VIRY.CZ

novy log z FRST
____________________

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by radek (administrator) on TECHNOLOGIE on 06-05-2015 20:23:37
Running from C:\Documents and Settings\radek\Plocha
Loaded Profiles: radek (Available profiles: radek)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(ScanSoft, Inc.) C:\Program Files\Canon\OmniPageSE2.0\opwareSE2.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
() C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OpwareSE2] => C:\Program Files\Canon\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [1106297 2006-04-07] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1827640 2006-04-07] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [126976 2006-04-07] (Acronis)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16270848 2006-11-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-11-02] (ATI Technologies Inc.)
HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [OEXPRESS] => C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE [26624 2007-12-13] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [2012-09-08]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\radek\Nabídka Start\Programy\Po spuštění\Neutron.lnk [2013-08-15]
ShortcutTarget: Neutron.lnk -> C:\Program Files\Neutron\Neutron.exe (http://keir.net)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\Documents and Settings\radek\Data aplikací\LangSoft\WebIE.dll [2007-12-13] ()
BHO: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\radek\Data aplikací\LangSoft\WebIE.dll [2007-12-13] ()
Toolbar: HKU\S-1-5-21-1060284298-746137067-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 7099610278
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.143.126.9 10.143.128.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1060284298-746137067-839522115-1003: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Extension: Zoom It - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{3c5a96d9-6c5c-896c-61a1-84493a1b57c4} [2015-05-06]
FF Extension: Flash and Video Download - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-04-23]
FF Extension: ODF Viewer - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\uriloader@webodf.js.xpi [2014-01-15]
FF Extension: Web2PDF converter - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2014-01-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [204800 2006-04-07] (Acronis) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-11-01] () [File not signed]
S3 EHttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe [33992 2015-02-16] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1566424 2015-02-16] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe [165064 2015-02-16] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtcL001; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [35840 2006-10-31] (Attansic Technology corporation.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [188832 2015-02-02] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135760 2015-02-02] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118256 2015-02-02] (ESET)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 s0016mgmt; C:\WINDOWS\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\WINDOWS\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\WINDOWS\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 SE31bus; C:\WINDOWS\System32\DRIVERS\SE31bus.sys [61600 2006-05-01] (MCCI) [File not signed]
S3 SE31mdfl; C:\WINDOWS\System32\DRIVERS\SE31mdfl.sys [9360 2006-05-01] (MCCI) [File not signed]
S3 SE31mdm; C:\WINDOWS\System32\DRIVERS\SE31mdm.sys [97184 2006-05-01] (MCCI) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2007-12-13] (Acronis) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2007-12-13] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2007-12-13] (Acronis) [File not signed]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S4 IntelIde; No ImagePath
S3 s0016bus; system32\DRIVERS\s0016bus.sys [X]
S3 s0016mdfl; system32\DRIVERS\s0016mdfl.sys [X]
S3 s0016mdm; system32\DRIVERS\s0016mdm.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 20:22 - 2015-05-06 20:22 - 00000000 ____D () C:\Documents and Settings\radek\Plocha\FRST-OlderVersion
2015-05-06 19:33 - 2015-05-06 20:22 - 01141248 _____ (Farbar) C:\Documents and Settings\radek\Plocha\FRST.exe
2015-05-06 15:25 - 2015-05-06 15:25 - 00011428 _____ () C:\ComboFix.txt
2015-05-06 14:06 - 2015-05-06 14:08 - 00000000 ____D () C:\Documents and Settings\radek\Plocha\6000010548
2015-05-06 14:03 - 2015-05-06 14:05 - 00000000 ____D () C:\Documents and Settings\radek\Plocha\4500285623
2015-05-06 13:56 - 2015-05-04 18:37 - 05619691 ____R (Swearware) C:\Documents and Settings\radek\Plocha\ComboFix.exe
2015-05-06 06:59 - 2015-05-06 07:01 - 00000000 ____D () C:\AdwCleaner
2015-05-06 06:56 - 2015-05-04 18:46 - 02204160 _____ () C:\Documents and Settings\radek\Plocha\adwcleaner_4.203.exe
2015-05-05 14:18 - 2015-05-04 18:41 - 21546080 _____ (Malwarebytes Corporation ) C:\Documents and Settings\radek\Plocha\mbam-setup-2.1.6.1022.exe
2015-05-05 14:18 - 2015-05-04 17:31 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\radek\Plocha\rkill.com
2015-05-05 13:50 - 2015-05-05 13:50 - 00009634 _____ () C:\Documents and Settings\radek\Plocha\Addition.zip
2015-05-05 13:44 - 2015-05-06 20:23 - 00012642 _____ () C:\Documents and Settings\radek\Plocha\FRST.txt
2015-05-05 13:44 - 2015-05-05 13:45 - 00053381 _____ () C:\Documents and Settings\radek\Plocha\Addition.txt
2015-05-05 13:41 - 2015-05-06 20:23 - 00000000 ____D () C:\FRST
2015-05-04 14:45 - 2015-05-06 15:20 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-05-04 14:45 - 2015-05-04 14:45 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-05-04 14:45 - 2015-05-04 14:45 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-05-04 14:45 - 2015-05-04 14:45 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-05-04 14:45 - 2015-05-04 14:45 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-05-04 14:40 - 2015-05-04 14:40 - 00000000 _RSHD () C:\cmdcons
2015-05-04 14:40 - 2007-12-12 14:12 - 00000211 _____ () C:\Boot.bak
2015-05-04 14:40 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2015-05-04 14:38 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-04 14:38 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-04 14:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-04 14:38 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-04 14:35 - 2015-05-06 15:25 - 00000000 ____D () C:\Qoobox
2015-05-04 14:34 - 2015-05-06 15:19 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-04 14:28 - 2015-05-04 14:28 - 00509844 _____ () C:\WINDOWS\system32\prfh0405.dat
2015-05-04 14:28 - 2015-05-04 14:28 - 00106700 _____ () C:\WINDOWS\system32\prfc0405.dat
2015-05-04 13:56 - 2015-05-04 13:56 - 101924344 _____ () C:\Documents and Settings\radek\Dokumenty\01.reg
2015-05-04 09:58 - 2015-05-04 09:58 - 00000000 ____D () C:\Documents and Settings\radek\Data aplikací\Enigma Software Group
2015-05-04 09:57 - 2015-05-04 09:57 - 00000930 _____ () C:\WINDOWS\setupapi.log
2015-04-30 16:11 - 2015-05-06 20:18 - 00013851 _____ () C:\WINDOWS\wmsetup.log
2015-04-30 16:10 - 2015-04-30 16:10 - 00124520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-30 13:01 - 2015-04-30 14:13 - 00000000 _____ () C:\Documents and Settings\radek\TempWmicBatchFile.bat
2015-04-30 10:47 - 2015-04-30 10:47 - 00000476 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-04-30 08:58 - 2015-04-30 08:58 - 00000000 ____D () C:\Documents and Settings\radek\Data aplikací\Software Tool
2015-04-30 08:27 - 2015-04-30 08:27 - 00000000 ___RD () C:\Documents and Settings\LocalService\Oblíbené položky
2015-04-30 08:20 - 2015-04-30 08:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\ShopperPro
2015-04-30 08:19 - 2015-04-30 12:56 - 00000004 _____ () C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-04-28 09:44 - 2015-04-28 09:45 - 00011444 _____ () C:\Documents and Settings\radek\Plocha\dum_Sablik.ods
2015-04-24 10:36 - 2015-04-24 10:36 - 00013763 _____ () C:\Documents and Settings\radek\Dokumenty\RE_ poptavka číslo_ 2015_0050_VNU.eml
2015-04-17 13:46 - 2015-04-17 13:46 - 00000000 ____D () C:\Program Files\ESET
2015-04-17 13:46 - 2015-04-17 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
2015-04-17 13:46 - 2015-04-17 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ESET
2015-04-16 07:34 - 2015-04-16 07:34 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-04-15 13:18 - 2015-04-23 09:49 - 00000000 ____D () C:\Documents and Settings\radek\Plocha\6000010406
2015-04-14 06:42 - 2015-04-21 08:15 - 00000000 ____D () C:\Documents and Settings\radek\Plocha\6000010386

