Podvodný e-mail

[Fjup]

Dobrý den, v rodině mě poprosili o pomoc s tím, že na domácím PC rozkliknul někdo e-mail a otevřel přílohu podvodného e-mailu obchody24.cz a já si s tím nevím rady.

Zjednodušeně ve winraru otevřeli archiv, i ten další vnitřní a následně i .scr soubor uvnitř.

PC je momentálně odpojen od internetu a já to řeším na dálku, v PC je nainstalován MS Security Essentials, který po chvíli otevření onoho .src souboru hlásil upozornění na pokus o stažení Tinby do PC, který zřejmě neproběhl, v zápalu boje ho prý již i odstranili z karantény, takže jsem to neměl šanci ověřit.

Přikládám log z RSIT a předem děkuji za ochotu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Semerak at 2015-01-13 13:37:52
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 212 GB (69%) free of 307 GB
Total RAM: 8103 MB (81% free)

HijackThis download failed

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
"C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
"C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe"
"C:\Program Files (x86)\SpeedFan\speedfan.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-eb6b7bcf-cc7e-4dc9-85b7-5b93d5e33c69 -SystemEventPortName:HostProcess-1c02defb-8b5b-41e9-a2d8-aa38df8bfba7 -IoCancelEventPortName:HostProcess-83d3bacc-2276-4e93-97aa-22db9651938a -NonStateChangingEventPortName:HostProcess-5e7dbd90-9580-4c1d-8c38-1f8883dfc59e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ce8799f5-938c-439a-a466-6b99c610cd9b -DeviceGroupId:WpdFsGroup
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\IrfanView\i_view32.exe" "C:\Users\Semerak\Documents\Osobní\Územní plán\Lhota letecká mapa 1953.png"

taskeng.exe {50E5E0B9-2961-47CB-8B1F-C0C02AFB481F}
taskeng.exe {A1C2DACC-35D6-4B81-90E9-36D6CFFD2F99}
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "F:\VIRY.pdf"
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=3064.0.985490434 --type=renderer "F:\VIRY.pdf"
"F:\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
taskhost.exe $(Arg0)
"C:\Users\Semerak\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\update-S-1-5-21-3730243165-907656754-2530024790-1000.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate

=========Mozilla firefox=========

ProfilePath - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.novinky.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, FasterFox_Lite@BigRedBrent:3.9Lite, {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL


C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-14 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-14 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-19 11613288]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2011-09-16 57928]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-01-29 171992]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-01-29 399832]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-01-29 442328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2011-10-24 1517520]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
"LightShot"=C:\Users\Semerak\AppData\Local\Skillbrains\lightshot\Lightshot.exe []
"OV3_Monitor"=C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [2014-09-09 420208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-12-15 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 3400C]
C:\sj652\hpupdate.exe [2002-02-01 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2012\qip.exe [2011-10-26 7110096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe [2011-10-23 557056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
C:\PROGRA~2\GAMING~1\MouseElf.EXE [2005-12-16 475228]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2010-04-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE [2013-06-25 228552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"EEventManager"=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2009-12-17 976832]
"OV3_Monitor"=C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe [2014-09-09 55664]
"Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2014-11-18 226560]

C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
speedfan – zástupce.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-01-29 442880]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-01-13 13:35:30 ----D---- C:\rsit
2015-01-13 13:35:30 ----D---- C:\Program Files\trend micro
2014-12-18 10:21:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-12-18 10:21:44 ----A---- C:\Windows\system32\ieUnatt.exe
2014-12-14 15:36:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2014-12-14 05:53:20 ----D---- C:\Windows\system32\appraiser
2014-12-14 05:33:03 ----A---- C:\Windows\SYSWOW64\mf.dll
2014-12-14 05:33:03 ----A---- C:\Windows\system32\mf.dll

