facebook

[yaya]

Dobrý den, mám zřejmě problém s virem, využívá Facebook k přeposílání zavirovaného souboru v podobě odkazu na video lidem v mých kontaktech. Předem děkuji za radu a pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Milan (administrator) on MILAN-PC (09-04-2016 20:39:29)
Running from C:\Users\Milan\Desktop
Loaded Profiles: Milan (Available Profiles: Milan)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ManyCam LLC) C:\Program Files\ManyCam\Bin\ManyCam.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe
(Google, Inc) C:\Users\Milan\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
() C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Milan\Desktop\FRSTLauncher (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1097808 2011-04-19] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2217256 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\Run: [ManyCam] => C:\Program Files\ManyCam\Bin\ManyCam.exe [5402960 2013-02-12] (ManyCam LLC)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\Run: [Google Update] => C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-25] (Google Inc.)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\Run: [Google Photos Backup] => C:\Users\Milan\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {0d4e0eb8-7961-11e2-8b43-4c72b95d85d1} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {3df0653c-5b17-11e2-82cf-4c72b95d85d1} - G:\PcOptions.exe
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {418a0b4b-4dfb-11e2-9be2-4c72b95d85d1} - G:\PcOptions.exe
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {418a0b50-4dfb-11e2-9be2-4c72b95d85d1} - G:\PcOptions.exe
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {418a0c5c-4dfb-11e2-9be2-4c72b95d85d1} - G:\PcOptions.exe
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {dc7a76c9-3297-11e2-9113-806e6f6e6963} - E:\DistinguishOS.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FastMediaConverter.lnk [2014-02-27]
ShortcutTarget: FastMediaConverter.lnk -> C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe ()
Startup: C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Photosmart 5510 series.lnk [2016-03-16]
ShortcutTarget: Sledovat výstrahy inkoustu - HP Photosmart 5510 series.lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2014-03-06]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.152.40.4 10.152.40.5
Tcpip\..\Interfaces\{5282BB45-29C1-469C-8978-5273D99AD7AE}: [DhcpNameServer] 10.152.40.4 10.152.40.5
Tcpip\..\Interfaces\{FAC77702-3463-4F27-B98C-9914066A9D50}: [DhcpNameServer] 62.129.50.20 85.135.32.100

