12-30 00:54 - 00000000 ____D () C:\Program Files\EAGLE-6.4.0
2015-04-17 12:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 21:32 - 2012-04-03 11:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 21:32 - 2011-05-18 12:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 13:42 - 2013-08-14 07:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 13:35 - 2011-02-23 09:18 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-08-28 18:17 - 2013-06-08 21:07 - 0001189 _____ () C:\Users\Otakar Vavrečka\AppData\Roaming\vso_ts_preview.xml
2012-03-07 12:43 - 2014-04-01 08:43 - 0012288 _____ () C:\Users\Otakar Vavrečka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-28 10:31 - 2011-08-28 10:31 - 0000061 _____ () C:\Users\Otakar Vavrečka\AppData\Local\SRDownloader.err
2011-07-07 07:28 - 2013-06-10 21:39 - 0000888 _____ () C:\Users\Otakar Vavrečka\AppData\Local\SRDownloader.nast
2011-08-06 12:27 - 2011-08-06 12:27 - 0000000 _____ () C:\Users\Otakar Vavrečka\AppData\Local\{C9479304-8CCB-45C2-B189-3DC354E03AA2}
2011-02-23 00:05 - 2011-02-23 00:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-08-11 07:17 - 2011-08-11 07:17 - 0005115 _____ () C:\ProgramData\mtbjfghn.xbe

Some content of TEMP:
====================
C:\Users\Otakar Vavrečka\AppData\Local\temp\Quarantine.exe
C:\Users\Otakar Vavrečka\AppData\Local\temp\sqlite3.dll
C:\Users\Otakar Vavrečka\AppData\Local\temp\vlc-2.2.1-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6a811f49157b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b84abba174e.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personálny Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Otakar Vavre�ka\Desktop" je 4014 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#13 Příspěvek od **altrok** » 06 kvě 2015 10:40

Odinstalujte starou a zranitelnou verzi javy Java 7 Update 45. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit.

Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC. Doporucuji hlavne velke soubory a slozky premistit napr. do Dokumentu a na plochu umistit pouze zastupce.

Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7

Otestujte na virustotal.com C:\Users\Otakar Vavrecka\AppData\Local\Viber\Helper.dll - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (IMPI) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap [2013-03-07]

S3 catchme; \??\C:\Users\OTAKAR~1\AppData\Local\Temp\catchme.sys [X]
S3 StarOpen; No ImagePath

2015-05-06 08:24 - 2015-05-06 08:24 - 00112640 _____ (forum.viry.cz) C:\Users\Otakar Vavrečka\Desktop\FRSTLauncher.exe
2015-05-04 10:01 - 2015-05-04 10:01 - 02204160 _____ () C:\Users\Otakar Vavrečka\Desktop\adwcleaner_4.203.exe
2015-05-04 08:57 - 2015-05-04 08:57 - 01107968 _____ () C:\Users\Otakar Vavrečka\Desktop\RSIT.exe
2015-05-04 10:13 - 2014-11-02 12:02 - 00000000 ____D () C:\AdwCleaner
2015-05-04 08:58 - 2015-01-23 14:01 - 00000000 ____D () C:\rsit
2015-05-04 08:58 - 2014-09-13 13:29 - 00000000 ____D () C:\Program Files\trend micro
2011-08-11 07:17 - 2011-08-11 07:17 - 0005115 _____ () C:\ProgramData\mtbjfghn.xbe

Task: {01047422-95F6-4E41-84A4-87D3D7C76CB2} - System32\Tasks\{4C8D54F2-DDF6-4479-8A11-A98C6C789A9B} => C:\Users\Otakar Vavrečka\Desktop\irfanview_plugins_428_setup.exe
Task: {0E254001-364F-49D5-A921-1E0E464085C7} - System32\Tasks\{325F6EB9-FED7-410B-A67D-25CFDA5E7EE4} => pcalua.exe -a "C:\Users\Otakar Vavrečka\Desktop\postak-2.3.6.exe" -d "C:\Users\Otakar Vavrečka\Desktop"
Task: {5302599F-64B6-4015-8726-FB1C8D5BF48D} - System32\Tasks\{006A77B3-9759-4B64-8379-1A27B92BE7F8} => pcalua.exe -a C:\Windows\TEMP\avast_ash\IrfanView\iview435_setup.exe -d "C:\Program Files\Alwil Software\Avast5"
Task: {FB21E31A-4C6F-4E57-9950-3A376BF4D938} - System32\Tasks\{69B760FF-CCC5-4229-A66C-152545DF8B4D} => pcalua.exe -a "C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX40.240\Revo Uninstaller Pro 2.5.8 Multilang+crack.waqarr\crack\RevoUninPro.exe" -d "C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX40.240\Revo Uninstaller Pro 2.5.8 Multilang+crack.waqarr\crack"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6a811f49157b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b84abba174e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End

rakato11 · #14 Příspěvek od **rakato11** » 06 kvě 2015 12:52

Toto se mi nepodařilo provést, nenalezl jsem ve svém počítači. AppData a dále jsem nenalezl.
Otestujte na virustotal.com C:\Users\Otakar Vavrecka\AppData\Local\Viber\Helper.dll - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-05-2015
Ran by Otakar Vavrečka at 2015-05-06 13:42:18 Run:1
Running from C:\Users\Otakar Vavrečka\Desktop
Loaded Profiles: Otakar Vavrečka (Available profiles: Otakar Vavrečka & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (IMPI) - C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap [2013-03-07]

