VIRY.CZ

Dobrý den, včera jsem narazil na známý virus POLICIE ČESKÉ REPUBLIKY, vyjela zpráva z antiviru, že byl zjištěn v operační paměti a že byl uložen do karantény. Nyní ale zřejmě blokuje centrum zabezpečení, které hned po startu windows vyhazuje tabulky, že nelze spustit a nejde tak učinit ani ručně ve službách. + ještě chybně se zobrazuje ikona na dolní liště indikující připojení k internetu. Prosím o radu, případně pomoc co s tím dělat předem děkuji za odpověď

Zdravím!
Zkusíme tento postup:

Stáhněte FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 a uložte na plochu. Spusťte a klikněte na >Scan<. Po skončení skenu se objeví log, který sem zkopírujte.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by Jarda (administrator) on JARDA-PC on 09-05-2014 18:52:37
Running from C:\Users\Jarda\Desktop
Windows 7 Home Premium (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Jarda\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16336416 2009-08-15] (NVIDIA Corporation)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-12] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lc179hs.lnk
ShortcutTarget: lc179hs.lnk -> C:\PROGRA~3\299219~1\sh971cl.cpp (No File)
Startup: C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ugaef.lnk
ShortcutTarget: ugaef.lnk -> feagu.dll,work (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\1dpi8a5m.default
FF Homepage: hxxp://seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Forecastfox - C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\1dpi8a5m.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-09]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-09]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-12-10] (Adobe Systems)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 OberonGameConsoleService; C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [44312 2009-09-15] ()
S2 Winmgmt; C:\PROGRA~3\2992199F9A\lc179hs.faa [X]