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 20:23 - 2007-12-12 14:28 - 00000000 ____D () C:\Documents and Settings\radek\Plocha
2015-05-06 20:18 - 2014-03-20 07:22 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-05-06 20:18 - 2007-08-02 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-06 19:59 - 2007-12-12 14:22 - 02003342 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-06 19:51 - 2007-12-12 15:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-06 19:51 - 2007-12-12 15:05 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-05-06 19:51 - 2007-12-12 14:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-06 19:50 - 2007-12-12 14:28 - 00000178 ___SH () C:\Documents and Settings\radek\ntuser.ini
2015-05-06 19:50 - 2007-12-12 14:25 - 00032472 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-06 19:34 - 2012-10-19 07:33 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-06 15:22 - 2007-08-02 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-06 15:20 - 2007-12-12 15:02 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-05-06 15:20 - 2007-12-12 15:02 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-05-06 15:20 - 2007-12-12 15:01 - 26624000 _____ () C:\WINDOWS\system32\config\software.bak
2015-05-06 15:20 - 2007-12-12 15:01 - 05242880 _____ () C:\WINDOWS\system32\config\system.bak
2015-05-06 15:20 - 2007-12-12 15:01 - 00262144 _____ () C:\WINDOWS\system32\config\default.bak
2015-05-06 15:14 - 2007-12-12 14:28 - 00000000 __RHD () C:\Documents and Settings\radek\Data aplikací
2015-05-06 15:09 - 2010-08-03 07:03 - 00010453 _____ () C:\Documents and Settings\radek\Plocha\Impulsovi.txt
2015-05-06 14:55 - 2007-12-13 08:03 - 00000419 _____ () C:\WINDOWS\hpbafd.ini
2015-05-06 14:55 - 2007-12-12 14:28 - 00000000 ____D () C:\Documents and Settings\radek
2015-05-06 07:58 - 2007-12-12 14:25 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-05-05 12:34 - 2007-12-12 14:28 - 00000000 ___RD () C:\Documents and Settings\radek\Dokumenty
2015-05-05 11:08 - 2015-03-17 14:24 - 00000000 ____D () C:\Program Files\PowerISO
2015-05-05 11:07 - 2012-09-09 11:18 - 00000000 _____ () C:\WINDOWS\XXLGSC
2015-05-05 06:48 - 2007-12-12 15:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-05-04 14:40 - 2007-12-12 15:01 - 00000327 __RSH () C:\boot.ini
2015-05-04 10:04 - 2007-12-12 14:28 - 00001605 _____ () C:\Documents and Settings\radek\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-05-04 10:03 - 2007-12-12 14:23 - 00001605 _____ () C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-04-30 16:40 - 2012-11-30 15:49 - 00000000 ____D () C:\Documents and Settings\radek\Data aplikací\vlc
2015-04-30 14:13 - 2007-12-12 15:02 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-04-30 12:40 - 2007-08-02 14:00 - 00000653 _____ () C:\WINDOWS\win.ini
2015-04-30 08:27 - 2007-12-12 14:25 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-30 08:20 - 2007-12-12 15:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2015-04-23 09:47 - 2007-12-12 15:02 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-04-23 08:01 - 2012-10-08 12:40 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-04-16 07:34 - 2012-09-08 17:24 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-16 07:34 - 2012-09-08 17:24 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-15 06:45 - 2013-08-14 08:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 06:41 - 2007-12-13 07:26 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-08 17:22 - 2014-03-20 07:22 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job

