VIRY.CZ

Dobrý večer,

před pár minutami začal v mém pc probíhat problém, o kterým už jsem zde na fóru četl. Prosím o radu, jak se této havěti zbavit. Nejdou stránky - fb, yt, google etc. na všech mi vyskočí tabulka WARNING! .... zkoušel jsem, jestli to dělá na jiných pc připojených ke stejnému routeru a zatím je problém jen na jedno notebooku. Prosím o radu!

Zdravím!
V prvé řadě resetujte router do továrního nastavení.Vzadu na routeru je k tomu tlačítko (někdy musíte použít jehlu, protože je uvnitř a přístupné malou dirkou). Znovu nakonfigurujte síť. Pak zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Děkuji za rychlou odpověď!

S routerem mám špatnou zkušenost, co se nastavení týče. Naposledy jsem musel volat odborníky, aby mi internet nastavili.

Začnu s tím zítra, abych nemusel otravovat dlouho do noci, nebo by se stalo něco dalšího.

Postup jsem si přečetl a hodím sem log FRST.txt a Addition.txt

OK. Reset je nutný, váš router byl na dálku překonfigurován.

A to je právě v naší domácnosti problém s tou konfigurací. Dnes neměl známý "ajťák" čas, ale zítra už je volný a přijde, takže se proces o den opozdí, při nejlepším.

Mám otázku ještě: je důležité, abychom předešli podobnému problému, mít např. silnější heslo?

Obávám se, že heslo vám nepomůže. Obecně se to tvrdí na některých zahraničních fórech.

Dobře, děkuji.

Ráno jsem ještě zjistil, že problém není jen na mém notebooku, ale i na počítačích přímo připojených kabelem k routeru. Znamená to, že proces, který po konfiguraci provedeme, budeme muset udělat na každém pc zvlášť? (celkem 3 i s mým)

Rekonfiguraci pouze na routeru a skeny z těch PC, na nichž se ta hláška vyskytuje.

Hláška se objevuje pouze na mém notebooku a na mobilu
ostatní počítače se k internetu nepřipojí vůbec.

Děkuji za ochotu mi stále odpovídat.

Tak dnes přijede známý a snad se mu povede mě to pro další případy i naučit, abych nemusel pořád někoho otravovat.

On je ale toho názoru, že pokud se po konfiguraci připojím s pc k internetu, že zas nakazím router. Podle mě asi přesně neví, o co přesně jde.

Myslíte, že má pravdu?

Router se nenakazí, jen je na dálku rekonfigurován, čímž umožní té hlášce, aby se dostala do vašeho PC. Kliknutím na ni si teprve ten virus stáhnete. Rekonfigurace routeru je samozřejmě opět možná a není proti tomu obrana.

Tak síť je nově konfigurována.

Jdu skenovat (viz Váš postup, který jste mi poslal)

OK.

Takže toto je log FRST.txt a v příloze dávám Addition.rar

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Raduz (administrator) on RADUZ-PC on 29-05-2014 21:15:04
Running from C:\Users\Raduz\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Raduz\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(forum.viry.cz) C:\Users\Raduz\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [498560 2013-04-21] (ELAN Microelectronic Corp.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-27] (AVAST Software)
HKU\S-1-5-21-705399959-2602027292-1708502953-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-705399959-2602027292-1708502953-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-705399959-2602027292-1708502953-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Raduz\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-705399959-2602027292-1708502953-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Raduz\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-705399959-2602027292-1708502953-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe [814984 2013-07-24] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKCU - {01E4378B-43AC-4B89-8AB5-13D81749FE02} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {113BCFF3-2F5F-4D00-9E2B-DDB13A22B170} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {51FBF707-1595-4FB9-B316-8CF86E36272F} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {57CB0EBB-4043-4D92-99B4-ACC261F3655C} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {7D23B063-91BD-4784-9AB5-18C28E4A84F3} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {BF574A39-5087-4717-A49F-4106D4A1E5A5} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKCU - {C2FE4214-2F96-4537-ABAD-B840769349E0} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {C9D9BD38-A566-406B-A5D0-7B8C1CD6BB21} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {F703A5E3-2DD5-4B80-8DCB-BDA9DB60F489} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {92A9ACF4-9333-43AE-9698-DB283326F87F} - No File
BHO: DealPly Shopping - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\grabber.dll (SPEEDbit)
Toolbar: HKLM - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
Toolbar: HKCU - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.2.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.2.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR StartupUrls: "hxxp://facebook.com/"
CHR Extension: (Dokumenty Google) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26]
CHR Extension: (Disk Google) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (SpeedBit Video Downloader) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb [2014-04-12]
CHR Extension: (Facebook Theme) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecafhogdjnebmoaebdkdcifnebfbkpoe [2014-03-16]
CHR Extension: (Downloader) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-26]
CHR Extension: (SpeedBit Search Predict) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea [2014-04-12]
CHR Extension: (Peněženka Google) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]
CHR HKLM\...\Chrome\Extension: [djcpfkccckpeeghiklnhienllljccglb] - C:\Program Files\SPEEDbit Video Downloader\Chrome\DownloaderChrome.crx [2014-04-12]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-08-09]
CHR HKLM\...\Chrome\Extension: [ledcpigomgblcmofccnacobhmcdkpiea] - C:\Program Files\SearchPredict\Chrome\SearchPredictChrome.crx [2014-04-12]

