Nejprve ad-bannery a pop-up okna a poté nefungující internet

[Jatsa]

Zdravím,

ze stránek softpedia jsem dnes stahoval program k verifikaci SFV, nicméně krátce poté se mi na domovské stránce google začaly objevovat reklamní bannery. Věděl jsem, že došlo k průniku havěti, malwarebytes něco vyindexoval, to jsem i odstranil, nicméně po restartu problém přetrvával. Používám pouze Microsoft security essentials, který samozřejmě nic neobjevil. Stáhl jsem proto Adwcleaner, ten mi dopomohl odstranit nějaké další dvě potenciálně škodlivé entity, nicméně pak už jsem neotevřel žádnou intern. stránku, nemohu se připojit k internetu jak přes IExplorer, Google Chrome, tak Maxthon, tedy všechny tři prohlížeče, které mám instalované.

Píši ze záložního notebooku přes wi-fi, ve fyzickém připojení problém není, mám infikované PC, veškeré operace provádním skrz přenosnou flash.

Jsem dost zoufalý, proto bych uvítal jakoukoliv pomoc. Předem moc děkuji, notebook běží, tak budu event. operovat přes něj a flashku.


Screen google home page pještě předtím, než došlo k odtržení od připojení:



Screen současného stavu:



Log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by jarda (administrator) on BLACKPC on 09-03-2014 05:44:42
Running from C:\Users\jarda\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\WinRST\WinRST.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(The Author of QIP) C:\Windows.old\Program Files\QIP\qip.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKU\S-1-5-21-1039085401-3812054823-3218318104-1000\...\Run: [QIP2005] - C:\Windows.old\Program Files\QIP\qip.exe [3276288 2009-08-13] (The Author of QIP)
HKU\S-1-5-21-1039085401-3812054823-3218318104-1000\...\MountPoints2: {915c1f80-2936-11e3-b832-001fd0915860} - V:\setup.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: General Downloader plugin - C:\Users\jarda\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@generaldownloader.com [2014-03-08]
FF Extension: Conduit Engine - \Extensions\engine@conduit.com [2010-11-30]
FF Extension: BitTorrentBar Community Toolbar - \Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2010-11-30]
FF Extension: Pirrit Suggestor - C:\Users\jarda\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-03-09]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Dokumenty Google) - C:\Users\jarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]
CHR Extension: (Disk Google) - C:\Users\jarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]
CHR Extension: (YouTube) - C:\Users\jarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]
CHR Extension: (Vyhledávání Google) - C:\Users\jarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]
CHR Extension: (General Downloader plugin) - C:\Users\jarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcbebbklfkjeocpmoamnopdllfekind [2014-03-09]
CHR Extension: (Peněženka Google) - C:\Users\jarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (General Crawler) - C:\Users\jarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcidejejpblipcjpnkfkddlkmgndblch [2014-03-09]
CHR Extension: (Gmail) - C:\Users\jarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [gkcbebbklfkjeocpmoamnopdllfekind] - C:\Users\jarda\AppData\Roaming\General Downloader\Extensions\gdchrome.crx [2014-03-08]
CHR HKLM-x32\...\Chrome\Extension: [pcidejejpblipcjpnkfkddlkmgndblch] - C:\Users\jarda\AppData\Roaming\General Downloader\Extensions\GenCrawler.crx [2014-03-08]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-26] ()

