Dobrý den, Eset mi začal házet hlášku JS/Kryptik.I Trojský kůň u jakékoliv stránky mozille, když dám scan najde tento vir v prohlížeči, napíše vyléčeno, ale najedu na prohlížeč a je tam opět. MBAM teď nic nenašlo. Zasílám log FRST (addition v příloze):
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Petr (administrator) on PETR-PC on 01-04-2014 18:11:05
Running from C:\Users\Petr\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2014\DfsdkS64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Konica Minolta) C:\Program Files (x86)\KONICA MINOLTA\magicolor 1680MF\LinkMagic for magicolor 1680MF\lmmc1680.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Petr\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-27] (Microsoft Corporation)
HKU\S-1-5-21-490917328-4050776205-3180690023-1000\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [393728 2013-07-25] (BitTorrent, Inc.)
HKU\S-1-5-21-490917328-4050776205-3180690023-1000\...\Run: [LinkMagic for magicolor 1680MF] - C:\Program Files (x86)\KONICA MINOLTA\magicolor 1680MF\LinkMagic for magicolor 1680MF\lmmc1680.exe [5005312 2008-08-26] (Konica Minolta)
HKU\S-1-5-21-490917328-4050776205-3180690023-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-490917328-4050776205-3180690023-1000\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKU\S-1-5-21-490917328-4050776205-3180690023-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-490917328-4050776205-3180690023-1000\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-490917328-4050776205-3180690023-1000\...\MountPoints2: {2bba418a-203c-11e3-a0aa-001dbaabbe37} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-490917328-4050776205-3180690023-1000\...\MountPoints2: {8f0c3417-1c36-11e3-9913-001dbaabbe37} - "J:\WD SmartWare.exe" autoplay=true
==================== Internet (Whitelisted) ====================
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
FireFox:
========
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\kjlwqsm2.default
FF user.js: detected! => C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\kjlwqsm2.default\user.js
FF Homepage: http://www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pokki.com/PokkiDownloadHelper - C:\Users\Petr\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: WebSite Recommendation - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\kjlwqsm2.default\Extensions\WebSiteRecommendation@weliketheweb.com [2014-03-21]
FF Extension: Adblock Plus - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\kjlwqsm2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-07-25]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-07-25]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Dokumenty Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-05]
CHR Extension: (Disk Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-05]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-05]
CHR Extension: (Vyhledávání Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-05]
CHR Extension: (Peněženka Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-05]
==================== Services (Whitelisted) =================
S3 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [9241088 2010-04-23] ()
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2014\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-14] (ESET)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-01 18:11 - 2014-04-01 18:11 - 00012652 _____ () C:\Users\Petr\Desktop\FRST.txt
2014-04-01 18:10 - 2014-04-01 18:11 - 00000000 ____D () C:\FRST
2014-04-01 18:08 - 2014-04-01 18:08 - 00112640 _____ (forum.viry.cz) C:\Users\Petr\Desktop\FRSTLauncher.exe
2014-04-01 18:07 - 2014-04-01 18:08 - 02157056 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2014-03-31 18:35 - 2014-03-31 18:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-31 14:02 - 2014-03-31 14:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 04:37 - 2014-03-30 04:37 - 00002050 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-03-30 04:34 - 2014-03-30 04:35 - 00000000 ____D () C:\Program Files\ComicRack
2014-03-30 04:34 - 2014-03-30 04:34 - 00000840 _____ () C:\Users\Public\Desktop\ComicRack.lnk
2014-03-24 08:26 - 2014-03-24 08:26 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-24 08:24 - 2014-03-24 08:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-21 20:36 - 2014-03-21 20:36 - 00001484 _____ () C:\Users\Public\Desktop\One-Click-Optimizer.lnk
2014-03-21 20:36 - 2014-03-21 20:36 - 00001252 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 2014.lnk
2014-03-21 20:36 - 2009-08-24 22:13 - 00034304 _____ (mst software GmbH, Germany) C:\Windows\system32\DfSdkBt.exe
2014-03-21 20:34 - 2014-03-21 20:34 - 26853584 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Petr\Downloads\ash_winoptimizer_2014_1_0_0.exe
2014-03-20 12:37 - 2014-03-20 12:37 - 00000000 ____D () C:\Users\Petr\AppData\Local\Western_Digital_Technolog
2014-03-20 12:31 - 2014-04-01 07:38 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-03-20 12:31 - 2014-03-24 08:26 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-03-18 19:28 - 2014-03-18 19:28 - 00000000 ____D () C:\Users\Petr\AppData\Local\ZeoBIT_LLC
2014-03-17 17:37 - 2014-03-17 17:37 - 00000000 ____D () C:\Users\Petr\Documents\Ashampoo Burning Studio 2014