==================== Files in the root of some directories =======

2014-04-30 04:03 - 2014-04-30 04:03 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2013-06-24 13:36 - 2013-10-03 08:02 - 0005120 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-06 20:22 - 2015-05-06 20:22 - 0029696 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\MSGBOX.EXE
2007-12-13 13:25 - 2013-05-21 09:10 - 0000600 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\PUTTY.RND

Files to move or delete:
====================
C:\Documents and Settings\radek\TempWmicBatchFile.bat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
____________________

jeste prikladam Addition

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:
File: C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin HKU\S-1-5-21-1060284298-746137067-839522115-1003: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Extension: Zoom It - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{3c5a96d9-6c5c-896c-61a1-84493a1b57c4} [2015-05-06]

S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S4 IntelIde; No ImagePath
S3 s0016bus; system32\DRIVERS\s0016bus.sys [X]
S3 s0016mdfl; system32\DRIVERS\s0016mdfl.sys [X]
S3 s0016mdm; system32\DRIVERS\s0016mdm.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

2015-05-04 09:58 - 2015-05-04 09:58 - 00000000 ____D () C:\Documents and Settings\radek\Data aplikací\Enigma Software Group
2015-04-30 08:20 - 2015-04-30 08:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\ShopperPro
2015-05-06 20:22 - 2015-05-06 20:22 - 00000000 ____D () C:\Documents and Settings\radek\Plocha\FRST-OlderVersion
2015-05-06 06:59 - 2015-05-06 07:01 - 00000000 ____D () C:\AdwCleaner
2015-05-06 06:56 - 2015-05-04 18:46 - 02204160 _____ () C:\Documents and Settings\radek\Plocha\adwcleaner_4.203.exe
2015-04-23 08:01 - 2012-10-08 12:40 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:BF3D62E7

DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
C:\Documents and Settings\radek\Temp
End

tady je fixlog
__________________________________________________________________________