======List of files/folders modified in the last 1 month======

2015-01-13 13:35:30 ----RD---- C:\Program Files
2015-01-13 11:12:26 ----D---- C:\Windows\system32\config
2015-01-13 11:02:57 ----D---- C:\Windows\Temp
2015-01-13 09:51:58 ----D---- C:\ProgramData\LogMeIn
2015-01-12 20:26:11 ----D---- C:\Windows\Tasks
2015-01-11 16:27:16 ----SHD---- C:\System Volume Information
2015-01-09 20:29:43 ----D---- C:\Windows\System32
2015-01-09 20:29:43 ----D---- C:\Windows\inf
2015-01-09 20:29:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-09 20:29:39 ----D---- C:\Windows\Prefetch
2015-01-09 20:27:28 ----SHD---- C:\Windows\Installer
2015-01-09 20:27:26 ----D---- C:\Windows\system32\Tasks
2015-01-09 20:25:47 ----D---- C:\Program Files (x86)\SpeedFan
2014-12-31 12:14:31 ----N---- C:\Windows\system32\MpSigStub.exe
2014-12-20 09:07:27 ----D---- C:\Windows\rescache
2014-12-20 03:00:55 ----D---- C:\Windows\winsxs
2014-12-20 03:00:38 ----D---- C:\Windows\SysWOW64
2014-12-14 15:36:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-14 05:53:20 ----SD---- C:\Windows\system32\CompatTel
2014-12-14 05:53:20 ----D---- C:\Windows\AppCompat
2014-12-14 05:53:19 ----SD---- C:\ProgramData\Microsoft
2014-12-14 05:53:19 ----D---- C:\Windows\SYSWOW64\en-US
2014-12-14 05:53:19 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-12-14 05:53:19 ----D---- C:\Windows\system32\en-US
2014-12-14 05:53:19 ----D---- C:\Windows\system32\drivers
2014-12-14 05:53:19 ----D---- C:\Windows\system32\cs-CZ
2014-12-14 05:53:19 ----D---- C:\Windows\PolicyDefinitions
2014-12-14 05:53:19 ----D---- C:\Program Files\Internet Explorer
2014-12-14 05:53:19 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-14 05:38:07 ----D---- C:\ProgramData\Microsoft Help
2014-12-14 05:37:16 ----D---- C:\Windows\system32\MRT
2014-12-14 05:35:27 ----A---- C:\Windows\system32\MRT.exe
2014-12-14 05:26:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-14 00:23:18 ----D---- C:\ProgramData\Oracle
2014-12-14 00:22:38 ----D---- C:\Program Files (x86)\Common Files
2014-12-14 00:22:01 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-12-14 00:22:00 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-12-14 00:22:00 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-12-14 00:21:59 ----A---- C:\Windows\SYSWOW64\java.exe
2014-12-14 00:21:45 ----D---- C:\Program Files (x86)\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 269008]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2011-10-24 230864]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-12 279616]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2013-05-31 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2011-09-16 72216]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 125584]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-01-29 5363200]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2011-09-16 11552]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 13824]
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2014-11-26 376168]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2014-11-26 226152]
R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2011-09-16 407424]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 23784]
R2 OKI OPHD DCS Loader;OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [2011-10-23 20480]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 368624]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-14 267440]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-01-29 279000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-24 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[altrok]

Zdravim

Co jsem ho chvili sledoval, tak se jedna o downloader (mozna neco odesila), ktery po restartu zneaktivni (pokud mezitim nestihl stahnout jinou havet). Ve Vasem logu videt neni, takze jen vycistime tempy, kam se ulozil.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Clean
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[Fjup]

Díky za bleskovou odpověď, zde je log:

# AdwCleaner v4.107 - Report created 13/01/2015 at 17:11:50
# Updated 07/01/2015 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Semerak - PRACOVNA2
# Running from : C:\Users\Semerak\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****

Task Deleted : update-sys
Task Deleted : update-S-1-5-21-3730243165-907656754-2530024790-1000

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\powerpack
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 cs)


*************************

AdwCleaner[R0].txt - [1071 octets] - [13/01/2015 17:10:37]
AdwCleaner[S0].txt - [934 octets] - [13/01/2015 17:11:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [993 octets] ##########

[altrok]

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[Fjup]

V příloze jsou oba soubory v ZIPu, níže plain FRST.txt.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Semerak (administrator) on PRACOVNA2 on 13-01-2015 18:08:17
Running from C:\Users\Semerak\Desktop
Loaded Profile: Semerak (Available profiles: Semerak)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Oki Data Corporation) C:\Windows\System32\spool\drivers\x64\3\OPHDLDCS.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(Almico Software (http://www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(forum.viry.cz) C:\Users\Semerak\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe [55664 2014-09-09] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-10-24] (TrueCrypt Foundation)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [LightShot] => C:\Users\Semerak\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [420208 2014-09-09] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\MountPoints2: {6e3d0097-0dd5-11e1-ab27-f46d047b04f6} - K:\unlock.exe autoplay=true
Startup: C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan – zástupce.lnk
ShortcutTarget: speedfan – zástupce.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (http://www.almico.com))