2014-03-17 17:36 - 2014-03-17 17:36 - 00001303 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio 2014.lnk
2014-03-17 17:36 - 2014-03-17 17:36 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Ashampoo
2014-03-17 17:35 - 2014-03-21 20:36 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-03-15 15:47 - 2014-03-15 15:47 - 00000000 ____D () C:\Users\Petr\Desktop\Electrum-1.9.7
2014-03-15 15:29 - 2014-03-15 15:29 - 00889584 _____ () C:\Users\Petr\Desktop\Electrum-1.9.7.zip
2014-03-14 11:33 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 11:33 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 11:33 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 11:33 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 11:33 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 11:33 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 11:33 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 11:33 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 11:33 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 11:33 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 11:33 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 11:33 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 11:33 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 11:33 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 11:33 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 11:33 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 11:33 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 11:33 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 11:33 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 11:33 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 11:33 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 11:33 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 11:33 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 11:33 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 11:33 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 11:33 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 11:33 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 11:33 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 11:33 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 11:33 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 11:33 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 11:33 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 11:33 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 11:33 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 11:33 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 11:33 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 11:33 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 11:33 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 11:33 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 11:33 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 11:33 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 11:33 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 11:33 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 11:33 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 11:32 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 11:32 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 11:32 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 11:32 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 16:47 - 2014-03-09 16:47 - 00001506 _____ () C:\Users\Petr\Desktop\MKVExtractGUI2 – zástupce.lnk
2014-03-08 19:26 - 2014-03-08 19:26 - 12000186 _____ (Moritz Bunkus) C:\Users\Petr\Desktop\mkvtoolnix-amd64-6.8.0-setup.exe
==================== One Month Modified Files and Folders =======
2014-04-01 18:11 - 2014-04-01 18:11 - 00012652 _____ () C:\Users\Petr\Desktop\FRST.txt
2014-04-01 18:11 - 2014-04-01 18:10 - 00000000 ____D () C:\FRST
2014-04-01 18:11 - 2013-07-25 20:21 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\uTorrent
2014-04-01 18:08 - 2014-04-01 18:08 - 00112640 _____ (forum.viry.cz) C:\Users\Petr\Desktop\FRSTLauncher.exe
2014-04-01 18:08 - 2014-04-01 18:07 - 02157056 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2014-04-01 09:33 - 2013-08-04 17:28 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Media Player Classic
2014-04-01 08:14 - 2013-07-25 14:48 - 01881358 ____N () C:\Windows\WindowsUpdate.log
2014-04-01 07:45 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 07:45 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 07:43 - 2009-07-14 17:18 - 00669132 _____ () C:\Windows\system32\perfh005.dat
2014-04-01 07:43 - 2009-07-14 17:18 - 00141760 _____ () C:\Windows\system32\perfc005.dat
2014-04-01 07:43 - 2009-07-14 07:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 07:38 - 2014-03-20 12:31 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-04-01 07:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 07:11 - 2013-07-25 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 22:02 - 2013-07-25 15:14 - 00000000 ___RD () C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 18:35 - 2014-03-31 18:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-31 14:02 - 2014-03-31 14:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 04:37 - 2014-03-30 04:37 - 00002050 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-03-30 04:37 - 2013-08-01 16:39 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Foxit Software
