Mocinky prosím,o omrknutí. Zpomalil se a hlavně při kliknutí na otevření požadovaného programu otevírá náhodně... algocashmaster.com,
neb tradea...., neb escomafilter... až na podruhé otevře správný. Díky
Logfile of random's system information tool 1.10 (written by random/random)
Run by Jirka at 2016-02-29 07:20:38
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 490 GB (69%) free of 715 GB
Total RAM: 3053 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:21:01, on 29.2.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16748)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\AVG\Av\avgui.exe
C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\CIGLER SOFTWARE\Money S3\MonS3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jirka\Downloads\RSIT.exe
C:\Program Files\trend micro\Jirka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blesk.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://un-stop.com/wpad.dat?37dd32ce0ae ... 3a46824534
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: InternetPanelBHO - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\Av\avuirunnerx.exe" C:\Program Files\AVG\Av\avgui.exe
O4 - HKLM\..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\PowerChute Personal Edition\Display.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - https://biz.lgservice.com/DATA/cab/djvu ... r34387.cab
O16 - DPF: {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} (FormApps Plug-in) - https://eportal.cssz.cz/fas/page/active ... bff_cs.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - https://adisepo.mfcr.cz/adistc/adis/idp ... tsignx.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Abelssoft Admin-Service (AbAdminService) - Ascora GmbH - C:\Program Files\ToolbarTerminator\AbAdminService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgwdsvcx.exe
O23 - Service: FileOpen Manager (FileOpenManager) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManager32.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
--
End of file - 6560 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.idnes.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@cuminas.jp/DjVuPlugin]
"Description"=Document Express DjVu Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default\searchplugins\
seznam.cz-165656.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07 176736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-14 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
Internet Panel - C:\Program Files\NetSoftware\IEHelper.dll [2016-02-28 538608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-14 172640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07 4439128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-05-11 151552]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"AVG_UI"=C:\Program Files\AVG\Av\avuirunnerx.exe [2016-02-01 25512]
"FileOpenBroker"=C:\Program Files\FileOpen\Services\FileOpenBroker32.exe [2015-07-17 919872]
"AvgUi"=C:\Program Files\AVG\Framework\Common\avguirnx.exe [2016-02-18 179624]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]
"NetSoftware"=C:\Program Files\NetSoftware\Starter.exe [2016-02-09 223216]
"Wondershare Helper Compact.exe"=C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2014-02-20 1994752]
"ProductUpdater"=C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [2016-02-10 73216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files\APC\PowerChute Personal Edition\Display.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"VIDC.FMVC"=fmcodec.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"VIDC.VP80"=vp8vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2016-02-29 07:20:38 ----D---- C:\rsit
2016-02-28 18:18:00 ----A---- C:\kkkk.txt
2016-02-28 15:33:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2016-02-28 13:27:17 ----D---- C:\Program Files\Common Files\Freemake Shared
2016-02-28 13:01:02 ----D---- C:\Program Files\Common Files\Wondershare
2016-02-27 13:28:47 ----D---- C:\Users\Jirka\AppData\Roaming\AVS4YOU
2016-02-27 13:27:38 ----D---- C:\ProgramData\AVS4YOU
2016-02-27 13:27:38 ----D---- C:\Program Files\Common Files\AVSMedia
2016-02-27 13:27:38 ----D---- C:\Program Files\AVS4YOU
2016-02-27 11:38:45 ----D---- C:\Program Files\ReviverSoft
2016-02-21 20:53:57 ----D---- C:\ProgramData\tmp
2016-02-21 20:53:57 ----D---- C:\ProgramData\hps
2016-02-21 20:36:01 ----D---- C:\Program Files\Drogerie TETA
2016-02-21 16:30:18 ----D---- C:\ProgramData\NetSoftware
2016-02-20 20:55:33 ----A---- C:\Windows\system32\javaws.exe
2016-02-20 20:55:33 ----A---- C:\Windows\system32\javaw.exe
2016-02-20 20:55:33 ----A---- C:\Windows\system32\java.exe
2016-02-19 13:29:40 ----D---- C:\Users\Jirka\AppData\Roaming\DVDVideoSoft
2016-02-13 18:25:12 ----D---- C:\Program Files\Mozilla Firefox
2016-02-13 17:34:55 ----A---- C:\Windows\system32\sdohlp.dll
2016-02-13 17:34:55 ----A---- C:\Windows\system32\sbeio.dll
2016-02-13 17:34:55 ----A---- C:\Windows\system32\sbe.dll
2016-02-13 17:34:55 ----A---- C:\Windows\system32\psisdecd.dll
2016-02-13 17:34:55 ----A---- C:\Windows\system32\iasrecst.dll
2016-02-13 17:34:55 ----A---- C:\Windows\system32\iashost.exe
2016-02-13 17:34:55 ----A---- C:\Windows\system32\iasdatastore.dll
2016-02-13 17:34:55 ----A---- C:\Windows\system32\iasads.dll
2016-02-13 17:34:54 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-13 17:34:54 ----A---- C:\Windows\system32\msorcl32.dll
2016-02-13 17:34:54 ----A---- C:\Windows\system32\EncDec.dll
2016-02-13 17:34:03 ----A---- C:\Windows\system32\advapi32.dll
2016-02-13 17:34:02 ----A---- C:\Windows\system32\rpcrt4.dll
2016-02-13 17:34:02 ----A---- C:\Windows\system32\ole32.dll
2016-02-13 17:34:02 ----A---- C:\Windows\system32\csrsrv.dll
2016-02-13 17:34:01 ----A---- C:\Windows\system32\smss.exe
2016-02-13 17:34:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-02-13 17:34:01 ----A---- C:\Windows\system32\ntdll.dll
2016-02-13 17:34:01 ----A---- C:\Windows\system32\kernel32.dll
2016-02-13 17:34:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-13 17:33:04 ----A---- C:\Windows\system32\win32k.sys
2016-02-13 17:25:03 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-13 17:22:25 ----A---- C:\Windows\system32\kerberos.dll
2016-02-13 16:36:11 ----A---- C:\Windows\system32\urlmon.dll
2016-02-13 16:36:11 ----A---- C:\Windows\system32\mshta.exe
2016-02-13 16:36:11 ----A---- C:\Windows\system32\msfeedssync.exe
2016-02-13 16:36:11 ----A---- C:\Windows\system32\msfeedsbs.dll
2016-02-13 16:36:11 ----A---- C:\Windows\system32\jsproxy.dll
2016-02-13 16:36:10 ----A---- C:\Windows\system32\vbscript.dll
2016-02-13 16:36:10 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-13 16:36:09 ----A---- C:\Windows\system32\wininet.dll
2016-02-13 16:36:09 ----A---- C:\Windows\system32\url.dll
2016-02-13 16:36:09 ----A---- C:\Windows\system32\mshtmled.dll
2016-02-13 16:36:09 ----A---- C:\Windows\system32\jscript.dll
2016-02-13 16:36:09 ----A---- C:\Windows\system32\ieUnatt.exe
2016-02-13 16:36:09 ----A---- C:\Windows\system32\ieui.dll
2016-02-13 16:36:09 ----A---- C:\Windows\system32\iertutil.dll
2016-02-13 16:36:09 ----A---- C:\Windows\system32\ieframe.dll
2016-02-13 16:36:09 ----A---- C:\Windows\system32\dxtmsft.dll
2016-02-13 16:36:06 ----A---- C:\Windows\system32\dxtrans.dll
2016-02-13 16:36:04 ----A---- C:\Windows\system32\mshtml.dll
2016-02-13 16:36:04 ----A---- C:\Windows\system32\jscript9.dll
======List of files/folders modified in the last 1 month======
2016-02-29 07:20:50 ----D---- C:\Windows\Prefetch
2016-02-29 07:20:44 ----D---- C:\Program Files\trend micro
2016-02-29 07:20:37 ----D---- C:\Program Files\NetSoftware
2016-02-29 07:12:38 ----D---- C:\Windows\temp
2016-02-29 06:37:55 ----D---- C:\Program Files\Příjmové a výdajové doklady
2016-02-29 06:18:22 ----D---- C:\Windows\system32\drivers
2016-02-28 19:32:14 ----D---- C:\ProgramData\MFAData
2016-02-28 19:20:48 ----RD---- C:\Program Files
2016-02-28 19:08:37 ----SHD---- C:\System Volume Information
2016-02-28 18:29:40 ----D---- C:\Windows\System32