==================== Drivers (Whitelisted) ====================

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-02-12] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-09 05:44 - 2014-03-09 05:44 - 00009848 _____ () C:\Users\jarda\Desktop\FRST.txt
2014-03-09 05:44 - 2014-03-09 05:44 - 00000000 ____D () C:\FRST
2014-03-09 05:37 - 2014-03-09 05:37 - 00000056 _____ () C:\Windows\setupact.log
2014-03-09 05:37 - 2014-03-09 05:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-09 05:34 - 2014-03-09 05:33 - 02156544 _____ (Farbar) C:\Users\jarda\Desktop\FRST64.exe
2014-03-09 05:09 - 2014-03-09 05:09 - 00000000 ____D () C:\AdwCleaner
2014-03-09 04:47 - 2014-03-09 04:47 - 00000000 ____D () C:\Program Files (x86)\QuickSFV
2014-03-09 04:28 - 2014-03-09 04:28 - 00000000 ____D () C:\Users\jarda\AppData\Local\WinRST
2014-03-09 04:28 - 2014-03-09 04:28 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-03-09 04:27 - 2014-03-09 04:27 - 00000000 ____D () C:\Program Files (x86)\Traction Software
2014-03-09 04:10 - 2014-03-09 04:10 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\WinRAR
2014-03-08 19:37 - 2014-03-08 19:40 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\DMCache
2014-03-08 19:37 - 2014-03-08 19:37 - 00000000 ____D () C:\ProgramData\IDM
2014-03-08 19:33 - 2014-03-09 04:27 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\Mozilla
2014-03-08 19:33 - 2014-03-08 19:36 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\General Downloader
2014-03-08 19:29 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-08 19:29 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-08 17:25 - 2014-03-08 17:25 - 00002041 _____ () C:\Users\jarda\Desktop\JDownloader.lnk
2014-03-08 17:24 - 2014-03-09 04:48 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-08 17:24 - 2014-03-08 21:19 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-08 07:15 - 2014-03-08 07:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 07:15 - 2014-03-08 07:15 - 00000000 ____D () C:\Users\jarda\AppData\Local\Skype
2014-02-28 11:10 - 2014-02-28 11:10 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\Canneverbe Limited
2014-02-28 11:10 - 2014-02-28 11:10 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-02-22 20:02 - 2014-02-22 20:02 - 00042231 _____ () C:\Users\jarda\Downloads\Before-Sunset(0000152470).zip
2014-02-14 16:11 - 2014-02-12 03:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-02-14 16:02 - 2014-02-14 16:02 - 00000000 ____D () C:\Users\jarda\AppData\Local\WSHelper
2014-02-14 15:28 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 15:28 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 15:28 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 15:28 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 15:28 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 15:28 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 15:28 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 15:28 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 15:28 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 15:28 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 15:28 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 15:28 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 15:28 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 15:28 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 15:28 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 15:28 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 15:28 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 15:28 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 15:28 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 15:28 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 15:28 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 15:28 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 15:28 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 15:28 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 15:28 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 15:28 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 15:28 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 15:28 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 15:28 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 15:28 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 15:28 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 15:28 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 15:28 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 15:28 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 15:28 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 15:28 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 15:28 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 15:28 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 15:28 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-14 15:28 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 15:28 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 15:27 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-14 15:27 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-14 15:27 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-14 15:27 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-14 15:27 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-14 15:27 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-14 15:27 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-14 15:27 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-14 15:27 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-14 15:27 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-14 15:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-14 15:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-14 15:27 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-14 15:27 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-14 15:27 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-14 15:27 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-14 15:27 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-14 15:27 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-14 15:27 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-14 15:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-14 15:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-14 15:27 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-14 15:27 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-14 15:27 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-14 15:27 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-14 15:27 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-14 15:27 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-14 15:27 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-09 05:44 - 2014-03-09 05:44 - 00009848 _____ () C:\Users\jarda\Desktop\FRST.txt
2014-03-09 05:44 - 2014-03-09 05:44 - 00000000 ____D () C:\FRST
2014-03-09 05:41 - 2013-08-22 20:54 - 01477954 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 05:41 - 2009-07-14 16:18 - 01496760 _____ () C:\Windows\system32\perfh005.dat
2014-03-09 05:41 - 2009-07-14 16:18 - 00421226 _____ () C:\Windows\system32\perfc005.dat
2014-03-09 05:41 - 2009-07-14 06:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 05:37 - 2014-03-09 05:37 - 00000056 _____ () C:\Windows\setupact.log
2014-03-09 05:37 - 2014-03-09 05:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-09 05:37 - 2014-01-26 10:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-09 05:37 - 2013-08-22 22:44 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 05:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 05:35 - 2013-11-27 22:20 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-03-09 05:33 - 2014-03-09 05:34 - 02156544 _____ (Farbar) C:\Users\jarda\Desktop\FRST64.exe
2014-03-09 05:28 - 2009-07-14 05:45 - 00015296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 05:28 - 2009-07-14 05:45 - 00015296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 05:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-09 05:22 - 2013-09-26 01:44 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-09 05:09 - 2014-03-09 05:09 - 00000000 ____D () C:\AdwCleaner
2014-03-09 05:07 - 2013-08-22 22:44 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-09 04:49 - 2013-09-06 19:44 - 00001017 _____ () C:\Windows\QSFVExit.bat
2014-03-09 04:48 - 2014-03-08 17:24 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-09 04:47 - 2014-03-09 04:47 - 00000000 ____D () C:\Program Files (x86)\QuickSFV
2014-03-09 04:28 - 2014-03-09 04:28 - 00000000 ____D () C:\Users\jarda\AppData\Local\WinRST
2014-03-09 04:28 - 2014-03-09 04:28 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-03-09 04:27 - 2014-03-09 04:27 - 00000000 ____D () C:\Program Files (x86)\Traction Software
2014-03-09 04:27 - 2014-03-08 19:33 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\Mozilla
2014-03-09 04:10 - 2014-03-09 04:10 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\WinRAR
2014-03-08 23:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-08 21:19 - 2014-03-08 17:24 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-08 19:40 - 2014-03-08 19:37 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\DMCache
2014-03-08 19:40 - 2013-08-26 06:07 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\BitTorrent
2014-03-08 19:37 - 2014-03-08 19:37 - 00000000 ____D () C:\ProgramData\IDM
2014-03-08 19:36 - 2014-03-08 19:33 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\General Downloader
2014-03-08 19:08 - 2013-08-26 12:07 - 00000000 ____D () C:\ProgramData\Soulseek
2014-03-08 17:25 - 2014-03-08 17:25 - 00002041 _____ () C:\Users\jarda\Desktop\JDownloader.lnk
2014-03-08 07:15 - 2014-03-08 07:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 07:15 - 2014-03-08 07:15 - 00000000 ____D () C:\Users\jarda\AppData\Local\Skype
2014-03-08 07:15 - 2013-08-26 06:20 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\Skype
2014-03-08 07:15 - 2013-08-26 06:20 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 11:10 - 2014-02-28 11:10 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\Canneverbe Limited
2014-02-28 11:10 - 2014-02-28 11:10 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-02-28 10:59 - 2013-10-15 18:28 - 00000000 ____D () C:\Users\jarda\AppData\Roaming\ImgBurn
2014-02-24 17:21 - 2013-08-27 12:24 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-02-24 17:20 - 2013-08-24 06:23 - 00000000 ____D () C:\Windows\Minidump
2014-02-22 20:02 - 2014-02-22 20:02 - 00042231 _____ () C:\Users\jarda\Downloads\Before-Sunset(0000152470).zip
2014-02-21 19:22 - 2013-09-26 01:44 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 19:22 - 2013-08-26 07:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 19:22 - 2013-08-26 07:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 18:12 - 2014-02-02 12:04 - 00000000 ____D () C:\Users\jarda\Desktop\SAK
2014-02-16 23:24 - 2013-08-27 09:34 - 00000000 ____D () C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
2014-02-14 16:11 - 2014-01-24 16:38 - 00002970 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-02-14 16:11 - 2013-11-27 22:20 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-02-14 16:11 - 2013-11-27 22:20 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-02-14 16:02 - 2014-02-14 16:02 - 00000000 ____D () C:\Users\jarda\AppData\Local\WSHelper
2014-02-14 15:34 - 2013-08-22 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 15:33 - 2013-08-22 22:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 12:02 - 2013-08-22 22:44 - 00003946 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 12:02 - 2013-08-22 22:44 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 09:25 - 2014-01-03 18:51 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-02-12 03:11 - 2014-02-14 16:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys