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation)
S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation)
S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation)
S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation)
S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-21] ()
U3 al29962w; C:\Windows\System32\Drivers\al29962w.sys [0 ] (Microsoft Corporation)
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-09 18:52 - 2014-05-09 18:52 - 00012688 _____ () C:\Users\Jarda\Desktop\FRST.txt
2014-05-09 18:52 - 2014-05-09 18:52 - 00000000 ____D () C:\FRST
2014-05-09 18:43 - 2014-05-09 18:43 - 02064384 _____ (Farbar) C:\Users\Jarda\Desktop\FRST64.exe
2014-05-09 18:43 - 2014-05-09 18:43 - 00112640 _____ (forum.viry.cz) C:\Users\Jarda\Desktop\FRSTLauncher.exe
2014-05-09 18:04 - 2014-05-09 18:04 - 01073328 _____ () C:\Users\Jarda\Downloads\20140509_1328_ussr-KV4_01_karelia.wotreplay
2014-05-09 18:01 - 2014-05-09 18:01 - 01160477 _____ () C:\Users\Jarda\Downloads\20140509_1625_germany-PzVIB_Tiger_II_14_siegfried_line.wotreplay
2014-05-09 18:01 - 2014-05-09 18:01 - 01015430 _____ () C:\Users\Jarda\Downloads\20140509_1635_germany-PzVI_04_himmelsdorf.wotreplay
2014-05-09 18:01 - 2014-05-09 18:01 - 00821277 _____ () C:\Users\Jarda\Downloads\GW_Tiger_P_abbey_another_blind_shot.wotreplay
2014-05-09 18:00 - 2014-05-09 18:00 - 00947866 _____ () C:\Users\Jarda\Downloads\20140509_1725_germany-Leopard1_38_mannerheim_line.wotreplay
2014-05-09 17:19 - 2014-05-09 17:20 - 11825832 ____N () C:\Users\Jarda\Downloads\yet_another_cleaner_sk.exe
2014-05-09 11:44 - 2014-05-09 11:44 - 00000056 _____ () C:\Windows\setupact.log
2014-05-09 11:44 - 2014-05-09 11:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-09 02:01 - 2014-05-09 02:06 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-08 20:49 - 2014-05-08 20:49 - 01214958 _____ () C:\Users\Jarda\Downloads\13995696767924_ussr_Object_212_redshire.wotreplay
2014-05-08 17:27 - 2014-05-08 17:27 - 01668538 _____ () C:\Users\Jarda\Downloads\13995612075955_usa_M18_Hellcat_lakeville.wotreplay
2014-05-08 16:58 - 2014-05-08 16:58 - 01688853 _____ () C:\Users\Jarda\Downloads\13995513862897_germany_PzVIB_Tiger_II_monastery.wotreplay
2014-05-08 16:55 - 2014-05-08 16:55 - 01078317 _____ () C:\Users\Jarda\Downloads\13995539678653_uk_GB70_FV4202_105_45_north_america.wotreplay
2014-05-08 16:52 - 2014-05-08 16:52 - 01639299 _____ () C:\Users\Jarda\Downloads\13995584385599_ussr_IS-7_prohorovka.wotreplay
2014-05-05 11:13 - 2014-05-05 11:13 - 01556669 _____ () C:\Users\Jarda\Downloads\xD.rar