2016-02-28 18:29:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-28 18:29:39 ----D---- C:\Windows\inf
2016-02-28 18:21:06 ----D---- C:\Windows\tracing
2016-02-28 17:43:46 ----D---- C:\Users\Jirka\AppData\Roaming\vlc
2016-02-28 17:19:45 ----D---- C:\POSTA
2016-02-28 15:37:05 ----D---- C:\Users\Jirka\AppData\Roaming\Malwarebytes
2016-02-28 15:23:22 ----D---- C:\Windows
2016-02-28 15:20:44 ----D---- C:\ProgramData
2016-02-28 15:17:54 ----D---- C:\AdwCleaner
2016-02-28 15:10:32 ----SHD---- C:\Windows\Installer
2016-02-28 14:27:45 ----D---- C:\Users\Jirka\AppData\Roaming\Media Player Classic
2016-02-28 13:27:36 ----D---- C:\ProgramData\Freemake
2016-02-28 13:27:17 ----D---- C:\Program Files\Freemake
2016-02-28 13:27:17 ----D---- C:\Program Files\Common Files
2016-02-28 13:10:15 ----D---- C:\Program Files\Wondershare
2016-02-28 12:33:27 ----D---- C:\Program Files\Mozilla Maintenance Service
2016-02-28 12:23:38 ----D---- C:\Program Files\Google
2016-02-28 12:23:35 ----D---- C:\Windows\Tasks
2016-02-28 11:38:45 ----D---- C:\Users\Jirka\AppData\Roaming\Seznam.cz
2016-02-28 11:38:08 ----D---- C:\Program Files\Seznam.cz
2016-02-27 12:16:10 ----D---- C:\Windows\system32\Tasks
2016-02-27 09:25:08 ----RSD---- C:\Windows\assembly
2016-02-27 09:18:37 ----D---- C:\Program Files\Ashampoo
2016-02-27 09:09:20 ----D---- C:\ProgramData\Ashampoo
2016-02-27 09:06:19 ----A---- C:\Windows\win.ini
2016-02-26 07:09:27 ----D---- C:\Program Files\Recuva
2016-02-25 14:42:12 ----D---- C:\Program Files\ZTE
2016-02-25 14:42:01 ----D---- C:\Windows\system32\catroot
2016-02-25 14:41:56 ----D---- C:\Program Files\T-Mobile
2016-02-22 13:53:16 ----D---- C:\Windows\Debug
2016-02-20 20:55:16 ----D---- C:\Program Files\Java
2016-02-20 14:50:01 ----D---- C:\Windows\system32\catroot2
2016-02-19 14:20:08 ----D---- C:\Users\Jirka\AppData\Roaming\dvdcss
2016-02-14 20:29:26 ----SD---- C:\Users\Jirka\AppData\Roaming\Microsoft
2016-02-14 08:39:43 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2016-02-13 18:03:17 ----D---- C:\Windows\Microsoft.NET
2016-02-13 17:57:08 ----D---- C:\Windows\rescache
2016-02-13 17:37:57 ----D---- C:\Program Files\Windows Collaboration
2016-02-13 17:37:53 ----D---- C:\Windows\system32\cs-CZ
2016-02-13 17:37:52 ----D---- C:\Windows\system32\migration
2016-02-13 17:37:48 ----D---- C:\Program Files\Internet Explorer
2016-02-13 17:37:46 ----D---- C:\Program Files\Windows Journal
2016-02-13 17:35:22 ----D---- C:\Windows\winsxs
2016-02-13 17:31:58 ----D---- C:\Windows\system32\MRT
2016-02-13 17:25:31 ----A---- C:\Windows\system32\mrt.exe
2016-02-13 16:36:35 ----A---- C:\Windows\system32\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2016-01-08 207792]
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2015-08-14 308656]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2016-01-22 198576]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2015-12-04 37296]
R0 Avgunivx;AVG Universal Driver; C:\Windows\system32\DRIVERS\avgunivx.sys [2016-01-08 23472]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2006-05-11 247808]
R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2015-11-06 149936]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2016-01-05 257456]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2015-11-20 31664]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2015-10-21 229296]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2015-10-08 231856]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2014-12-10 43296]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-18 220672]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2007-07-09 44416]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2013-02-19 10919200]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-18 45624]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 35328]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2011-08-15 32408]
S3 cpuz135;cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys []
S3 cpuz136;cpuz136; \??\C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [2013-08-24 25320]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\Windows\system32\DRIVERS\HidBatt.sys [2008-01-18 21504]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver; \??\C:\Windows\system32\drivers\massfilter_hs.sys [2011-08-15 15896]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\Windows\system32\drivers\sfng32.sys [2005-12-02 41728]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\sthda.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-07-12 73344]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary; C:\Windows\system32\DRIVERS\zghsmdm.sys [2011-08-15 113688]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 APC Data Service;APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [2016-02-01 3881184]
R2 avgsvc;AVG Service; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [2016-02-18 865704]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\Av\avgwdsvcx.exe [2016-02-01 561104]
R2 FileOpenManager;FileOpen Manager; C:\Program Files\FileOpen\Services\FileOpenManager32.exe [2015-07-17 219968]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2016-02-10 108032]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-05-11 90112]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 AbAdminService;Abelssoft Admin-Service; C:\Program Files\ToolbarTerminator\AbAdminService.exe [2015-01-22 30984]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-02-11 146888]
S3 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 634656]
S3 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-13 269504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-04-11 772296]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Infekce
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Infekce
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Infekce
Prosím:
oek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jirka on po 29.02.2016 at 13:38:36,94.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jirka\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
29.2.2016 13:39:51 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\Cuminas deleted successfully
C:\Program Files\Drogerie TETA deleted successfully
C:\Program Files\FreeTime deleted successfully
C:\Program Files\GRETECH deleted successfully
C:\Program Files\GridinSoft Trojan Killer deleted successfully
C:\Program Files\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\ReviverSoft deleted successfully
C:\Program Files\Seznam.cz deleted successfully
C:\Program Files\T-Mobile deleted successfully
C:\Program Files\Xesc & Technology deleted successfully
C:\Program Files\YTD deleted successfully
C:\Program Files\ZTE deleted successfully
C:\Program Files\Common Files\Nero deleted successfully
C:\Program Files\Common Files\PDF Architect deleted successfully
C:\PROGRA~2\KASTNER software deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~2\ProductData deleted successfully
C:\PROGRA~2\WinZip deleted successfully
C:\Users\Jirka\AppData\Roaming\0U1E1Q1T2Z1P0S2Z1T1C deleted successfully
C:\Users\Jirka\AppData\Roaming\Dropbox deleted successfully
C:\Users\Jirka\AppData\Roaming\Kastner software deleted successfully
C:\Users\Jirka\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Jirka\AppData\Roaming\Nico Mak Computing deleted successfully
C:\Users\Jirka\AppData\Roaming\Opera Software deleted successfully
C:\Users\Jirka\AppData\Roaming\Smart PC Solutions deleted successfully
C:\Users\Jirka\AppData\Roaming\xVideoServiceThief deleted successfully
C:\Users\Jirka\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully
C:\Users\Jirka\AppData\Local\CrashDumps deleted successfully
C:\Users\Jirka\AppData\Local\GHISLER deleted successfully
C:\Users\Jirka\AppData\Local\Opera Software deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.idnes.cz/");
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.selectedEngine", "");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default
user.js not found