Some content of TEMP:
====================
C:\Users\jarda\AppData\Local\Temp\BackupSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 00:51

==================== End Of Log ============================

[vyosek]

Zdravim

Jen se zeptam, jedna se o domaci PC nebo nejaky firemni\pracovni

[Jatsa]

Ahoj, je to můj domací herní/filmový/hudební počítač, od září loňského roku jej mám přeinstalovaný a jedu v sestavě Malwarebytes + Win Security Essenntials + nějaké freeware registry cleanery a od té doby žádné problémy, tedy až do dnešního rána.

[vyosek]

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[Jatsa]

Zdravim, dekuji za odezvu. Ja si v prubehu dne pohral s Combofix a dalsimi programky, nicmene jediny efekt byl ten, ze mi opet zacal fungoval Maxthon a Google Chrome, IE vsak nikoliv. Prestalo me to bavit, tak jsem se skrz obnoveni systemu vratil do faze pred instalovanim posledni aktualizace, coz bylo vcera vecer. Snad uz to nebude zlobit.

Diky!

[vyosek]

Vy umite pracovat s ComboFixem?? Jelikoz ten tuto havet i na zaklade skriptu odstranit umi...

A pokud chcete lecit PC stylem pokus-omyl, tak prosim, ale bez nasi asistence...