stále se oevírá http://kb-ribaki.org/

[saffer]

Dobrý den,

mám stejný problém jako tu měl i jiný uživatel, stále se mi automaticky po spuštění otevírá stránka http://kb-ribaki.org/ , když je prohlížeč zavřený, tak se pokouší znova spouštět po určitých cyklech. Taky jsem blokoval stránku ESETem, ale víc se mi nepodařilo, ani dle některých návodů na netu. (viz. registry, msconfig...atd. ale znovu se sám objeví).

Prosím o odpověď

Honza

.....zde můj log z FRST



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by saffer (administrator) on SAFFER-PC (28-12-2016 17:48:04)
Running from C:\Users\saffer\Desktop
Loaded Profiles: saffer (Available Profiles: saffer)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\...\Run: [saffer] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3278232 2011-03-10] (Tonec Inc.)
HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\...\MountPoints2: {ef0afbb7-8c89-11e4-b904-4c72b9fe1c64} - G:\INTRO.EXE
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-09] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2011-03-02] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23E4BB1B-4E59-4B2A-A577-1A4F1FC0FF74}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: IDMIEHlprObj Class -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2011-03-10] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: IDMIEHlprObj Class -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2011-03-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)

FireFox:
========
FF DefaultProfile: iivwsof9.default
FF ProfilePath: C:\Users\saffer\AppData\Roaming\Mozilla\Firefox\Profiles\iivwsof9.default [2016-12-27]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: (PDF Architect 2 Creator) - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-21] [not signed]
FF HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\saffer\AppData\Roaming\IDM\idmmzcc3
FF Extension: (IDM CC) - C:\Users\saffer\AppData\Roaming\IDM\idmmzcc3 [2014-12-25] [not signed]
FF HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\saffer\AppData\Roaming\IDM\idmmzcc3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-02] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-02] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Prezentace Google) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Dokumenty Google) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Disk Google) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2016-12-11]
CHR Extension: (Tabulky Google) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-10]
CHR Profile: C:\Users\saffer\AppData\Local\Google\Chrome\User Data\Guest Profile [2014-12-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-12-26] (Autodesk)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-01-11] (SafeNet Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-01-14] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303368 2013-03-05] (SafeNet Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.)
R2 multikey; C:\Windows\System32\DRIVERS\multikey.sys [67584 2015-04-27] (Chingachguk & Denger2k (Elite & SP edition))
S2 NSHE; C:\Windows\SysWOW64\Drivers\NSHE.SYS [98816 2013-05-23] (T0r0 2008) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2014-12-26] () [File not signed]
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
U3 ae3qln21; C:\Windows\System32\Drivers\ae3qln21.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 ah9medoo; C:\Windows\System32\Drivers\ah9medoo.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-27 21:57 - 2016-12-28 17:48 - 00015882 _____ C:\Users\saffer\Desktop\FRST.txt