---- Lines ORJ-SPE removed from prefs.js ----
user_pref("extensions.ORJ-SPE.domain", "");
user_pref("extensions.ORJ-SPE.hpr_ff", "");
---- FireFox user.js and prefs.js backups ----
prefs_29.02.2016_1358_.backup
==== Deleting Files \ Folders ======================
C:\Program Files\Cuminas not found
C:\Program Files\Drogerie TETA not found
C:\Program Files\FreeTime not found
C:\Program Files\GRETECH not found
C:\Program Files\GridinSoft Trojan Killer not found
C:\Program Files\ReviverSoft not found
C:\Program Files\Seznam.cz not found
C:\Program Files\T-Mobile not found
C:\Program Files\Xesc & Technology not found
C:\Program Files\YTD not found
C:\Program Files\ZTE not found
C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) not found
C:\Program Files\PSPad editor deleted
C:\Users\Jirka\AppData\Roaming\calibre deleted
C:\Program Files\PostSignumToolPlus deleted
C:\Users\Jirka\.android deleted
C:\Program Files\ToolbarTerminator deleted
C:\Program Files\Wondershare deleted
C:\Users\Jirka\AppData\Roaming\Wondershare deleted
C:\Users\Jirka\AppData\Roaming\trueburner.ini deleted
C:\Users\Jirka\AppData\Roaming\GetRightToGo deleted
C:\Users\Jirka\en_res.dll deleted
C:\Users\Jirka\es_res.dll deleted
C:\Users\Jirka\fr_res.dll deleted
C:\Users\Jirka\grm_res.dll deleted
C:\Users\Jirka\it_res.dll deleted
C:\Users\Jirka\jp_res.dll deleted
C:\Users\Jirka\mfc80u.dll deleted
C:\Users\Jirka\msvcr80.dll deleted
C:\Users\Jirka\pt_res.dll deleted
C:\Users\Jirka\ru_res.dll deleted
C:\Users\Jirka\zh_res.dll deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Jirka\AppData\Local\Wondershare deleted
C:\Users\Jirka\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolbar Terminator deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default\jetpack deleted
C:\Users\Jirka\PCPE Setup.exe deleted
"C:\Users\Jirka\AppData\Roaming\Yandex\ui" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\Users\Jirka\AppData\Roaming\Yandex" deleted
"C:\Program Files\Common Files\Wondershare" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact" deleted
==== Orphaned Tasks deleted from Registry ======================
RegClean Pro_UPDATES deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [16.02.2013 11:48]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"gemgecko@gemius.com"="C:\Program Files\NetSoftware\gemgecko_ext" [21.02.2016 16:30]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default
F169116C1BA501AB4D0D66D41FF496B5 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FC5D7AF1FC3A63782E19B375E2312D1C - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
398334B85CBD2CEED553CC5C160B0D8D - C:\Program Files\Software602\602XML\Filler\npfiller.dll - Software602 Form Filler
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
1B743D5B6FD001660FAB17DD7C347A38 - c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll - Silverlight Plug-In
9EA6FA4806BB45185FE743D534CEE9E6 - C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U73
843AE18C93C6DFD214AB7EAF338B4D6F - C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.730.2
3239619A441E23A20EC923DF92FF2D70 - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll - CANON iMAGE GATEWAY Album Plugin Utility for IJ
6FE651F6E3025AD51CC1D54913AEEADC - C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash
4F3F6B17B4A5BDB68B3CB0367A2C214E - c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrlui.dll - Microsoft® Silverlight
==== Chromium Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kegdldmohomdaelnepdpbkdhfemobdgl - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.blesk.cz/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.blesk.cz/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{8BA9C4A8-FC66-4918-A79E-AB4B5470BAC9}"
HKCU\SearchScopes\203D06D01CF8A035023F586E4CB8AFD7 - http://www.google.com/search?q={searchT ... =utf8&rlz=
HKCU\SearchScopes\5B8D147C1877690E087CE3668C8CD123 - http://www.firmy.cz/phr/{searchTerms}
HKCU\SearchScopes\60AD7DF367A51D78AE25011EFFE3FF4D - http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
HKCU\SearchScopes\DA175516DCC6659CF9D0C9796A42161D - http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
HKCU\SearchScopes\F35A53397BA0816FC7057CF7B8A37903 - http://videa.seznam.cz/?q={searchTerms}
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={sear
HKCU\SearchScopes\{8BA9C4A8-FC66-4918-A79E-AB4B5470BAC9} - http://search.seznam.cz/?q={searchTerms ... arch_16194
==== Reset Google Chrome ======================
C:\Users\Jirka\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Jirka\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences was reset successfully
C:\Users\Jirka\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Jirka\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data was reset successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Jirka\AppData\Local\Mozilla\Firefox\Profiles\1osd4hsz.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Jirka\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1073 folders=123 148062013 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jirka\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Jirka\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on po 29.02.2016 at 14:13:16,67 ======================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows Vista (TM) Business x86
Ran by Jirka (Administrator) on po 29.02.2016 at 14:21:32,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 19
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\067HVCZS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X1DYGR5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XEHPA18 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO8C4O71 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTE509LD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCL93C1C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPLUDMRE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YA14F267 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\FREEMAKEERRORREPORTER.EXE-7CA8C7FD.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEMAKEUTILSSERVICE.EXE-398B6F79.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\067HVCZS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X1DYGR5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XEHPA18 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO8C4O71 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTE509LD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCL93C1C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPLUDMRE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YA14F267 (Temporary Internet Files Folder)
Registry: 4
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8BA9C4A8-FC66-4918-A79E-AB4B5470BAC9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 29.02.2016 at 14:23:46,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
oek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jirka on po 29.02.2016 at 13:38:36,94.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jirka\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
29.2.2016 13:39:51 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\Cuminas deleted successfully
C:\Program Files\Drogerie TETA deleted successfully
C:\Program Files\FreeTime deleted successfully
C:\Program Files\GRETECH deleted successfully
C:\Program Files\GridinSoft Trojan Killer deleted successfully
C:\Program Files\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\ReviverSoft deleted successfully
C:\Program Files\Seznam.cz deleted successfully
C:\Program Files\T-Mobile deleted successfully
C:\Program Files\Xesc & Technology deleted successfully
C:\Program Files\YTD deleted successfully
C:\Program Files\ZTE deleted successfully
C:\Program Files\Common Files\Nero deleted successfully
C:\Program Files\Common Files\PDF Architect deleted successfully
C:\PROGRA~2\KASTNER software deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~2\ProductData deleted successfully
C:\PROGRA~2\WinZip deleted successfully