2014-05-05 11:13 - 2014-05-05 11:13 - 00000000 ____D () C:\Users\Jarda\Downloads\xD
2014-04-30 15:40 - 2014-04-30 15:40 - 01450402 _____ () C:\Users\Jarda\Downloads\13987912607101_usa_T30_himmelsdorf_winter.wotreplay
2014-04-29 15:39 - 2014-04-29 15:39 - 00826312 _____ () C:\Users\Jarda\Downloads\13987763301490_ussr_IS_erlenberg.wotreplay
2014-04-28 23:25 - 2014-04-28 23:25 - 01169819 _____ () C:\Users\Jarda\Downloads\13987179979646_ussr_Object_140_steppes.wotreplay
2014-04-28 18:55 - 2014-04-28 18:55 - 01351207 _____ () C:\Users\Jarda\Downloads\13986965108064_germany_JagdTiger_ensk.wotreplay
2014-04-28 14:29 - 2014-04-28 14:29 - 01435457 _____ () C:\Users\Jarda\Downloads\13986649117453_usa_M18_Hellcat_el_hallouf.wotreplay
2014-04-27 23:00 - 2014-04-27 23:00 - 00999710 _____ () C:\Users\Jarda\Downloads\13986305554558_germany_Nashorn_steppes.wotreplay
2014-04-27 18:01 - 2014-04-27 18:01 - 01375772 _____ () C:\Users\Jarda\Downloads\13986133315396_france_Lorraine40t_himmelsdorf.wotreplay
2014-04-27 13:16 - 2014-04-27 13:16 - 00949781 _____ () C:\Users\Jarda\Downloads\13985963510908_germany_T-15_campania.wotreplay
2014-04-27 12:07 - 2014-04-27 12:07 - 01129352 _____ () C:\Users\Jarda\Downloads\13985912195086_germany_PzVI_himmelsdorf.wotreplay
2014-04-27 00:09 - 2014-04-27 00:09 - 00973667 _____ () C:\Users\Jarda\Downloads\13985460939254_ussr_IS8_malinovka.wotreplay
2014-04-25 22:54 - 2014-04-25 22:54 - 01191971 _____ () C:\Users\Jarda\Downloads\13984543628277_china_Ch12_111_1_2_3_redshire.wotreplay
2014-04-24 23:25 - 2014-04-24 23:25 - 01439455 _____ () C:\Users\Jarda\Downloads\13983698486944_ussr_Object_140_monastery.wotreplay
2014-04-24 23:23 - 2014-04-24 23:23 - 01702295 _____ () C:\Users\Jarda\Downloads\13983716430652_germany_Leopard1_tundra.wotreplay
2014-04-24 21:17 - 2014-04-24 21:17 - 00769203 _____ () C:\Users\Jarda\Downloads\13983663492329_usa_M12_steppes.wotreplay
2014-04-24 15:59 - 2014-04-24 15:59 - 01232115 _____ () C:\Users\Jarda\Downloads\13982678821661_usa_T28_Prototype_ensk.wotreplay
2014-04-17 01:03 - 2014-04-17 01:03 - 01268944 _____ () C:\Users\Jarda\Downloads\13976583739306_usa_M6_cliff.wotreplay
2014-04-16 13:30 - 2014-04-16 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-04-16 13:30 - 2014-04-16 13:30 - 00000000 ____D () C:\Games
2014-04-16 13:09 - 2014-04-16 13:29 - 09304408 _____ (Wargaming.net ) C:\Users\Jarda\Downloads\WoT_internet_install_eu.exe
2014-04-16 12:57 - 2014-04-16 13:26 - 498692596 _____ () C:\Users\Jarda\Downloads\Ztraceni---6x08-Průzkum.rar
2014-04-16 11:29 - 2014-04-16 11:29 - 00000000 ____D () C:\Users\Jarda\Downloads\screenshots