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2015 01
Ran by radek at 2015-05-07 10:55:21 Run:1
Running from C:\Documents and Settings\radek\Plocha
Loaded Profiles: radek (Available profiles: radek)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
File: C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin HKU\S-1-5-21-1060284298-746137067-839522115-1003: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Extension: Zoom It - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{3c5a96d9-6c5c-896c-61a1-84493a1b57c4} [2015-05-06]

S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S4 IntelIde; No ImagePath
S3 s0016bus; system32\DRIVERS\s0016bus.sys [X]
S3 s0016mdfl; system32\DRIVERS\s0016mdfl.sys [X]
S3 s0016mdm; system32\DRIVERS\s0016mdm.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

2015-05-04 09:58 - 2015-05-04 09:58 - 00000000 ____D () C:\Documents and Settings\radek\Data aplikací\Enigma Software Group
2015-04-30 08:20 - 2015-04-30 08:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\ShopperPro
2015-05-06 20:22 - 2015-05-06 20:22 - 00000000 ____D () C:\Documents and Settings\radek\Plocha\FRST-OlderVersion
2015-05-06 06:59 - 2015-05-06 07:01 - 00000000 ____D () C:\AdwCleaner
2015-05-06 06:56 - 2015-05-04 18:46 - 02204160 _____ () C:\Documents and Settings\radek\Plocha\adwcleaner_4.203.exe
2015-04-23 08:01 - 2012-10-08 12:40 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:BF3D62E7

DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
C:\Documents and Settings\radek\Temp
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= File: C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 ========================

MD5: ae04063578be8e96cd9e48b01add3546
Creation and modification date: 2015-04-30 08:19 - 2015-04-30 12:56
Size: 0000004
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll not found.
C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{3c5a96d9-6c5c-896c-61a1-84493a1b57c4} => Moved successfully.
anvsnddrv => Service deleted successfully.
catchme => Service deleted successfully.
CrystalSysInfo => Service deleted successfully.
IntelIde => Service deleted successfully.
s0016bus => Service deleted successfully.
s0016mdfl => Service deleted successfully.
s0016mdm => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
C:\Documents and Settings\radek\Data aplikací\Enigma Software Group => Moved successfully.
C:\Documents and Settings\All Users\Dokumenty\ShopperPro => Moved successfully.
C:\Documents and Settings\radek\Plocha\FRST-OlderVersion => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Documents and Settings\radek\Plocha\adwcleaner_4.203.exe => Moved successfully.
C:\WINDOWS\system32\d3d9caps.dat => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":BF3D62E7" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP => value deleted successfully.
"C:\Documents and Settings\radek\Temp" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog 10:55:27 ====

Jak se chova pocitac? Uvodni problem pretrvava?

Ted jiz se PC chova normalne. Po spusteni Firefoxe jiz nevskakuje zadne okno s upozornenim ESETu na infekci.

Provedl jsem jeste uplnou kontrolu ESETem a vymazal vsechany cervene viry a trojany co jeste zustali v Tempech, atd.

Muzete mne prosim jen par vetama rici, v cem byl problem - na co byl ten trojan navazany, ze se nedal najit a odstranit ESETem?

Jeste dotaz, je potreba jeste nejak uklidit PC?
Dekuji.

Bud to mel na svedomi doplnek Zoom It, ktery ve FireFoxu byl nebo klasicka havet ShopperPro, ktera se ovsem neustale vyviji, proto prezila i detekci pouzitych utilit. Nakonec musela nastoupit manualni detekce alias moje oko

Prejmenujte ComboFix na Uninstall a spustte jako spravce
ComboFix se odinstaluje.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

OK, jeste jsem pouzil ten DelFix.
Zatim vse vypada v poradku.

Jeste ze se podarilo tu havet odstranit a nemusim preinstalovavat cele PC.
Dekuji za pomoc. Posilam drobny prispevek (bankovnim prevodem).
Mej te se, at se dari

Nemate zac, rad jsem pomohl

Za prispevek na provoz fora Vam jmenem celeho tymu dekuji!

Mejte se krasne a treba zase nekdy

VIRY.CZ

JS/Kryptik.I - trojsky kun

Re: JS/Kryptik.I - trojsky kun

Re: JS/Kryptik.I - trojsky kun

Re: JS/Kryptik.I - trojsky kun

Re: JS/Kryptik.I - trojsky kun

Re: JS/Kryptik.I - trojsky kun

Re: JS/Kryptik.I - trojsky kun

Re: JS/Kryptik.I - trojsky kun

Re: JS/Kryptik.I - trojsky kun