C:\Users\Jirka\AppData\Roaming\0U1E1Q1T2Z1P0S2Z1T1C deleted successfully
C:\Users\Jirka\AppData\Roaming\Dropbox deleted successfully
C:\Users\Jirka\AppData\Roaming\Kastner software deleted successfully
C:\Users\Jirka\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Jirka\AppData\Roaming\Nico Mak Computing deleted successfully
C:\Users\Jirka\AppData\Roaming\Opera Software deleted successfully
C:\Users\Jirka\AppData\Roaming\Smart PC Solutions deleted successfully
C:\Users\Jirka\AppData\Roaming\xVideoServiceThief deleted successfully
C:\Users\Jirka\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully
C:\Users\Jirka\AppData\Local\CrashDumps deleted successfully
C:\Users\Jirka\AppData\Local\GHISLER deleted successfully
C:\Users\Jirka\AppData\Local\Opera Software deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.idnes.cz/");
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.selectedEngine", "");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default
user.js not found
---- Lines ORJ-SPE removed from prefs.js ----
user_pref("extensions.ORJ-SPE.domain", "");
user_pref("extensions.ORJ-SPE.hpr_ff", "");
---- FireFox user.js and prefs.js backups ----
prefs_29.02.2016_1358_.backup
==== Deleting Files \ Folders ======================
C:\Program Files\Cuminas not found
C:\Program Files\Drogerie TETA not found
C:\Program Files\FreeTime not found
C:\Program Files\GRETECH not found
C:\Program Files\GridinSoft Trojan Killer not found
C:\Program Files\ReviverSoft not found
C:\Program Files\Seznam.cz not found
C:\Program Files\T-Mobile not found
C:\Program Files\Xesc & Technology not found
C:\Program Files\YTD not found
C:\Program Files\ZTE not found
C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) not found
C:\Program Files\PSPad editor deleted
C:\Users\Jirka\AppData\Roaming\calibre deleted
C:\Program Files\PostSignumToolPlus deleted
C:\Users\Jirka\.android deleted
C:\Program Files\ToolbarTerminator deleted
C:\Program Files\Wondershare deleted
C:\Users\Jirka\AppData\Roaming\Wondershare deleted
C:\Users\Jirka\AppData\Roaming\trueburner.ini deleted
C:\Users\Jirka\AppData\Roaming\GetRightToGo deleted
C:\Users\Jirka\en_res.dll deleted
C:\Users\Jirka\es_res.dll deleted
C:\Users\Jirka\fr_res.dll deleted
C:\Users\Jirka\grm_res.dll deleted
C:\Users\Jirka\it_res.dll deleted
C:\Users\Jirka\jp_res.dll deleted
C:\Users\Jirka\mfc80u.dll deleted
C:\Users\Jirka\msvcr80.dll deleted
C:\Users\Jirka\pt_res.dll deleted
C:\Users\Jirka\ru_res.dll deleted
C:\Users\Jirka\zh_res.dll deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Jirka\AppData\Local\Wondershare deleted
C:\Users\Jirka\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolbar Terminator deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default\jetpack deleted
C:\Users\Jirka\PCPE Setup.exe deleted
"C:\Users\Jirka\AppData\Roaming\Yandex\ui" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\Users\Jirka\AppData\Roaming\Yandex" deleted
"C:\Program Files\Common Files\Wondershare" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact" deleted
==== Orphaned Tasks deleted from Registry ======================
RegClean Pro_UPDATES deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [16.02.2013 11:48]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"gemgecko@gemius.com"="C:\Program Files\NetSoftware\gemgecko_ext" [21.02.2016 16:30]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default
F169116C1BA501AB4D0D66D41FF496B5 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FC5D7AF1FC3A63782E19B375E2312D1C - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
398334B85CBD2CEED553CC5C160B0D8D - C:\Program Files\Software602\602XML\Filler\npfiller.dll - Software602 Form Filler
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
1B743D5B6FD001660FAB17DD7C347A38 - c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll - Silverlight Plug-In
9EA6FA4806BB45185FE743D534CEE9E6 - C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U73
843AE18C93C6DFD214AB7EAF338B4D6F - C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.730.2
3239619A441E23A20EC923DF92FF2D70 - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll - CANON iMAGE GATEWAY Album Plugin Utility for IJ
6FE651F6E3025AD51CC1D54913AEEADC - C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash
4F3F6B17B4A5BDB68B3CB0367A2C214E - c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrlui.dll - Microsoft® Silverlight
==== Chromium Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kegdldmohomdaelnepdpbkdhfemobdgl - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.blesk.cz/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.blesk.cz/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{8BA9C4A8-FC66-4918-A79E-AB4B5470BAC9}"
HKCU\SearchScopes\203D06D01CF8A035023F586E4CB8AFD7 - http://www.google.com/search?q={searchT ... =utf8&rlz=
HKCU\SearchScopes\5B8D147C1877690E087CE3668C8CD123 - http://www.firmy.cz/phr/{searchTerms}
HKCU\SearchScopes\60AD7DF367A51D78AE25011EFFE3FF4D - http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
HKCU\SearchScopes\DA175516DCC6659CF9D0C9796A42161D - http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
HKCU\SearchScopes\F35A53397BA0816FC7057CF7B8A37903 - http://videa.seznam.cz/?q={searchTerms}
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={sear
HKCU\SearchScopes\{8BA9C4A8-FC66-4918-A79E-AB4B5470BAC9} - http://search.seznam.cz/?q={searchTerms ... arch_16194
==== Reset Google Chrome ======================
C:\Users\Jirka\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Jirka\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences was reset successfully
C:\Users\Jirka\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Jirka\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data was reset successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Jirka\AppData\Local\Mozilla\Firefox\Profiles\1osd4hsz.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Jirka\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1073 folders=123 148062013 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jirka\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Jirka\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on po 29.02.2016 at 14:13:16,67 ======================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows Vista (TM) Business x86
Ran by Jirka (Administrator) on po 29.02.2016 at 14:21:32,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 19
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\067HVCZS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X1DYGR5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XEHPA18 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO8C4O71 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTE509LD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCL93C1C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPLUDMRE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YA14F267 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\FREEMAKEERRORREPORTER.EXE-7CA8C7FD.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEMAKEUTILSSERVICE.EXE-398B6F79.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\067HVCZS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X1DYGR5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XEHPA18 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO8C4O71 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTE509LD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCL93C1C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPLUDMRE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YA14F267 (Temporary Internet Files Folder)
Registry: 4
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8BA9C4A8-FC66-4918-A79E-AB4B5470BAC9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 29.02.2016 at 14:23:46,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Infekce
su este problemy 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Infekce
ano zrovna teď při přihlašování vypíšu do adres řádku viry.cz a jsem na tv programu....