2016-12-27 21:57 - 2016-12-27 21:59 - 00000000 ____D C:\FRST
2016-12-27 21:55 - 2016-12-27 21:55 - 00112640 _____ (forum.viry.cz) C:\Users\saffer\Desktop\FRSTLauncher.exe
2016-12-27 21:45 - 2016-12-27 21:45 - 02420736 _____ (Farbar) C:\Users\saffer\Desktop\FRST64.exe
2016-12-27 21:43 - 2016-12-27 21:43 - 00003626 _____ C:\Users\saffer\Desktop\fixlist.txt
2016-12-27 21:42 - 2012-08-10 16:40 - 02213776 _____ (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll
2016-12-27 20:30 - 2016-12-27 20:30 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-12-27 20:30 - 2016-12-27 20:30 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-12-27 20:30 - 2016-12-27 20:30 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-12-27 20:30 - 2016-12-27 20:30 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-27 20:29 - 2016-12-28 17:22 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-27 20:29 - 2016-12-27 20:29 - 06334848 _____ (AVAST Software) C:\Users\saffer\Downloads\avast_free_antivirus_setup_online.exe
2016-12-18 19:07 - 2016-12-18 19:07 - 00144780 _____ C:\Users\saffer\Downloads\09EB41D8F0B210C3C7475088ADAEE9B38E292D07.torrent
2016-12-18 17:38 - 2016-12-18 17:38 - 00000000 ____D C:\Users\saffer\AppData\Local\ElevatedDiagnostics
2016-12-17 16:46 - 2016-12-17 16:46 - 00039061 _____ C:\Users\saffer\Downloads\The.Grand.Tour.S01E05.720p.WEBRip.X264-DEFLATE[ettv].torrent
2016-12-14 14:50 - 2016-12-14 14:50 - 00131072 _____ C:\Users\saffer\Downloads\Rozpočet_RD-dřevostavba_Banka.xls
2016-12-11 00:08 - 2016-12-11 00:08 - 00000000 ____D C:\Users\saffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2016-12-11 00:05 - 2016-12-11 00:05 - 00000000 ____D C:\ProgramData\SUPERSetup
2016-12-10 23:06 - 2016-12-10 23:06 - 00010153 _____ C:\Users\saffer\Downloads\The.Grand.Tour.S01E04.WEBRip.X264-DEFLATE[ettv].torrent
2016-12-10 22:39 - 2016-12-10 22:39 - 00020730 _____ C:\Users\saffer\Downloads\[SkT]The_Grand_Tour_S01E04_-_Enviro-mental_(2016)[WebRip][720p]_=_CSFD_93%.torrent
2016-12-10 21:31 - 2016-12-10 21:31 - 00000000 ____D C:\Users\saffer\AppData\Roaming\ESET
2016-12-09 11:44 - 2016-12-09 11:44 - 09721153 _____ C:\Users\saffer\Downloads\RD_Zavisice_pudorys_prizemi_09122016.pdf.zip
2016-12-09 11:00 - 2016-12-09 11:00 - 00272384 _____ C:\Users\saffer\Downloads\odhadci_nemovitosti_1_3_2016__SÍŤ.xls
2016-12-09 10:26 - 2016-12-09 10:34 - 00000000 ____D C:\Users\saffer\Downloads\new_pudorys
2016-12-09 10:26 - 2016-12-09 10:26 - 08642061 _____ C:\Users\saffer\Downloads\new_pudorys.rar
2016-12-09 10:26 - 2016-12-09 10:26 - 02031593 _____ C:\Users\saffer\Downloads\základy_dřevo_Lašák_dle_statika.rar
2016-12-09 10:21 - 2016-12-09 10:21 - 00300145 _____ C:\Users\saffer\Downloads\00116_DSP_10_SCHEMATICKÉ_ROZVODY_VNITŘNÍ_KANALIZACE_160101.pdf
2016-12-06 22:52 - 2016-12-06 22:52 - 00041033 _____ C:\Users\saffer\Downloads\mKonto_nr_5877_____za_2016-11.htm
2016-12-06 22:48 - 2016-12-06 22:48 - 00541340 _____ C:\Users\saffer\Downloads\eZenit_1601.pdf
2016-12-06 22:47 - 2016-12-06 22:47 - 00274574 _____ C:\Users\saffer\Downloads\DPS_Smlouva.pdf
2016-12-06 22:47 - 2016-12-06 22:47 - 00186225 _____ C:\Users\saffer\Downloads\Jak_pokracovat_pro_sjednani_smlouvy (1).pdf
2016-12-06 22:44 - 2016-12-06 22:44 - 00186225 _____ C:\Users\saffer\Downloads\Jak_pokracovat_pro_sjednani_smlouvy.pdf
2016-12-05 20:23 - 2016-12-05 20:23 - 00009040 _____ C:\Users\saffer\Downloads\Sešit1.xlsx
2016-12-04 18:50 - 2016-12-04 18:50 - 00027136 _____ C:\Users\saffer\Downloads\odhadci-nemovitosti (1).xls
2016-11-29 10:34 - 2016-11-29 10:34 - 00018748 ____H C:\Users\saffer\Downloads\The.Big.Bang.Theory.S10E09.The-Geology-Elevation-hdtv-lol.MKV.mta