2014-03-30 04:35 - 2014-03-30 04:34 - 00000000 ____D () C:\Program Files\ComicRack
2014-03-30 04:34 - 2014-03-30 04:34 - 00000840 _____ () C:\Users\Public\Desktop\ComicRack.lnk
2014-03-29 17:57 - 2013-10-06 15:39 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\avidemux
2014-03-26 18:02 - 2013-08-01 18:04 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Audacity
2014-03-25 09:02 - 2013-07-31 00:18 - 00007622 _____ () C:\Users\Petr\AppData\Local\Resmon.ResmonCfg
2014-03-24 08:26 - 2014-03-24 08:26 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-24 08:26 - 2014-03-20 12:31 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-03-24 08:26 - 2013-07-25 20:10 - 00000000 ____D () C:\ProgramData\Western Digital
2014-03-24 08:26 - 2013-07-25 20:09 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-03-24 08:24 - 2014-03-24 08:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-24 01:34 - 2013-09-05 19:00 - 00000000 ____D () C:\HDTV
2014-03-22 13:34 - 2013-07-25 15:44 - 00000000 ____D () C:\Windows\Panther
2014-03-21 20:36 - 2014-03-21 20:36 - 00001484 _____ () C:\Users\Public\Desktop\One-Click-Optimizer.lnk
2014-03-21 20:36 - 2014-03-21 20:36 - 00001252 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 2014.lnk
2014-03-21 20:36 - 2014-03-17 17:35 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-03-21 20:36 - 2013-09-13 10:47 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-03-21 20:34 - 2014-03-21 20:34 - 26853584 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Petr\Downloads\ash_winoptimizer_2014_1_0_0.exe
2014-03-20 12:37 - 2014-03-20 12:37 - 00000000 ____D () C:\Users\Petr\AppData\Local\Western_Digital_Technolog
2014-03-20 01:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-19 01:30 - 2013-07-31 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 01:28 - 2013-07-26 01:47 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 19:28 - 2014-03-18 19:28 - 00000000 ____D () C:\Users\Petr\AppData\Local\ZeoBIT_LLC
2014-03-17 17:37 - 2014-03-17 17:37 - 00000000 ____D () C:\Users\Petr\Documents\Ashampoo Burning Studio 2014
2014-03-17 17:36 - 2014-03-17 17:36 - 00001303 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio 2014.lnk
2014-03-17 17:36 - 2014-03-17 17:36 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Ashampoo
2014-03-17 17:34 - 2013-09-13 10:48 - 00000000 ____D () C:\Users\Petr\AppData\Local\ashampoo
2014-03-15 15:47 - 2014-03-15 15:47 - 00000000 ____D () C:\Users\Petr\Desktop\Electrum-1.9.7
2014-03-15 15:29 - 2014-03-15 15:29 - 00889584 _____ () C:\Users\Petr\Desktop\Electrum-1.9.7.zip
2014-03-15 12:48 - 2009-07-14 06:45 - 00466736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 02:30 - 2013-07-31 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 19:55 - 2013-07-31 18:18 - 00000000 ____D () C:\Users\Petr\AppData\Local\Microsoft Help
2014-03-13 11:27 - 2013-07-25 16:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 11:27 - 2013-07-25 16:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 16:47 - 2014-03-09 16:47 - 00001506 _____ () C:\Users\Petr\Desktop\MKVExtractGUI2 – zástupce.lnk
2014-03-08 19:26 - 2014-03-08 19:26 - 12000186 _____ (Moritz Bunkus) C:\Users\Petr\Desktop\mkvtoolnix-amd64-6.8.0-setup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-01 09:12
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:235.01 GB) (Free:39.29 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:230.66 GB) (Free:24.58 GB) NTFS
Drive e: (My Book) (Fixed) (Total:2794.49 GB) (Free:8.69 GB) NTFS
Drive f: (My Book) (Fixed) (Total:3725.99 GB) (Free:2650.71 GB) NTFS
Available physical RAM: 2521.04 MB
Total physical RAM: 4063.04 MB
Percentage of memory in use: 37%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 664CD738)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=235 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=231 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:DD4DD9B9
==================== Security Center ==================
AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Petr\Desktop" je 102 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files (x86)\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files (x86)\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
JS/Kryptik.I Trojský kůň
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
JS/Kryptik.I Trojský kůň
- Přílohy
-
- Addition.zip
- (6.76 KiB) Staženo 12 x
-
Rudy
- Site Admin
- Příspěvky: 119536
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: JS/Kryptik.I Trojský kůň
Zdravím!
Jak to vypadá s legalitou vašeho operačního systému?
Jak to vypadá s legalitou vašeho operačního systému?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: JS/Kryptik.I Trojský kůň
Mám starší Notebook, systém byl už v něm. Ten problém mám jen u mozilly, v chrome jde vše v pořádku.
Re: JS/Kryptik.I Trojský kůň
Tak jsem mozillu odinstaloval přes Revo Uninstaller i se všemi částmi a nainstaloval ji znovu, zatím mi to žádný vir neukazuje.
-
Rudy
- Site Admin
- Příspěvky: 119536
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: JS/Kryptik.I Trojský kůň
OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?