Re: Infekce
Prescanuj pc s avptool
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Infekce
AVTP 2015 nic nenašel, dávám log z Trojan kileru, ale neumím nálezy zlikvidovat..
rojan Killer (32-bit) v.2.2.4.4
Report file date: 29.2.2016 18:43:19
Last update : --
Scanning for 936449 virus strains and unwanted programs.
Licensed: UNREGISTERED
Windows version: Windows Vista (TM) Business (version 6.0)
Username: Jirka
Computer name: JIRKA-PC
Starting the file scan:
Quick Scan started
Scanning process...
----- HKCU\software\mozillaplugins\@lightspark.github.com/lightspark;version=1 ---- Registry Threat
Adware.RPL.Gen.vb
----- HKCU\software\microsoft\internet explorer\low rights\elevationpolicy\{dd8170b8-a69d-4943-9451-f48d765e638f} ---- Registry Threat
Adware.RPL.Gen.vb
----- HKCU\software\microsoft\internet explorer\low rights\elevationpolicy\{7fdc3e31-dca1-4105-a73b-ac93a6d41522} ---- Registry Threat
Adware.RPL.Gen.vb
Checking Startup...
Checking BHO...
Checking Services...
Checking Files...
----- c:\windows\zoek-delete.exe ---- General Threat
Malware.Win32.Gen.0275.sm!ff
ProdVer: 5,0,0,0
FileVer: 5,0,0,0
Name: Zoek
Company: http:\/\/hijackthis.nl\/smeenk\/
NAC: 7BF08B3EB8B7862088577BE9A4661470:32
MD5: CC7AA7B42CF418FC3D926913490048F8:24064
FUZ: 384:ar9sOcIp6wRcsSYLvKWLWbstQTid6HJyraXkqdkJ7PNWoWOPlcaNJawcudoD7Uf%2B:ymOhplcsHvKWzX6HJmFqda7koZPnbcu4
SUBS: Win32 GUI
PE: x86
EP: 60BE15C040008DBEEB4FFFFF5789E58D9C2480C1FFFF31C05039DC75FB4646536888E900005783C3045368F04500005683C3045350C70303000200909090909055
EPSEC: 1
EPRVA: 00010610
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:D307739BBC8A50BA21EB22035EDA5DA4:20992
.rsrc:C0000040:6FC8EC109EE3A738EA96E2A2051ACF45:2560
----- C:\Program Files\Advanced PDF to IMAGE converter\pdf2image.exe ---- General Threat
Mal/Fraud!se-87
MD5: EE7E9C12144F9E928231EC08F05C36C2:1138176
SUBS: Win32 GUI
PE: x86
EP: 6801605B00E801000000C3C3C612885555D7CB03F93B67CB79BC6ECE5A21D07E1326E92D21BD6B547EB1E3ECA91F6333E7FEDF7F14E475C903D8F529A48ED2597A
EPSEC: 0
EPRVA: 00001000
IBASE: 00400000
SEC:
:E0000040:5738F69190FBF5C71CC1CCA4228AAF3B:505344
:E0000040:00E0FCBAAC68C5A1C444AA8E968B4B04:110592
:E0000040:73DC316028AB809202FAEFFA4A558F4C:140800
.rsrc:E0000040:BCC6D8DE642CFB64514A7A5518EBC50E:16896
.data:E0000040:2CD234209B1546ED2D98D043682737CF:363520
.adata:E0000040:00000000000000000000000000000000:0
----- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IntraPDF\Advanced PDF to IMAGE converter\PDF to IMAGE.lnk ---- General Threat
Mal/Fraud!se-87
MD5: 5AECA4E2D93CF297C82BFCAFC462C473:1163
FUZ: 24:82LqvdXurAapYhvOmJapXOCVWdTap3dTap0CUA%2FB8W:8uqvdXIAaxmJaMPdTaZdTaIAJ8W
----- C:\Rezistor\Uninstal.exe ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 263E102BF7168A34979FED7CFDA1CF7C:50201
FUZ: 768:yuwpjhKuCfAqgRgPLF4OiG2%2Be99Z3vjLtI1CZ0POugqcv1FbKc:lIgPLeG2%2Be9rLWHPlfcNlK
RIC: CECDC81FDF33B8DF01987D24B33A0A37:1040
SUBS: Win32 GUI
PE: x86
EP: 558BEC6AFF6888714000685456400064A100000000506489250000000083EC585356578965E8FF151071400033D28AD48915ACA740008BC881E1FF000000890DA8
EPSEC: 0
EPRVA: 000034A3
IBASE: 00400000
SEC:
.text:60000020:4B5C0F8271192563DF1B32AA1A75557E:24576
.rdata:40000040:9F84D171226835F6209D1E1006CC3952:4096
.data:C0000040:041D37E1E8616BA1BE2D41C10D106188:12288
.rsrc:40000040:532C28634C63331447F94288B23040DD:4096
----- C:\Users\Jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rezistor\Uninstal programu pro určení rezistoru..lnk ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 4972CF5A9338EED5E2206DBF37EF3530:599
FUZ: 12:8mtpzIeCTFKT%2FXxwItW4CPjBlvOYDhzgB87Id7Iw:8mtpzkFKTZwIt9C7TvOChzgB8q
Scan completed
Scan result: 8 detected items
Scan completed in: Scan completed in 4 minute(s) 17 sec.
Files were scanned: 3198
rojan Killer (32-bit) v.2.2.4.4
Report file date: 29.2.2016 18:43:19
Last update : --
Scanning for 936449 virus strains and unwanted programs.
Licensed: UNREGISTERED
Windows version: Windows Vista (TM) Business (version 6.0)
Username: Jirka
Computer name: JIRKA-PC
Starting the file scan:
Quick Scan started
Scanning process...
----- HKCU\software\mozillaplugins\@lightspark.github.com/lightspark;version=1 ---- Registry Threat
Adware.RPL.Gen.vb
----- HKCU\software\microsoft\internet explorer\low rights\elevationpolicy\{dd8170b8-a69d-4943-9451-f48d765e638f} ---- Registry Threat
Adware.RPL.Gen.vb
----- HKCU\software\microsoft\internet explorer\low rights\elevationpolicy\{7fdc3e31-dca1-4105-a73b-ac93a6d41522} ---- Registry Threat
Adware.RPL.Gen.vb
Checking Startup...
Checking BHO...
Checking Services...
Checking Files...