========================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-27] (AVAST Software)
S2 dealplylive; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-25] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-25] (DealPly Technologies Ltd)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1682768 2014-05-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-04-15] (LogMeIn, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-27] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-09-25] (Disc Soft Ltd)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [94208 2013-04-21] (ELAN Microelectronic Corp.)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2013-04-21] ( )
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1766592 2009-06-06] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 21:15 - 2014-05-29 21:15 - 00016501 _____ () C:\Users\Raduz\Desktop\FRST.txt
2014-05-29 21:14 - 2014-05-29 21:15 - 00000000 ____D () C:\FRST
2014-05-29 21:13 - 2014-05-29 21:13 - 00112640 _____ (forum.viry.cz) C:\Users\Raduz\Desktop\FRSTLauncher.exe
2014-05-29 15:25 - 2014-05-29 15:25 - 00037828 _____ () C:\Users\Raduz\Desktop\VIRY.CZ • Zobrazit téma - Návod na vytvoření logu z FRST (FRSTLauncher).htm
2014-05-29 15:25 - 2014-05-29 15:25 - 00000000 ____D () C:\Users\Raduz\Desktop\VIRY.CZ • Zobrazit téma - Návod na vytvoření logu z FRST (FRSTLauncher)_files
2014-05-29 15:21 - 2014-05-29 15:21 - 01056256 _____ (Farbar) C:\Users\Raduz\Desktop\FRST.exe
2014-05-27 22:00 - 2014-05-27 22:00 - 00000000 ____D () C:\Users\Raduz\AppData\Roaming\AVAST Software
2014-05-27 21:57 - 2014-05-27 22:27 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-27 21:57 - 2014-05-27 21:56 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-27 21:56 - 2014-05-27 21:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-19 15:05 - 2014-05-19 15:47 - 00000000 ____D () C:\Users\Raduz\Downloads\Nudist Pictures 3
2014-05-15 21:45 - 2014-05-15 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-15 21:45 - 2014-05-15 21:45 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-05-08 15:18 - 2014-05-08 15:18 - 00000000 ____D () C:\Users\Raduz\AppData\Local\AVG
2014-05-08 15:16 - 2014-05-08 15:16 - 00000000 ____D () C:\Users\Raduz\Documents\DVDVideoSoft
2014-05-07 12:41 - 2014-05-07 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-05-07 12:41 - 2014-05-07 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-07 12:40 - 2014-05-07 12:40 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-07 12:39 - 2014-05-07 12:39 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-05-07 12:38 - 2014-05-07 12:38 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-05-07 12:36 - 2014-05-07 12:36 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-05-07 12:35 - 2014-05-07 12:35 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-05-07 12:32 - 2014-05-07 12:38 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-07 12:32 - 2014-05-07 12:32 - 00000000 __RHD () C:\MSOCache