Internet Explorer:
==================
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ATUSP-SAT&o=AP ... psv=&pt=tb
URLSearchHook: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
URLSearchHook: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
SearchScopes: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3458083E8E5F5AFE&affID=121564&tsp=4966
SearchScopes: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> {738EB5A9-C49E-40D4-8CAD-EE4BABFBDC53} URL = hxxp://www.search.ask.com/web?tpid=ATUSP-SAT&o ... psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> {A022376F-74C4-438E-84F4-7BE7C08461EF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File
Toolbar: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> No Name - {4D594333-0076-A76A-76A7-7A786E7484D7} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3417029144-3067851500-4194244906-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3417029144-3067851500-4194244906-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Quick Start) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghjjiajgjailphijjleedaankckhimge [2016-04-07]
CHR Extension: (Skype) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [aaaaaejaghnbcjilindpkgmcmdflpgjf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [aaaaapdcjfaomkafnbpoclmfakjianjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Milan\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Milan\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [25728 2009-12-24] (Google Inc)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [100864 2010-01-14] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [108032 2010-02-04] (QUALCOMM Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 20:39 - 2016-04-09 20:39 - 00016357 _____ C:\Users\Milan\Desktop\FRST.txt
2016-04-09 20:38 - 2016-04-09 20:39 - 00000000 ____D C:\FRST
2016-04-09 20:32 - 2016-04-09 20:32 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Downloads\Nepotvrzeno 464919.crdownload
2016-04-09 20:31 - 2016-04-09 20:31 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Downloads\Nepotvrzeno 195900.crdownload
2016-04-09 20:29 - 2016-04-09 20:33 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Desktop\FRSTLauncher (1).exe
2016-04-09 20:29 - 2016-04-09 20:29 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Downloads\Nepotvrzeno 76729.crdownload
2016-04-09 20:19 - 2016-04-09 20:19 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Downloads\Nepotvrzeno 278035.crdownload
2016-04-09 20:17 - 2016-04-09 20:17 - 01725440 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2016-04-07 20:44 - 2016-04-07 20:44 - 00172451 _____ C:\Users\Milan\Downloads\pravidla_souteze.pdf
2016-04-04 13:27 - 2016-04-04 13:27 - 06226574 _____ C:\Users\Milan\Desktop\Letak.pdf
2016-03-25 14:32 - 2016-03-25 14:32 - 00000000 ____D C:\Users\Milan\Desktop\jesus
2016-03-25 10:59 - 2016-03-25 11:53 - 969331902 _____ C:\Users\Milan\Downloads\Dánská-dívka-2015-cz-tit-[natu3].avi
2016-03-25 10:27 - 2016-03-25 10:40 - 224659019 _____ C:\Users\Milan\Downloads\Jesus-Christ-Superstar-Soundtrack-1973.rar
2016-03-11 17:33 - 2016-03-11 17:37 - 00024064 _____ C:\Users\Milan\Desktop\Harmonogram - jaro 2016.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 20:36 - 2013-01-02 19:40 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Skype
2016-04-09 20:01 - 2013-12-18 13:17 - 00000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2016-04-09 19:57 - 2013-01-01 19:00 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-09 19:07 - 2014-02-27 22:28 - 00000000 ____D C:\Program Files\FastMediaConverter
2016-04-09 19:01 - 2009-07-14 06:34 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-09 19:01 - 2009-07-14 06:34 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-09 09:09 - 2013-01-01 19:00 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-09 08:56 - 2015-12-25 12:15 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417029144-3067851500-4194244906-1000Core.job
2016-04-08 20:05 - 2013-01-23 14:36 - 00000000 ____D C:\Users\Milan\AppData\Roaming\vlc
2016-03-28 20:59 - 2013-01-01 19:00 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-16 18:37 - 2011-04-12 03:37 - 00669132 _____ C:\Windows\system32\perfh005.dat
2016-03-16 18:37 - 2011-04-12 03:37 - 00141760 _____ C:\Windows\system32\perfc005.dat
2016-03-16 18:37 - 2010-11-20 23:01 - 01584626 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-16 18:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-03-16 18:31 - 2014-01-24 16:55 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-03-16 18:31 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

==================== Files in the root of some directories =======

2012-12-27 23:28 - 2015-12-28 09:58 - 0014336 _____ () C:\Users\Milan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-04 22:17 - 2015-11-04 22:17 - 0000275 _____ () C:\Users\Milan\AppData\Local\HamsterAudioConverterSettings.cfg
2012-12-31 03:54 - 2012-12-31 03:54 - 0004096 ____H () C:\Users\Milan\AppData\Local\keyfile3.drm
2015-12-21 17:36 - 2015-12-21 17:36 - 0001503 _____ () C:\Users\Milan\AppData\Local\recently-used.xbel
2014-12-18 21:20 - 2014-12-18 21:20 - 0000000 _____ () C:\Users\Milan\AppData\Local\{C746EFD0-B104-421B-A158-BCB7E4400BC0}
2013-12-18 13:15 - 2013-12-18 13:15 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Milan\AppData\Local\Temp\APNSetup.exe
C:\Users\Milan\AppData\Local\Temp\atcMedia6811446672335.exe
C:\Users\Milan\AppData\Local\Temp\atcMedia7891446672021.exe
C:\Users\Milan\AppData\Local\Temp\CSDJavaInstaller.dll
C:\Users\Milan\AppData\Local\Temp\csvrelay32.dll
C:\Users\Milan\AppData\Local\Temp\csvrelay64.dll
C:\Users\Milan\AppData\Local\Temp\csvrjavaloader32.dll
C:\Users\Milan\AppData\Local\Temp\csvrjavaloader64.dll
C:\Users\Milan\AppData\Local\Temp\csvrxul32.dll
C:\Users\Milan\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\PIP2691_MYC_.exe
C:\Users\Milan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Milan\AppData\Local\Temp\tbBitT.dll
C:\Users\Milan\AppData\Local\Temp\tbedrs.dll
C:\Users\Milan\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Milan\AppData\Local\Temp\~83B5.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417029144-3067851500-4194244906-1000Core.job => C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417029144-3067851500-4194244906-1000UA.job => C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Milan\Desktop" je 80685 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[motji]