----- c:\windows\zoek-delete.exe ---- General Threat
Malware.Win32.Gen.0275.sm!ff
ProdVer: 5,0,0,0
FileVer: 5,0,0,0
Name: Zoek
Company: http:\/\/hijackthis.nl\/smeenk\/
NAC: 7BF08B3EB8B7862088577BE9A4661470:32
MD5: CC7AA7B42CF418FC3D926913490048F8:24064
FUZ: 384:ar9sOcIp6wRcsSYLvKWLWbstQTid6HJyraXkqdkJ7PNWoWOPlcaNJawcudoD7Uf%2B:ymOhplcsHvKWzX6HJmFqda7koZPnbcu4
SUBS: Win32 GUI
PE: x86
EP: 60BE15C040008DBEEB4FFFFF5789E58D9C2480C1FFFF31C05039DC75FB4646536888E900005783C3045368F04500005683C3045350C70303000200909090909055
EPSEC: 1
EPRVA: 00010610
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:D307739BBC8A50BA21EB22035EDA5DA4:20992
.rsrc:C0000040:6FC8EC109EE3A738EA96E2A2051ACF45:2560
----- C:\Program Files\Advanced PDF to IMAGE converter\pdf2image.exe ---- General Threat
Mal/Fraud!se-87
MD5: EE7E9C12144F9E928231EC08F05C36C2:1138176
SUBS: Win32 GUI
PE: x86
EP: 6801605B00E801000000C3C3C612885555D7CB03F93B67CB79BC6ECE5A21D07E1326E92D21BD6B547EB1E3ECA91F6333E7FEDF7F14E475C903D8F529A48ED2597A
EPSEC: 0
EPRVA: 00001000
IBASE: 00400000
SEC:
:E0000040:5738F69190FBF5C71CC1CCA4228AAF3B:505344
:E0000040:00E0FCBAAC68C5A1C444AA8E968B4B04:110592
:E0000040:73DC316028AB809202FAEFFA4A558F4C:140800
.rsrc:E0000040:BCC6D8DE642CFB64514A7A5518EBC50E:16896
.data:E0000040:2CD234209B1546ED2D98D043682737CF:363520
.adata:E0000040:00000000000000000000000000000000:0
----- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IntraPDF\Advanced PDF to IMAGE converter\PDF to IMAGE.lnk ---- General Threat
Mal/Fraud!se-87
MD5: 5AECA4E2D93CF297C82BFCAFC462C473:1163
FUZ: 24:82LqvdXurAapYhvOmJapXOCVWdTap3dTap0CUA%2FB8W:8uqvdXIAaxmJaMPdTaZdTaIAJ8W
----- C:\Rezistor\Uninstal.exe ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 263E102BF7168A34979FED7CFDA1CF7C:50201
FUZ: 768:yuwpjhKuCfAqgRgPLF4OiG2%2Be99Z3vjLtI1CZ0POugqcv1FbKc:lIgPLeG2%2Be9rLWHPlfcNlK
RIC: CECDC81FDF33B8DF01987D24B33A0A37:1040
SUBS: Win32 GUI
PE: x86
EP: 558BEC6AFF6888714000685456400064A100000000506489250000000083EC585356578965E8FF151071400033D28AD48915ACA740008BC881E1FF000000890DA8
EPSEC: 0
EPRVA: 000034A3
IBASE: 00400000
SEC:
.text:60000020:4B5C0F8271192563DF1B32AA1A75557E:24576
.rdata:40000040:9F84D171226835F6209D1E1006CC3952:4096
.data:C0000040:041D37E1E8616BA1BE2D41C10D106188:12288
.rsrc:40000040:532C28634C63331447F94288B23040DD:4096
----- C:\Users\Jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rezistor\Uninstal programu pro určení rezistoru..lnk ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 4972CF5A9338EED5E2206DBF37EF3530:599
FUZ: 12:8mtpzIeCTFKT%2FXxwItW4CPjBlvOYDhzgB87Id7Iw:8mtpzkFKTZwIt9C7TvOChzgB8q
Scan completed
Scan result: 8 detected items
Scan completed in: Scan completed in 4 minute(s) 17 sec.
Files were scanned: 3198
Re: Infekce
vycisti PC s ADWCleanerom a CCleanerom a napis ci sa stav zmenil
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Infekce
žel stav se nezměníl. Děkuji 
Re: Infekce
pouzi ComboFix podla navodu kolegu http://forum.viry.cz/viewtopic.php?f=5& ... x#p1438382
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Infekce
No to je děs!!
Po nainstalování Comba ,nešla vypnout antivir ocrana AVG!. Odinstaloval jsem AVG a spustil combo (viz. log), ale AVG už nejde nainstalovat zpět-hlásí chybu instalace.. takže jsem nainmstaloval Avasr free. a posílám ten log.
ComboFix 16-03-01.01 - Jirka 01.03.2016 16:03:04.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3053.2104 [GMT 1:00]
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-01 do 2016-03-01 )))))))))))))))))))))))))))))))
.
.
2016-03-01 15:10 . 2016-03-01 15:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-03-01 15:10 . 2016-03-01 15:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-03-01 15:10 . 2016-03-01 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-01 14:03 . 2016-03-01 14:03 -------- d-----w- c:\users\Jirka\AppData\Local\CrashDumps
2016-02-29 17:41 . 2016-02-29 17:41 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2016-02-29 17:30 . 2016-02-29 17:30 -------- d-----w- C:\KVRT_Data
2016-02-29 15:24 . 2016-02-29 18:57 -------- d-----w- c:\program files\TrojanHunter
2016-02-29 13:02 . 2016-03-01 15:13 -------- d-----w- c:\users\Jirka\AppData\Local\Temp
2016-02-29 12:38 . 2016-02-29 12:59 -------- d-----w- C:\zoek_backup
2016-02-29 07:36 . 2016-02-29 07:36 -------- d-----w- c:\programdata\Licenses
2016-02-29 07:08 . 2016-02-29 07:08 -------- d-----w- c:\programdata\GridinSoft
2016-02-29 06:20 . 2016-02-29 06:21 -------- d-----w- C:\rsit
2016-02-28 12:27 . 2016-02-28 12:27 -------- d-----w- c:\users\Jirka\AppData\Local\FreemakeVideoConverter
2016-02-27 12:28 . 2016-02-27 12:28 -------- d-----w- c:\users\Jirka\AppData\Roaming\AVS4YOU
2016-02-27 12:27 . 2016-02-28 10:27 -------- d-----w- c:\program files\AVS4YOU
2016-02-27 12:27 . 2016-02-28 10:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2016-02-27 12:27 . 2016-02-27 12:28 -------- d-----w- c:\programdata\AVS4YOU
2016-02-27 08:30 . 2016-02-27 08:30 -------- d-----w- c:\users\Jirka\AppData\Local\womble
2016-02-27 08:09 . 2016-02-27 08:09 -------- d-----w- c:\users\Jirka\AppData\Local\Ashampoo Movie Studio 2013
2016-02-21 19:53 . 2016-02-24 10:51 -------- d-----w- c:\programdata\tmp
2016-02-21 19:53 . 2016-02-24 06:38 -------- d-----w- c:\programdata\hps
2016-02-21 15:30 . 2016-03-01 14:45 -------- d-----w- c:\programdata\NetSoftware
2016-02-19 12:29 . 2016-02-27 08:25 -------- d-----w- c:\users\Jirka\AppData\Roaming\DVDVideoSoft
2016-02-14 19:29 . 2016-02-14 19:29 252232 ----a-r- c:\users\Jirka\AppData\Roaming\Microsoft\Installer\{801F9351-A8A7-441D-9398-6A56E143E316}\ARPPRODUCTICON.exe
2016-02-14 19:29 . 2016-02-14 19:29 -------- d-----w- c:\users\Jirka\AppData\Local\Software602
2016-02-13 16:33 . 2016-01-07 15:21 2068480 ----a-w- c:\windows\system32\win32k.sys
2016-02-13 16:32 . 2016-01-09 17:06 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-02-13 16:32 . 2016-01-09 17:06 672768 ----a-w- c:\program files\Windows Journal\InkSeg.dll