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab

FireFox:
========
FF ProfilePath: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default
FF Homepage: hxxp://www.novinky.cz/
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-11-01]
FF Extension: Classic Theme Restorer - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\elemhidehelper@adblockplus.org.xpi [2011-11-01]
FF Extension: Tab Utilities - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\tabutils@ithinc.cn.xpi [2011-11-01]
FF Extension: Adblock Plus - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-23]
FF Extension: Greasemonkey - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-20]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-26] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-26] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [20480 2011-10-23] (Oki Data Corporation) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-12] (DT Soft Ltd)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:08 - 2015-01-13 18:08 - 00012146 _____ () C:\Users\Semerak\Desktop\FRST.txt
2015-01-13 18:07 - 2015-01-13 18:08 - 00000000 ____D () C:\FRST
2015-01-13 18:04 - 2015-01-12 08:42 - 00112640 _____ (forum.viry.cz) C:\Users\Semerak\Desktop\FRSTLauncher.exe
2015-01-13 18:04 - 2015-01-12 08:38 - 02124288 _____ (Farbar) C:\Users\Semerak\Desktop\FRST64.exe
2015-01-13 17:10 - 2015-01-13 17:11 - 00000000 ____D () C:\AdwCleaner
2015-01-13 17:09 - 2015-01-12 07:54 - 02191360 _____ () C:\Users\Semerak\Desktop\adwcleaner_4.107.exe
2015-01-13 13:45 - 2015-01-13 13:45 - 00038440 _____ () C:\Users\Semerak\Desktop\info.txt
2015-01-13 13:36 - 2015-01-12 03:59 - 01222144 _____ () C:\Users\Semerak\Desktop\RSITx64.exe
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\rsit
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Program Files\trend micro
2015-01-12 21:26 - 2015-01-12 21:26 - 00000000 ____D () C:\Users\Semerak\Documents\Nová složka (4)
2015-01-12 21:19 - 2015-01-12 21:19 - 00001103 _____ () C:\Users\Semerak\Desktop\Mapa Maršov a Libňatov 2012.pdf – zástupce.lnk
2015-01-12 21:09 - 2015-01-12 21:09 - 00001121 _____ () C:\Users\Semerak\Desktop\Vyhláška 441-2013 Sb ocenění .pdf – zástupce.lnk
2015-01-12 20:36 - 2015-01-12 21:27 - 00000000 ____D () C:\Users\Semerak\Documents\PODKLADY sro,sdr
2015-01-10 09:24 - 2015-01-10 09:24 - 00353186 _____ () C:\Users\Semerak\Downloads\export.xls
2015-01-09 20:27 - 2015-01-09 20:27 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-04 15:43 - 2015-01-04 15:43 - 03290112 ____N () C:\Users\Semerak\Desktop\Doktorské.pps
2015-01-02 18:50 - 2015-01-02 18:51 - 00001391 _____ () C:\Users\Semerak\Desktop\2015 Faktury a výkaz OZE .xlsx – zástupce.lnk
2014-12-18 10:21 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:21 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 13:19 - 2014-12-17 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-12-14 15:36 - 2014-12-14 15:36 - 03540144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-14 05:53 - 2014-12-14 05:53 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-14 05:33 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-14 05:33 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:04 - 2011-10-23 17:41 - 01177112 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 17:35 - 2013-05-22 07:56 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 17:19 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 17:19 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 17:14 - 2014-01-25 13:05 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-13 17:14 - 2014-01-25 13:05 - 00001013 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-13 17:14 - 2011-11-12 23:11 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-13 17:13 - 2014-07-10 19:16 - 00004190 _____ () C:\Windows\setupact.log
2015-01-13 17:13 - 2013-05-22 07:56 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 17:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 17:12 - 2014-07-26 19:00 - 00010656 _____ () C:\Windows\PFRO.log
2015-01-13 17:09 - 2013-05-28 07:16 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 17:09 - 2011-12-13 06:33 - 00000000 ____D () C:\Users\Semerak\Documents\AA Outlook upraveno
2015-01-13 16:13 - 2014-02-10 10:53 - 00000000 ____D () C:\Users\Semerak\Documents\Faktury sro 2014
2015-01-13 15:55 - 2011-11-13 12:40 - 00000000 ____D () C:\Users\Semerak\Documents\Soubory aplikace Outlook
2015-01-13 14:21 - 2011-11-13 13:01 - 00000000 ____D () C:\Users\Semerak\Documents\Jirka