Zdravím
Na začátek poprosím o log z Frstu
http://forum.viry.cz/viewtopic.php?f=13&t=133100

[yaya]

Log jsem vlozila do 1. prispevku. Dekuji za pomoc

[motji]

Co je jednotka G?

Já tu přes den občas nakouknu, tak Vám tu hodím celý postup, ať to máte vyčištěné dočista

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

Obnovte prohlížeče, které používáte
https://www.pcrisk.cz/jak-odstranit-spy ... cu-vychozi

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[yaya]

Dekuji moc...
vubec nevim, co by mela byt jednotka G. tady je log z cleanu
# AdwCleaner v5.109 - Log soubor vytvořen 10/04/2016 o 09:18:58
# Aktualizováno 04/04/2016 by Xplode
# Databáze : 2016-04-09.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (x86)
# Jméno uživatele : Milan - MILAN-PC
# Spuštěno z : C:\Users\Milan\Desktop\AdwCleaner.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****

[-] Složka smazáno : C:\Program Files\Conduit
[-] Složka smazáno : C:\Program Files\FastMediaConverter
[-] Složka smazáno : C:\Program Files\VNT
[-] Složka smazáno : C:\ProgramData\apn
[-] Složka smazáno : C:\ProgramData\Babylon
[#] Složka smazáno : C:\ProgramData\Application Data\apn
[#] Složka smazáno : C:\ProgramData\Application Data\Babylon
[-] Složka smazáno : C:\Users\Milan\AppData\Local\Conduit
[-] Složka smazáno : C:\Users\Milan\AppData\Local\NativeMessaging
[-] Složka smazáno : C:\Users\Milan\AppData\Local\TBHostSupport
[-] Složka smazáno : C:\Users\Milan\AppData\Local\VNT
[-] Složka smazáno : C:\Users\Milan\AppData\Local\WhiteListing
[-] Složka smazáno : C:\Users\Milan\AppData\Local\Temp\apn
[-] Složka smazáno : C:\Users\Milan\AppData\Local\Temp\APN-Stub
[-] Složka smazáno : C:\Users\Milan\AppData\LocalLow\BitTorrentControl_v12
[-] Složka smazáno : C:\Users\Milan\AppData\LocalLow\Conduit
[-] Složka smazáno : C:\Users\Milan\AppData\Roaming\Babylon
[-] Složka smazáno : C:\Users\Milan\AppData\Roaming\FastMediaConverter
[-] Složka smazáno : C:\Users\Milan\AppData\Roaming\OpenCandy
[-] Složka smazáno : C:\Users\Milan\Desktop\ppt

***** [ Soubory ] *****

[-] Soubor smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FastMediaConverter.lnk
[-] Soubor smazáno : C:\Windows\system32\roboot.exe

***** [ DLLs ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****

[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
[-] Klávesa smazáno : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
[-] Klávesa smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
[-] Klávesa smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf
[-] Klávesa smazáno : HKCU\Software\Classes\pokki
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Prod.cap
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
[-] Hodnota smazáno : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
[-] Klávesa smazáno : HKCU\Software\Conduit
[-] Klávesa smazáno : HKCU\Software\Cr_Installer
[-] Klávesa smazáno : HKCU\Software\DownLite
[-] Klávesa smazáno : HKCU\Software\powerpack
[-] Klávesa smazáno : HKCU\Software\VNT
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Crossrider
[-] Klávesa smazáno : HKLM\SOFTWARE\Conduit
[-] Klávesa smazáno : HKLM\SOFTWARE\hosts
[-] Klávesa smazáno : HKLM\SOFTWARE\PIP
[-] Klávesa smazáno : HKLM\SOFTWARE\Speedchecker Limited
[-] Klávesa smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3417029144-3067851500-4194244906-1000\Software\AskPartnerNetwork
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Obnoveno : HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{738EB5A9-C49E-40D4-8CAD-EE4BABFBDC53}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A022376F-74C4-438E-84F4-7BE7C08461EF}