2016-02-13 16:32 . 2016-01-09 17:06 1220608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-02-13 16:32 . 2016-01-09 17:06 985600 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2016-02-13 16:32 . 2016-01-09 17:06 967680 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2016-02-13 16:32 . 2016-01-09 15:31 1850880 ----a-w- c:\program files\Windows Journal\Journal.exe
2016-02-13 16:25 . 2016-01-07 15:18 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-13 16:22 . 2016-01-09 17:06 501760 ----a-w- c:\windows\system32\kerberos.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-29 14:33 . 2014-07-03 12:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-14 07:39 . 2015-02-15 17:00 95840 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-02-13 15:36 . 2013-02-17 13:22 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-02-13 15:36 . 2013-02-17 13:22 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-05 17:03 . 2016-01-13 11:02 767488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 650240 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1377792 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 605184 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1567744 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1326080 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-05 17:03 . 2016-01-13 11:02 867328 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-05 17:03 . 2016-01-13 11:02 759296 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1114624 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-05 17:03 . 2013-02-16 09:31 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-05 17:03 . 2016-01-13 11:02 243200 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-05 17:03 . 2016-01-13 11:02 212992 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-05 17:03 . 2016-01-13 11:02 497152 ----a-w- c:\windows\system32\qdvd.dll
2015-12-05 17:03 . 2016-01-13 11:02 208896 ----a-w- c:\windows\system32\qasf.dll
2015-12-05 17:03 . 2016-01-13 11:02 1314816 ----a-w- c:\windows\system32\quartz.dll
2015-12-05 17:03 . 2016-01-13 11:02 506880 ----a-w- c:\windows\system32\qedit.dll
2015-12-05 17:03 . 2016-01-13 11:02 2873344 ----a-w- c:\windows\system32\mf.dll
2015-12-05 17:02 . 2016-01-13 11:02 80896 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-05 17:02 . 2016-01-13 11:02 314880 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-05 17:02 . 2016-01-13 11:02 254976 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-05 17:02 . 2016-01-13 11:02 254976 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-05 17:02 . 2016-01-13 11:02 606208 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-05 17:02 . 2016-01-13 11:02 59392 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-05 17:02 . 2016-01-13 11:02 209920 ----a-w- c:\windows\system32\mfplat.dll
2015-12-05 17:02 . 2016-01-13 11:02 144384 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-05 17:02 . 2016-01-13 10:55 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-05 17:02 . 2016-01-13 11:02 480256 ----a-w- c:\windows\system32\evr.dll
2015-12-05 17:02 . 2016-01-13 11:02 64000 ----a-w- c:\windows\system32\devenum.dll
2015-12-05 17:02 . 2016-01-13 11:02 158208 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-05 16:44 . 2016-01-13 11:02 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2014-12-23 833240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 151552]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2015-07-17 919872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2016-02-09 223216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 15:36]
.
.
------- Doplňkový sken -------
.
Trusted Zone: mfcr.cz
TCP: DhcpNameServer = 79.98.72.27 79.98.72.2
DPF: {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} - hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxps://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
FF - ProfilePath - c:\users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\programdata\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-03-01 16:14
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-473776709-23561653-1376516071-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
@Allowed: (Read) (RestrictedCode)
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAI6muezAoV0OCY4r/Saw0VQAAAAACAAAAAAADZgAAqAAAABAAAACT/U9hvONxkqMCZUvvCEHrAAAAAASAAACgAAAAEAAAALB7ODQxDuJ08vxp3T0o+dgYAAAAIJORwHNv/JjjjLCMKG4lfU2xxgKJDmvyFAAAADYqglWQCez0/lIo8yapsCzUL71t"
.
[HKEY_USERS\S-1-5-21-473776709-23561653-1376516071-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):d0,e4,fb,23,d4,86,d1,08
"DeltaClock"=hex(b):6b,7e,61,00,00,00,00,00
"LastNtpServer"="time.nist.gov"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\APC\PowerChute Personal Edition\mainserv.exe
c:\program files\GridinSoft Trojan Killer\trojankiller.exe
c:\program files\FileOpen\Services\FileOpenManager32.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\System32\WUDFHost.exe
c:\program files\APC\PowerChute Personal Edition\dataserv.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\APC\PowerChute Personal Edition\apcsystray.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\windows\system32\taskmgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2016-03-01 16:18:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-03-01 15:18
.
Před spuštěním: Volných bajtů: 513 469 227 008
Po spuštění: Volných bajtů: 513 214 853 120
.
- - End Of File - - 2A41AAFE72A21CE89AF826A9991177FD
5C616939100B85E558DA92B899A0FC36
Dík za trpělivost
Po nainstalování Comba ,nešla vypnout antivir ocrana AVG!. Odinstaloval jsem AVG a spustil combo (viz. log), ale AVG už nejde nainstalovat zpět-hlásí chybu instalace.. takže jsem nainmstaloval Avasr free. a posílám ten log.
ComboFix 16-03-01.01 - Jirka 01.03.2016 16:03:04.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3053.2104 [GMT 1:00]
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-01 do 2016-03-01 )))))))))))))))))))))))))))))))
.
.