==================== One Month Modified Files and Folders =======

2014-05-09 18:52 - 2014-05-09 18:52 - 00012688 _____ () C:\Users\Jarda\Desktop\FRST.txt
2014-05-09 18:52 - 2014-05-09 18:52 - 00000000 ____D () C:\FRST
2014-05-09 18:43 - 2014-05-09 18:43 - 02064384 _____ (Farbar) C:\Users\Jarda\Desktop\FRST64.exe
2014-05-09 18:43 - 2014-05-09 18:43 - 00112640 _____ (forum.viry.cz) C:\Users\Jarda\Desktop\FRSTLauncher.exe
2014-05-09 18:37 - 2012-06-15 20:21 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-09 18:04 - 2014-05-09 18:04 - 01073328 _____ () C:\Users\Jarda\Downloads\20140509_1328_ussr-KV4_01_karelia.wotreplay
2014-05-09 18:01 - 2014-05-09 18:01 - 01160477 _____ () C:\Users\Jarda\Downloads\20140509_1625_germany-PzVIB_Tiger_II_14_siegfried_line.wotreplay
2014-05-09 18:01 - 2014-05-09 18:01 - 01015430 _____ () C:\Users\Jarda\Downloads\20140509_1635_germany-PzVI_04_himmelsdorf.wotreplay
2014-05-09 18:01 - 2014-05-09 18:01 - 00821277 _____ () C:\Users\Jarda\Downloads\GW_Tiger_P_abbey_another_blind_shot.wotreplay
2014-05-09 18:00 - 2014-05-09 18:00 - 00947866 _____ () C:\Users\Jarda\Downloads\20140509_1725_germany-Leopard1_38_mannerheim_line.wotreplay
2014-05-09 17:20 - 2014-05-09 17:19 - 11825832 ____N () C:\Users\Jarda\Downloads\yet_another_cleaner_sk.exe
2014-05-09 16:49 - 2009-11-20 15:56 - 01267089 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 11:51 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 11:51 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 11:44 - 2014-05-09 11:44 - 00000056 _____ () C:\Windows\setupact.log
2014-05-09 11:44 - 2014-05-09 11:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-09 11:44 - 2014-01-29 13:02 - 00003170 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-05-09 11:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 02:06 - 2014-05-09 02:01 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-09 02:02 - 2009-12-08 20:01 - 00000000 ___RD () C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 20:49 - 2014-05-08 20:49 - 01214958 _____ () C:\Users\Jarda\Downloads\13995696767924_ussr_Object_212_redshire.wotreplay
2014-05-08 17:27 - 2014-05-08 17:27 - 01668538 _____ () C:\Users\Jarda\Downloads\13995612075955_usa_M18_Hellcat_lakeville.wotreplay
2014-05-08 16:58 - 2014-05-08 16:58 - 01688853 _____ () C:\Users\Jarda\Downloads\13995513862897_germany_PzVIB_Tiger_II_monastery.wotreplay
2014-05-08 16:55 - 2014-05-08 16:55 - 01078317 _____ () C:\Users\Jarda\Downloads\13995539678653_uk_GB70_FV4202_105_45_north_america.wotreplay
2014-05-08 16:52 - 2014-05-08 16:52 - 01639299 _____ () C:\Users\Jarda\Downloads\13995584385599_ussr_IS-7_prohorovka.wotreplay
2014-05-08 10:48 - 2009-08-03 22:00 - 00631466 _____ () C:\Windows\system32\perfh005.dat
2014-05-08 10:48 - 2009-08-03 22:00 - 00122088 _____ () C:\Windows\system32\perfc005.dat
2014-05-08 10:48 - 2009-07-14 07:13 - 01470062 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-05 11:13 - 2014-05-05 11:13 - 01556669 _____ () C:\Users\Jarda\Downloads\xD.rar
2014-05-05 11:13 - 2014-05-05 11:13 - 00000000 ____D () C:\Users\Jarda\Downloads\xD
2014-04-30 15:40 - 2014-04-30 15:40 - 01450402 _____ () C:\Users\Jarda\Downloads\13987912607101_usa_T30_himmelsdorf_winter.wotreplay
2014-04-29 19:37 - 2012-06-15 20:21 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 19:37 - 2012-04-11 20:06 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 19:37 - 2011-06-09 18:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 15:39 - 2014-04-29 15:39 - 00826312 _____ () C:\Users\Jarda\Downloads\13987763301490_ussr_IS_erlenberg.wotreplay
2014-04-28 23:25 - 2014-04-28 23:25 - 01169819 _____ () C:\Users\Jarda\Downloads\13987179979646_ussr_Object_140_steppes.wotreplay
2014-04-28 18:55 - 2014-04-28 18:55 - 01351207 _____ () C:\Users\Jarda\Downloads\13986965108064_germany_JagdTiger_ensk.wotreplay
2014-04-28 14:29 - 2014-04-28 14:29 - 01435457 _____ () C:\Users\Jarda\Downloads\13986649117453_usa_M18_Hellcat_el_hallouf.wotreplay
2014-04-27 23:00 - 2014-04-27 23:00 - 00999710 _____ () C:\Users\Jarda\Downloads\13986305554558_germany_Nashorn_steppes.wotreplay
2014-04-27 18:01 - 2014-04-27 18:01 - 01375772 _____ () C:\Users\Jarda\Downloads\13986133315396_france_Lorraine40t_himmelsdorf.wotreplay
2014-04-27 15:24 - 2013-07-25 11:33 - 00000000 ____D () C:\Users\Jarda\AppData\Roaming\TS3Client
2014-04-27 13:16 - 2014-04-27 13:16 - 00949781 _____ () C:\Users\Jarda\Downloads\13985963510908_germany_T-15_campania.wotreplay