***** [ Webové prohlížeče ] *****

[-] [C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : aaaaaejaghnbcjilindpkgmcmdflpgjf
[-] [C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : aaaaahaeginbdcckocjkhbciadcafnep
[-] [C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : aaaamlnbcjjkcgabjgbhdkjncianpaah
[-] [C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] smazáno : hxxp://www.search.ask.com/?p2=%5EAKH%5EYYYYYY% ... 03-26&psv=

*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5448 bytes] - [10/04/2016 09:18:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [7203 bytes] - [10/04/2016 09:16:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5594 bytes] ##########

[yaya]

a jeste vysledky ze zoek.Budu se tesit na rozlusteni problemu.


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Milan on ne 10.04.2016 at 9:34:03,77.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Milan\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.4.2016 9:36:10 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Dialup For Android Handset deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\paint.net deleted successfully
C:\Users\Milan\AppData\Roaming\Nico Mak Computing deleted successfully
C:\Users\Milan\AppData\Roaming\Opera Software deleted successfully
C:\Users\Milan\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Milan\AppData\Local\EmieSiteList deleted successfully
C:\Users\Milan\AppData\Local\EmieUserList deleted successfully
C:\Users\Milan\AppData\Local\GHISLER deleted successfully
C:\Users\Milan\AppData\Local\Opera Software deleted successfully
C:\Users\Milan\AppData\Local\Skype deleted successfully
C:\Users\Milan\AppData\Local\TB deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3417029144-3067851500-4194244906-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4D594333-0076-A76A-76A7-7A786E7484D7} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\Dialup For Android Handset not found
C:\Program Files\paint.net not found
C:\Users\Milan\AppData\Local\paint.net deleted
C:\Windows\system32\Tasks\HP Photo Creations Messager deleted
C:\Windows\tasks\HP Photo Creations Messager.job deleted
C:\Users\Milan\AppData\LocalLow\TB deleted
C:\Users\Public\Desktop\WinX YouTube Downloader.lnk deleted
"C:\Users\Milan\AppData\Local\{C746EFD0-B104-421B-A158-BCB7E4400BC0}" deleted

==== Orphaned Tasks deleted from Registry ======================

Software Removal Tool post reboot run deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaapdcjfaomkafnbpoclmfakjianjd - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08.01.2016 11:47]

Quick Start - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghjjiajgjailphijjleedaankckhimge
Skype - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF596e221.TMP will be reset at reboot
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\Desktop\toshiba_muj_stary_milenec\\rathead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\Desktop\toshiba_muj_stary_milenec\\rathead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Milan\Desktop\toshiba_muj_stary_milenec\\rathead\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02ODC7LA will be deleted at reboot
C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6FHMQKB will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=260 folders=8 5271142 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Milan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Milan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF596e221.TMP" not found
"C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02ODC7LA" not found
"C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6FHMQKB" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ne 10.04.2016 at 9:51:17,46 ======================

[motji]

Ještě si změňte heslo na FCB. pak se podívejte na nastavení - aplikace, pokud je tam nějaká, kterou neznáte, odstraňte ji.

A ještě udělejte mbam, nic nemažte, log vložte zde.
http://forum.viry.cz/viewtopic.php?f=29&t=144868


Nevím, zda byl vir pouze jako aplikace na FCB, nebo i zažraný v prohlížeči, ale kroky co jsme udělaly, by měli pomoci:)

[yaya]

Dobre odpoledne,
provedla jsem vse podle navodu, ale log mi to nenabidlo ulozit, takze po restartu ho asi nikde nemam no, jsem uplny amater. Omlouvam se. A hlavne-dekuji! Jak se mohu revanzovat?
Bylo tam jeste 6 detekovanych veci, ale v cem a kde, to se nepamatuji.