2016-03-01 15:10 . 2016-03-01 15:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-03-01 15:10 . 2016-03-01 15:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-03-01 15:10 . 2016-03-01 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-01 14:03 . 2016-03-01 14:03 -------- d-----w- c:\users\Jirka\AppData\Local\CrashDumps
2016-02-29 17:41 . 2016-02-29 17:41 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2016-02-29 17:30 . 2016-02-29 17:30 -------- d-----w- C:\KVRT_Data
2016-02-29 15:24 . 2016-02-29 18:57 -------- d-----w- c:\program files\TrojanHunter
2016-02-29 13:02 . 2016-03-01 15:13 -------- d-----w- c:\users\Jirka\AppData\Local\Temp
2016-02-29 12:38 . 2016-02-29 12:59 -------- d-----w- C:\zoek_backup
2016-02-29 07:36 . 2016-02-29 07:36 -------- d-----w- c:\programdata\Licenses
2016-02-29 07:08 . 2016-02-29 07:08 -------- d-----w- c:\programdata\GridinSoft
2016-02-29 06:20 . 2016-02-29 06:21 -------- d-----w- C:\rsit
2016-02-28 12:27 . 2016-02-28 12:27 -------- d-----w- c:\users\Jirka\AppData\Local\FreemakeVideoConverter
2016-02-27 12:28 . 2016-02-27 12:28 -------- d-----w- c:\users\Jirka\AppData\Roaming\AVS4YOU
2016-02-27 12:27 . 2016-02-28 10:27 -------- d-----w- c:\program files\AVS4YOU
2016-02-27 12:27 . 2016-02-28 10:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2016-02-27 12:27 . 2016-02-27 12:28 -------- d-----w- c:\programdata\AVS4YOU
2016-02-27 08:30 . 2016-02-27 08:30 -------- d-----w- c:\users\Jirka\AppData\Local\womble
2016-02-27 08:09 . 2016-02-27 08:09 -------- d-----w- c:\users\Jirka\AppData\Local\Ashampoo Movie Studio 2013
2016-02-21 19:53 . 2016-02-24 10:51 -------- d-----w- c:\programdata\tmp
2016-02-21 19:53 . 2016-02-24 06:38 -------- d-----w- c:\programdata\hps
2016-02-21 15:30 . 2016-03-01 14:45 -------- d-----w- c:\programdata\NetSoftware
2016-02-19 12:29 . 2016-02-27 08:25 -------- d-----w- c:\users\Jirka\AppData\Roaming\DVDVideoSoft
2016-02-14 19:29 . 2016-02-14 19:29 252232 ----a-r- c:\users\Jirka\AppData\Roaming\Microsoft\Installer\{801F9351-A8A7-441D-9398-6A56E143E316}\ARPPRODUCTICON.exe
2016-02-14 19:29 . 2016-02-14 19:29 -------- d-----w- c:\users\Jirka\AppData\Local\Software602
2016-02-13 16:33 . 2016-01-07 15:21 2068480 ----a-w- c:\windows\system32\win32k.sys
2016-02-13 16:32 . 2016-01-09 17:06 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-02-13 16:32 . 2016-01-09 17:06 672768 ----a-w- c:\program files\Windows Journal\InkSeg.dll
2016-02-13 16:32 . 2016-01-09 17:06 1220608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-02-13 16:32 . 2016-01-09 17:06 985600 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2016-02-13 16:32 . 2016-01-09 17:06 967680 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2016-02-13 16:32 . 2016-01-09 15:31 1850880 ----a-w- c:\program files\Windows Journal\Journal.exe
2016-02-13 16:25 . 2016-01-07 15:18 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-13 16:22 . 2016-01-09 17:06 501760 ----a-w- c:\windows\system32\kerberos.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-29 14:33 . 2014-07-03 12:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-14 07:39 . 2015-02-15 17:00 95840 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-02-13 15:36 . 2013-02-17 13:22 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-02-13 15:36 . 2013-02-17 13:22 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-05 17:03 . 2016-01-13 11:02 767488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 650240 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1377792 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 605184 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1567744 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1326080 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-05 17:03 . 2016-01-13 11:02 867328 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-05 17:03 . 2016-01-13 11:02 759296 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-05 17:03 . 2016-01-13 11:02 1114624 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-05 17:03 . 2013-02-16 09:31 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-05 17:03 . 2016-01-13 11:02 243200 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-05 17:03 . 2016-01-13 11:02 212992 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-05 17:03 . 2016-01-13 11:02 497152 ----a-w- c:\windows\system32\qdvd.dll
2015-12-05 17:03 . 2016-01-13 11:02 208896 ----a-w- c:\windows\system32\qasf.dll
2015-12-05 17:03 . 2016-01-13 11:02 1314816 ----a-w- c:\windows\system32\quartz.dll
2015-12-05 17:03 . 2016-01-13 11:02 506880 ----a-w- c:\windows\system32\qedit.dll
2015-12-05 17:03 . 2016-01-13 11:02 2873344 ----a-w- c:\windows\system32\mf.dll
2015-12-05 17:02 . 2016-01-13 11:02 80896 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-05 17:02 . 2016-01-13 11:02 314880 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-05 17:02 . 2016-01-13 11:02 254976 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-05 17:02 . 2016-01-13 11:02 254976 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-05 17:02 . 2016-01-13 11:02 606208 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-05 17:02 . 2016-01-13 11:02 59392 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-05 17:02 . 2016-01-13 11:02 209920 ----a-w- c:\windows\system32\mfplat.dll
2015-12-05 17:02 . 2016-01-13 11:02 144384 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-05 17:02 . 2016-01-13 10:55 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-05 17:02 . 2016-01-13 11:02 480256 ----a-w- c:\windows\system32\evr.dll
2015-12-05 17:02 . 2016-01-13 11:02 64000 ----a-w- c:\windows\system32\devenum.dll
2015-12-05 17:02 . 2016-01-13 11:02 158208 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-05 16:44 . 2016-01-13 11:02 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2014-12-23 833240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 151552]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2015-07-17 919872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2016-02-09 223216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 15:36]
.
.
------- Doplňkový sken -------
.
Trusted Zone: mfcr.cz
TCP: DhcpNameServer = 79.98.72.27 79.98.72.2
DPF: {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} - hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxps://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
FF - ProfilePath - c:\users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\1osd4hsz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\programdata\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-03-01 16:14
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-473776709-23561653-1376516071-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
@Allowed: (Read) (RestrictedCode)
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAI6muezAoV0OCY4r/Saw0VQAAAAACAAAAAAADZgAAqAAAABAAAACT/U9hvONxkqMCZUvvCEHrAAAAAASAAACgAAAAEAAAALB7ODQxDuJ08vxp3T0o+dgYAAAAIJORwHNv/JjjjLCMKG4lfU2xxgKJDmvyFAAAADYqglWQCez0/lIo8yapsCzUL71t"
.
[HKEY_USERS\S-1-5-21-473776709-23561653-1376516071-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):d0,e4,fb,23,d4,86,d1,08
"DeltaClock"=hex(b):6b,7e,61,00,00,00,00,00
"LastNtpServer"="time.nist.gov"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\APC\PowerChute Personal Edition\mainserv.exe
c:\program files\GridinSoft Trojan Killer\trojankiller.exe
c:\program files\FileOpen\Services\FileOpenManager32.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\System32\WUDFHost.exe
c:\program files\APC\PowerChute Personal Edition\dataserv.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\APC\PowerChute Personal Edition\apcsystray.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\windows\system32\taskmgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2016-03-01 16:18:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-03-01 15:18
.
Před spuštěním: Volných bajtů: 513 469 227 008
Po spuštění: Volných bajtů: 513 214 853 120
.
- - End Of File - - 2A41AAFE72A21CE89AF826A9991177FD
5C616939100B85E558DA92B899A0FC36
Dík za trpělivost
Re: Infekce
pouzi odinstalator http://www.avg.com/cz-cs/utilities AVG remover
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Infekce
Již nic nenašel -žádné zbytky po avg...
Jinak stav trvá a píše po spuštění -- že byla přewmístěna kihovna ...32.dll
Jinak stav trvá a píše po spuštění -- že byla přewmístěna kihovna ...32.dll
Re: Infekce
1. citat:
•Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
•Oznacte jen moznost "Remove disinfection tools"
•kliknete na Run
2. vycisti registre CClenerom
3. vloz log FRST
•Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
•Oznacte jen moznost "Remove disinfection tools"
•kliknete na Run
2. vycisti registre CClenerom
3. vloz log FRST
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Infekce
už mně z toho jebne...
Avast zakázán do příštího restartu!! a při kliku na stažený soubor (FRST) hláška ,že byl zablokován?! čím a nespustím...
jinak se to snad množí. po scanu trojan killerem už hlásí 20 napadených, převážně win 32gen..
Avast zakázán do příštího restartu!! a při kliku na stažený soubor (FRST) hláška ,že byl zablokován?! čím a nespustím...
jinak se to snad množí. po scanu trojan killerem už hlásí 20 napadených, převážně win 32gen..
Přispějete na provoz fóra?