2014-04-27 12:07 - 2014-04-27 12:07 - 01129352 _____ () C:\Users\Jarda\Downloads\13985912195086_germany_PzVI_himmelsdorf.wotreplay
2014-04-27 00:09 - 2014-04-27 00:09 - 00973667 _____ () C:\Users\Jarda\Downloads\13985460939254_ussr_IS8_malinovka.wotreplay
2014-04-25 22:54 - 2014-04-25 22:54 - 01191971 _____ () C:\Users\Jarda\Downloads\13984543628277_china_Ch12_111_1_2_3_redshire.wotreplay
2014-04-24 23:25 - 2014-04-24 23:25 - 01439455 _____ () C:\Users\Jarda\Downloads\13983698486944_ussr_Object_140_monastery.wotreplay
2014-04-24 23:23 - 2014-04-24 23:23 - 01702295 _____ () C:\Users\Jarda\Downloads\13983716430652_germany_Leopard1_tundra.wotreplay
2014-04-24 21:17 - 2014-04-24 21:17 - 00769203 _____ () C:\Users\Jarda\Downloads\13983663492329_usa_M12_steppes.wotreplay
2014-04-24 15:59 - 2014-04-24 15:59 - 01232115 _____ () C:\Users\Jarda\Downloads\13982678821661_usa_T28_Prototype_ensk.wotreplay
2014-04-24 06:21 - 2009-07-14 07:08 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-23 10:40 - 2011-03-10 20:03 - 00000000 ____D () C:\Users\Jarda\AppData\Roaming\vlc
2014-04-17 01:03 - 2014-04-17 01:03 - 01268944 _____ () C:\Users\Jarda\Downloads\13976583739306_usa_M6_cliff.wotreplay
2014-04-16 13:30 - 2014-04-16 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-04-16 13:30 - 2014-04-16 13:30 - 00000000 ____D () C:\Games
2014-04-16 13:30 - 2012-09-13 01:20 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-04-16 13:29 - 2014-04-16 13:09 - 09304408 _____ (Wargaming.net ) C:\Users\Jarda\Downloads\WoT_internet_install_eu.exe
2014-04-16 13:26 - 2014-04-16 12:57 - 498692596 _____ () C:\Users\Jarda\Downloads\Ztraceni---6x08-Průzkum.rar
2014-04-16 11:29 - 2014-04-16 11:29 - 00000000 ____D () C:\Users\Jarda\Downloads\screenshots
2014-04-12 10:44 - 2009-12-08 20:26 - 00000000 ____D () C:\Users\Jarda\AppData\Local\Adobe
2014-04-10 00:20 - 2013-07-26 00:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 00:18 - 2009-12-11 22:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jarda\Desktop" je 2 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector
C:\Windows\AsScrPro.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
ShortcutTarget: lc179hs.lnk -> C:\PROGRA~3\299219~1\sh971cl.cpp (No File)
ShortcutTarget: ugaef.lnk -> feagu.dll,work (No File)
Startup: C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ugaef.lnk
Startup: C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lc179hs.lnk
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
S2 Winmgmt; C:\PROGRA~3\2992199F9A\lc179hs.faa [X]
U3 al29962w; C:\Windows\System32\Drivers\al29962w.sys [0 ] (Microsoft Corporation)
U3 tmlwf;
U3 tmwfp;
C:\ProgramData\2992199F9A
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2014 01
Ran by Jarda at 2014-05-09 20:35:34 Run:1
Running from C:\Users\Jarda\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
ShortcutTarget: lc179hs.lnk -> C:\PROGRA~3\299219~1\sh971cl.cpp (No File)
ShortcutTarget: ugaef.lnk -> feagu.dll,work (No File)
Startup: C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ugaef.lnk
Startup: C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lc179hs.lnk
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
S2 Winmgmt; C:\PROGRA~3\2992199F9A\lc179hs.faa [X]
U3 al29962w; C:\Windows\System32\Drivers\al29962w.sys [0 ] (Microsoft Corporation)
U3 tmlwf;
U3 tmwfp;
C:\ProgramData\2992199F9A
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
End
*****************

C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe => Moved successfully.
C:\PROGRA~3\299219~1\sh971cl.cpp not found.
ShortcutTarget: ugaef.lnk -> feagu.dll,work (No File) not found.
C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ugaef.lnk => Moved successfully.
C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lc179hs.lnk => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
Winmgmt => Service restored successfully.
al29962w => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
C:\ProgramData\2992199F9A => Moved successfully.
C:\ProgramData\Temp => ":A724744F" ADS removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
C:\ProgramData\Temp => ":B88E99C8" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====

Smazáno. Nastala nějaká změna?

ano po restartu nabehlo zda se vse normalne, centrum zabezpeceni se spustilo klasickym zpusobem po startu.
Je tedy nyní vše v pořádku, pokud ano, čím byl ten problém způsoben?

Byly tam nějaké zbytky po rootkitech. Pokud není jiný problém,je to vše.

zdá se, že to jede v pohodě jako předtím, tisíceré díky

Rádo se stalo!