[motji]

Když otevřete mbam, někde nahoře je záložka logy, nabídne to uložení, většinou v dokumentech.
jak to ted vypadá s FCB?

K těm fleškám, G a E,nebo to mohou být třeba CD nebo externí disk, nevzpomenete si?

[yaya]

Tak jsem nejakym pro mne zahadnym zpusobem udelala export dvou logu do .txt. Snad to je ono:) E: je CD, tak G by mel bylo byt nektere usb. Ale krome flash disku tak myslim nebylo nic pripojeno. Na Facebooku zatim nikdo z pratel nehlasi, ze mu neco nevhodneho posilam...


Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 10.4.2016 12:16, SYSTEM, MILAN-PC, Protection, Malware Protection, Starting,
Protection, 10.4.2016 12:16, SYSTEM, MILAN-PC, Protection, Malware Protection, Started,
Protection, 10.4.2016 12:16, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.4.2016 12:16, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Started,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, Remediation Database, 2016.2.12.1, 2016.4.5.1,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.4.9.1,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, Domain Database, 2016.2.16.8, 2016.4.10.2,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, IP Database, 2016.2.8.1, 2016.4.7.1,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, Malware Database, 2016.2.16.6, 2016.4.10.1,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Refresh, Starting,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Refresh, Success,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Started,
Update, 10.4.2016 13:06, SYSTEM, MILAN-PC, Scheduler, Malware Database, 2016.4.10.1, 2016.4.10.2,
Protection, 10.4.2016 13:06, SYSTEM, MILAN-PC, Protection, Refresh, Starting,
Protection, 10.4.2016 13:06, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10.4.2016 13:06, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10.4.2016 13:07, SYSTEM, MILAN-PC, Protection, Refresh, Success,
Protection, 10.4.2016 13:07, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.4.2016 13:07, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Started,
Scan, 10.4.2016 13:50, SYSTEM, MILAN-PC, Manual, Začátek: 10.4.2016 12:21, Doba trvání: 1 hod 28 min 22 s, Vlastní sken, Dokončeno, Detekce malwaru 0, Detekce jiných hrozeb 6,
Protection, 10.4.2016 13:51, SYSTEM, MILAN-PC, Protection, Malware Protection, Starting,
Protection, 10.4.2016 13:51, SYSTEM, MILAN-PC, Protection, Malware Protection, Started,
Protection, 10.4.2016 13:51, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.4.2016 13:52, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Started,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 10.4.2016
Čas skenování: 12:21
Protokol: malware log 2.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.04.10.01
Databáze rootkitů: v2016.04.09.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Milan

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 464241
Uplynulý čas: 1 hod, 28 min, 22 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BitTorrent, Do karantény, [48e17c31e9b0c67043883aeab94c738d],
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, Do karantény, [3eeb723bd4c5211539a3f33f2ada07f9],
PUP.Optional.BitTorrentControl, HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\SOFTWARE\APPDATALOW\SOFTWARE\BitTorrentControl_v12, Do karantény, [2ffa3974d9c065d1b73f937a3bc9f808],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 3
PUP.Optional.Babylon, C:\AdwCleaner\FileQuarantine\C\Users\Milan\AppData\Roaming\OpenCandy\0DBE7D06901143C99E608041294F7B52\DeltaTB.exe.vir, Do karantény, [d950edc01e7b2c0a2e6e75d4dd243bc5],
PUP.Optional.Conduit, C:\Program Files\BitTorrent\BitTorrent.exe, Do karantény, [48e17c31e9b0c67043883aeab94c738d],
PUP.Optional.CrossRider, C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0.localstorage-journal, Do karantény, [8d9cebc20b8ec1759009c2554cb88977],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[motji]

JJ, je to ono
Já bych to uzavřela, a kdyby se náhodou vir ukázal, napište

[yaya]

Moooc dekuji!

[motji]

Není zač