==================== One Month Modified Files and Folders =======

2014-05-29 21:15 - 2014-05-29 21:15 - 00016501 _____ () C:\Users\Raduz\Desktop\FRST.txt
2014-05-29 21:15 - 2014-05-29 21:14 - 00000000 ____D () C:\FRST
2014-05-29 21:15 - 2013-04-21 20:26 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 21:13 - 2014-05-29 21:13 - 00112640 _____ (forum.viry.cz) C:\Users\Raduz\Desktop\FRSTLauncher.exe
2014-05-29 21:12 - 2014-03-19 15:14 - 00000000 ___RD () C:\Users\Raduz\Desktop\Stažené
2014-05-29 20:41 - 2013-04-21 12:56 - 00000000 ___RD () C:\Users\Raduz\Desktop\Fotky
2014-05-29 20:35 - 2010-11-20 23:01 - 01470062 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 20:24 - 2013-07-25 14:19 - 00000892 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-05-29 20:19 - 2013-07-25 14:19 - 00000290 _____ () C:\Windows\Tasks\Dealply.job
2014-05-29 20:14 - 2013-04-21 18:36 - 01443173 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 19:38 - 2013-09-25 15:04 - 00000000 ____D () C:\Users\Raduz\AppData\Roaming\Seznam.cz
2014-05-29 19:32 - 2013-04-23 18:29 - 00000000 ____D () C:\Users\Raduz\AppData\Local\LogMeIn Hamachi
2014-05-29 19:30 - 2013-07-25 14:19 - 00000888 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-05-29 19:29 - 2013-04-21 20:26 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 19:29 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 19:29 - 2009-07-14 06:39 - 00072476 _____ () C:\Windows\setupact.log
2014-05-29 16:59 - 2009-07-14 06:34 - 00025024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 16:59 - 2009-07-14 06:34 - 00025024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 16:01 - 2014-04-28 11:30 - 00000000 ____D () C:\Users\Raduz\Desktop\Mix z netu
2014-05-29 15:25 - 2014-05-29 15:25 - 00037828 _____ () C:\Users\Raduz\Desktop\VIRY.CZ • Zobrazit téma - Návod na vytvoření logu z FRST (FRSTLauncher).htm
2014-05-29 15:25 - 2014-05-29 15:25 - 00000000 ____D () C:\Users\Raduz\Desktop\VIRY.CZ • Zobrazit téma - Návod na vytvoření logu z FRST (FRSTLauncher)_files
2014-05-29 15:21 - 2014-05-29 15:21 - 01056256 _____ (Farbar) C:\Users\Raduz\Desktop\FRST.exe
2014-05-28 23:29 - 2013-05-16 21:53 - 00000000 ____D () C:\FFOutput
2014-05-28 23:28 - 2013-05-01 14:21 - 00000000 ____D () C:\Users\Raduz\AppData\Roaming\vlc
2014-05-27 22:27 - 2014-05-27 21:57 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-27 22:27 - 2013-04-21 20:56 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-27 22:27 - 2013-04-21 20:56 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-27 22:00 - 2014-05-27 22:00 - 00000000 ____D () C:\Users\Raduz\AppData\Roaming\AVAST Software
2014-05-27 21:58 - 2010-11-20 23:48 - 00185912 _____ () C:\Windows\PFRO.log
2014-05-27 21:56 - 2014-05-27 21:57 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-27 21:56 - 2014-05-27 21:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-27 21:56 - 2013-04-21 20:56 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401222471948
2014-05-27 21:56 - 2013-04-21 20:56 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401222471948
2014-05-27 21:56 - 2013-04-21 20:56 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-27 21:56 - 2013-04-21 20:56 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-27 21:56 - 2013-04-21 20:56 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-27 21:56 - 2013-04-21 20:56 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-27 21:56 - 2013-04-21 20:55 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-27 21:52 - 2013-04-21 20:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-27 21:52 - 2009-07-14 04:04 - 00002577 _____ () C:\Windows\system32\config.nt
2014-05-27 21:44 - 2013-08-02 20:18 - 00000000 ____D () C:\Users\Raduz\AppData\Local\CrashDumps
2014-05-23 15:12 - 2013-04-21 23:09 - 00000000 ___RD () C:\Users\Raduz\Desktop\Dokumenty
2014-05-20 18:54 - 2013-04-28 21:09 - 00007680 _____ () C:\Users\Raduz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-19 16:12 - 2013-04-22 12:39 - 00000000 ____D () C:\Users\Raduz\AppData\Roaming\uTorrent
2014-05-19 15:47 - 2014-05-19 15:05 - 00000000 ____D () C:\Users\Raduz\Downloads\Nudist Pictures 3
2014-05-15 21:45 - 2014-05-15 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-15 21:45 - 2014-05-15 21:45 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-05-08 22:25 - 2013-11-11 16:36 - 00000000 ____D () C:\Users\Raduz\AppData\Roaming\DVDVideoSoft
2014-05-08 16:01 - 2013-04-21 18:57 - 00000000 ____D () C:\Users\Raduz\AppData\Local\VirtualStore
2014-05-08 15:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-08 15:18 - 2014-05-08 15:18 - 00000000 ____D () C:\Users\Raduz\AppData\Local\AVG
2014-05-08 15:16 - 2014-05-08 15:16 - 00000000 ____D () C:\Users\Raduz\Documents\DVDVideoSoft
2014-05-08 15:16 - 2013-11-11 16:41 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-08 15:15 - 2013-11-11 16:36 - 00000000 ____D () C:\Users\Raduz\AppData\Roaming\OpenCandy
2014-05-07 21:19 - 2009-07-14 06:33 - 03814776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 15:33 - 2013-04-21 19:11 - 00121208 _____ () C:\Users\Raduz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-07 12:47 - 2013-04-22 12:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-07 12:41 - 2014-05-07 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-05-07 12:41 - 2014-05-07 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-07 12:40 - 2014-05-07 12:40 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-07 12:40 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-07 12:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-07 12:39 - 2014-05-07 12:39 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-05-07 12:39 - 2010-11-21 02:46 - 00000000 ____D () C:\Windows\ShellNew
2014-05-07 12:38 - 2014-05-07 12:38 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-05-07 12:38 - 2014-05-07 12:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-07 12:38 - 2013-05-09 17:10 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-07 12:38 - 2013-04-21 20:36 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-05-07 12:36 - 2014-05-07 12:36 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-05-07 12:35 - 2014-05-07 12:35 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-05-07 12:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-07 12:35 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2014-05-07 12:32 - 2014-05-07 12:32 - 00000000 __RHD () C:\MSOCache