S3 catchme; \??\C:\Users\OTAKAR~1\AppData\Local\Temp\catchme.sys [X]
S3 StarOpen; No ImagePath

2015-05-06 08:24 - 2015-05-06 08:24 - 00112640 _____ (forum.viry.cz) C:\Users\Otakar Vavrečka\Desktop\FRSTLauncher.exe
2015-05-04 10:01 - 2015-05-04 10:01 - 02204160 _____ () C:\Users\Otakar Vavrečka\Desktop\adwcleaner_4.203.exe
2015-05-04 08:57 - 2015-05-04 08:57 - 01107968 _____ () C:\Users\Otakar Vavrečka\Desktop\RSIT.exe
2015-05-04 10:13 - 2014-11-02 12:02 - 00000000 ____D () C:\AdwCleaner
2015-05-04 08:58 - 2015-01-23 14:01 - 00000000 ____D () C:\rsit
2015-05-04 08:58 - 2014-09-13 13:29 - 00000000 ____D () C:\Program Files\trend micro
2011-08-11 07:17 - 2011-08-11 07:17 - 0005115 _____ () C:\ProgramData\mtbjfghn.xbe

Task: {01047422-95F6-4E41-84A4-87D3D7C76CB2} - System32\Tasks\{4C8D54F2-DDF6-4479-8A11-A98C6C789A9B} => C:\Users\Otakar Vavrečka\Desktop\irfanview_plugins_428_setup.exe
Task: {0E254001-364F-49D5-A921-1E0E464085C7} - System32\Tasks\{325F6EB9-FED7-410B-A67D-25CFDA5E7EE4} => pcalua.exe -a "C:\Users\Otakar Vavrečka\Desktop\postak-2.3.6.exe" -d "C:\Users\Otakar Vavrečka\Desktop"
Task: {5302599F-64B6-4015-8726-FB1C8D5BF48D} - System32\Tasks\{006A77B3-9759-4B64-8379-1A27B92BE7F8} => pcalua.exe -a C:\Windows\TEMP\avast_ash\IrfanView\iview435_setup.exe -d "C:\Program Files\Alwil Software\Avast5"
Task: {FB21E31A-4C6F-4E57-9950-3A376BF4D938} - System32\Tasks\{69B760FF-CCC5-4229-A66C-152545DF8B4D} => pcalua.exe -a "C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX40.240\Revo Uninstaller Pro 2.5.8 Multilang+crack.waqarr\crack\RevoUninPro.exe" -d "C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX40.240\Revo Uninstaller Pro 2.5.8 Multilang+crack.waqarr\crack"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6a811f49157b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b84abba174e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-505298747-3480647553-2469496864-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-505298747-3480647553-2469496864-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap => Moved successfully.
catchme => Service deleted successfully.
StarOpen => Service deleted successfully.
C:\Users\Otakar Vavrečka\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Otakar Vavrečka\Desktop\adwcleaner_4.203.exe => Moved successfully.
C:\Users\Otakar Vavrečka\Desktop\RSIT.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\ProgramData\mtbjfghn.xbe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01047422-95F6-4E41-84A4-87D3D7C76CB2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01047422-95F6-4E41-84A4-87D3D7C76CB2}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4C8D54F2-DDF6-4479-8A11-A98C6C789A9B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C8D54F2-DDF6-4479-8A11-A98C6C789A9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E254001-364F-49D5-A921-1E0E464085C7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E254001-364F-49D5-A921-1E0E464085C7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{325F6EB9-FED7-410B-A67D-25CFDA5E7EE4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{325F6EB9-FED7-410B-A67D-25CFDA5E7EE4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5302599F-64B6-4015-8726-FB1C8D5BF48D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5302599F-64B6-4015-8726-FB1C8D5BF48D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{006A77B3-9759-4B64-8379-1A27B92BE7F8} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{006A77B3-9759-4B64-8379-1A27B92BE7F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB21E31A-4C6F-4E57-9950-3A376BF4D938}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB21E31A-4C6F-4E57-9950-3A376BF4D938}" => Key deleted successfully.
C:\Windows\System32\Tasks\{69B760FF-CCC5-4229-A66C-152545DF8B4D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{69B760FF-CCC5-4229-A66C-152545DF8B4D}" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6a811f49157b.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b84abba174e.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 586.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 13:43:27 ====

#15 Příspěvek od **altrok** » 06 kvě 2015 13:39

Slozka AppData je standardne skryta:

Start -> Spustit
do okna zadejte: control folders
prekliknete se nahore na kartu Zobrazeni
vyborete moznost Zobrazovat skryte soubory, slozky...
kliknete na Pouzit

Ted by melo byt mozne se k souboru dostat.

VIRY.CZ

Policejní vírus zablokoval prohlížeč

Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč

Re: Policejní vírus zablokoval prohlížeč