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-28 17:29 - 2011-04-12 09:34 - 00668376 _____ C:\Windows\system32\perfh005.dat
2016-12-28 17:29 - 2011-04-12 09:34 - 00141004 _____ C:\Windows\system32\perfc005.dat
2016-12-28 17:29 - 2009-07-14 06:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 17:29 - 2009-07-14 05:45 - 00022016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-28 17:29 - 2009-07-14 05:45 - 00022016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-28 17:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-28 17:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-27 22:39 - 2014-12-25 23:50 - 00000000 ____D C:\Users\saffer\AppData\Roaming\DMCache
2016-12-27 21:41 - 2015-05-10 10:05 - 00000000 ____D C:\Program Files\Rockstar Games
2016-12-27 19:56 - 2014-12-25 23:50 - 00000000 ____D C:\Users\saffer\Downloads\Compressed
2016-12-27 19:56 - 2014-12-25 23:30 - 00000000 ____D C:\Users\saffer\AppData\Roaming\vlc
2016-12-27 19:55 - 2015-04-02 19:21 - 00000000 ____D C:\Users\saffer\AppData\Roaming\uTorrent
2016-12-23 08:54 - 2015-01-21 22:21 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1421875301
2016-12-23 08:54 - 2015-01-21 22:21 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-18 18:29 - 2016-10-24 15:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-17 13:00 - 2014-12-25 23:02 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 13:00 - 2014-12-25 23:02 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-10 22:51 - 2015-07-05 17:13 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-12-10 22:43 - 2014-12-25 23:02 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-09 10:39 - 2016-06-02 21:10 - 00000000 ____D C:\Users\saffer\Desktop\osazeni + zaklady

==================== Files in the root of some directories =======

2016-01-25 19:06 - 2016-09-03 08:56 - 0007604 _____ () C:\Users\saffer\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

LastRegBack: 2016-09-17 19:24

==================== End of FRST.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[saffer]

log z adwcleaneru.....po scanu

# AdwCleaner v6.041 - Log vytvořen 28/12/2016 v 22:55:03
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : saffer - SAFFER-PC
# Spuštěno z : C:\Users\saffer\Desktop\adwcleaner_6.041.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Složky ] *****

Nebyly nalezeny žádné škodlivé složky.


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Nebyly nalezeny žádné škodlivé položky registru.


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1235 Bajty] - [28/12/2016 22:55:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1308 Bajty] ##########

[Rudy]

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\...\Run: [saffer] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\...\MountPoints2: {ef0afbb7-8c89-11e4-b904-4c72b9fe1c64} - G:\INTRO.EXE
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 ae3qln21; C:\Windows\System32\Drivers\ae3qln21.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 ah9medoo; C:\Windows\System32\Drivers\ah9medoo.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U0 aswVmm; no ImagePath
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Task: {BB6ED5A6-2269-4A0E-B2D2-C3D5E3C711A4} - System32\Tasks\saffer => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v saffer /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[saffer]

fixlog po restartu.....a také se po restartu stránka nespustila


Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by saffer (30-12-2016 18:30:04) Run:3
Running from C:\Users\saffer\Desktop
Loaded Profiles: saffer (Available Profiles: saffer)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\...\Run: [saffer] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\...\MountPoints2: {ef0afbb7-8c89-11e4-b904-4c72b9fe1c64} - G:\INTRO.EXE
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 ae3qln21; C:\Windows\System32\Drivers\ae3qln21.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 ah9medoo; C:\Windows\System32\Drivers\ah9medoo.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U0 aswVmm; no ImagePath
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Task: {BB6ED5A6-2269-4A0E-B2D2-C3D5E3C711A4} - System32\Tasks\saffer => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v saffer /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

EmptyTemp:
End
*****************

HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\Software\Microsoft\Windows\CurrentVersion\Run\\saffer => value removed successfully
"HKU\S-1-5-21-3295402343-2730480685-2442698797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef0afbb7-8c89-11e4-b904-4c72b9fe1c64}" => key removed successfully
HKCR\CLSID\{ef0afbb7-8c89-11e4-b904-4c72b9fe1c64} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
"HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
ae3qln21 => service not found.
ah9medoo => service not found.
aswVmm => service removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BB6ED5A6-2269-4A0E-B2D2-C3D5E3C711A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB6ED5A6-2269-4A0E-B2D2-C3D5E3C711A4}" => key removed successfully
C:\Windows\System32\Tasks\saffer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\saffer" => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80974957 B
Java, Flash, Steam htmlcache => 50909705 B
Windows/system/drivers => -6614184 B
Edge => 0 B
Chrome => 367081844 B
Firefox => 372291152 B
Opera => 12556777 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 67464 B
saffer => 327908966 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:30:14 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[saffer]

Na výbornou pane Děkuji moc, jste borec

[Rudy]

Rádo se stalo!