Some content of TEMP:
====================
C:\Users\Raduz\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Raduz\AppData\Local\Temp\bitool.dll
C:\Users\Raduz\AppData\Local\Temp\cabex.dll
C:\Users\Raduz\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Raduz\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Raduz\AppData\Local\Temp\i4jdel0.exe
C:\Users\Raduz\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Raduz\AppData\Local\Temp\lowproc.exe
C:\Users\Raduz\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Raduz\AppData\Local\Temp\Optimizer_Pro.exe
C:\Users\Raduz\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Raduz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Raduz\AppData\Local\Temp\stubhelper.dll
C:\Users\Raduz\AppData\Local\Temp\unelevate.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll
[2010-11-20 23:29] - [2010-11-20 23:29] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Dealply.job => C:\Users\Raduz\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Raduz\Desktop" je 130641 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\S-1-5-21-705399959-2602027292-1708502953-1000\...\Run: [AdobeBridge] => [X]
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: No Name - {92A9ACF4-9333-43AE-9698-DB283326F87F} - No File
BHO: DealPly Shopping - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
C:\Program Files\DealPly
BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\grabber.dll (SPEEDbit)
Toolbar: HKLM - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
Toolbar: HKCU - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
CHR Extension: (Facebook Theme) - C:\Users\Raduz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecafhogdjnebmoaebdkdcifnebfbkpoe [2014-03-16]
S2 dealplylive; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-25] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-25] (DealPly Technologies Ltd)
C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
C:\Windows\Tasks\Dealply.job
C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Raduz\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
Task: {71A732D8-A912-4BA1-903F-85D16991539A} - System32\Tasks\Dealply => C:\Users\Raduz\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-07-25] () <==== ATTENTION
Task: {E4DD4A11-3DAC-40A5-AD81-2FAD108F1B28} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [2013-07-25] (DealPly Technologies Ltd) <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Raduz\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Na ploše je obroské množství dat (více než 130GB) . Přesuňte je do některého jiného adresáře a na plochu dejte pouze zástupce.