2015-01-13 10:56 - 2011-10-23 17:49 - 00000000 ____D () C:\Users\Semerak
2015-01-13 09:51 - 2011-10-23 15:58 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-12 21:38 - 2011-11-13 13:02 - 00000000 ____D () C:\Users\Semerak\Documents\Vánoční stromky
2015-01-12 21:37 - 2011-12-23 05:43 - 00000000 ____D () C:\Users\Semerak\Documents\Staženo zábava
2015-01-12 21:37 - 2011-11-13 13:01 - 00000000 ____D () C:\Users\Semerak\Documents\Osobní
2015-01-12 21:30 - 2011-11-13 13:01 - 00000000 ____D () C:\Users\Semerak\Documents\Iva
2015-01-12 21:26 - 2013-04-11 10:07 - 00000000 ____D () C:\Users\Semerak\Documents\sro návody
2015-01-12 21:25 - 2011-11-13 13:01 - 00000000 ____D () C:\Users\Semerak\Documents\Návody
2015-01-12 21:22 - 2011-11-13 10:02 - 00000000 ___RD () C:\Users\Semerak\Fotky pracovní
2015-01-12 21:20 - 2011-11-13 13:01 - 00000000 ____D () C:\Users\Semerak\Documents\Libňatov
2015-01-12 21:19 - 2011-11-13 13:01 - 00000000 ____D () C:\Users\Semerak\Documents\Maršov
2015-01-12 21:13 - 2011-11-13 13:00 - 00000000 ____D () C:\Users\Semerak\Documents\Dotace
2015-01-12 21:11 - 2012-01-20 07:23 - 00001069 _____ () C:\Users\Semerak\Desktop\TISK – zástupce.lnk
2015-01-12 21:09 - 2011-11-13 13:02 - 00000000 ____D () C:\Users\Semerak\Documents\zákony
2015-01-12 20:54 - 2014-07-12 08:08 - 00001573 _____ () C:\Users\Semerak\Desktop\Osnovy Maršov odd 115.pdf – zástupce.lnk
2015-01-12 20:53 - 2011-11-13 13:02 - 00000000 ____D () C:\Users\Semerak\Documents\Reklamace a pojistky
2015-01-12 20:51 - 2012-01-20 07:19 - 00000000 ____D () C:\Users\Semerak\Documents\AA TISK
2015-01-12 20:51 - 2011-11-13 13:02 - 00000000 ____D () C:\Users\Semerak\Documents\zeleň
2015-01-12 20:35 - 2011-11-13 13:02 - 00000000 ____D () C:\Users\Semerak\Documents\sro doklady
2015-01-09 20:29 - 2011-04-12 09:34 - 00672136 _____ () C:\Windows\system32\perfh005.dat
2015-01-09 20:29 - 2011-04-12 09:34 - 00142732 _____ () C:\Windows\system32\perfc005.dat
2015-01-09 20:29 - 2009-07-14 06:13 - 01593214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 14:07 - 2011-11-13 13:02 - 00000000 ____D () C:\Users\Semerak\Documents\sdružení evidence
2014-12-21 20:11 - 2011-11-13 13:02 - 00000000 ____D () C:\Users\Semerak\Documents\vzory
2014-12-20 09:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-17 13:19 - 2013-02-01 09:58 - 00000425 _____ () C:\Users\Semerak\AppData\Local\UserProducts.xml
2014-12-17 04:49 - 2013-01-09 16:33 - 00000000 ____D () C:\Users\Semerak\Documents\Faktury sro 2013
2014-12-15 05:22 - 2014-10-30 07:43 - 00001402 _____ () C:\Users\Semerak\Desktop\TG-3 Návod k použití.lnk
2014-12-14 15:36 - 2013-05-28 07:16 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-14 15:36 - 2012-04-12 05:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-14 15:36 - 2011-10-23 13:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-14 09:44 - 2014-08-26 10:07 - 00000000 ____D () C:\Users\Semerak\AppData\Local\Adobe
2014-12-14 05:53 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-14 05:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-14 05:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-14 05:38 - 2011-11-12 23:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-14 05:37 - 2013-08-05 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 05:35 - 2011-11-01 19:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-14 05:27 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-14 05:26 - 2012-05-02 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-14 00:23 - 2014-05-01 14:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-14 00:22 - 2014-05-01 14:29 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-14 00:22 - 2014-05-01 14:29 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-14 00:22 - 2014-05-01 14:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-14 00:21 - 2014-05-01 14:29 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-14 00:21 - 2013-04-17 15:57 - 00000000 ____D () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\Semerak\AppData\Local\Temp\233332692.exe
C:\Users\Semerak\AppData\Local\Temp\KMP_3.9.0.125.exe
C:\Users\Semerak\AppData\Local\Temp\KMP_3.9.0.127.exe
C:\Users\Semerak\AppData\Local\Temp\Quarantine.exe
C:\Users\Semerak\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Semerak\AppData\Local\Temp\sfareca00001.dll
C:\Users\Semerak\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-26 00:01




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Systémový a pracovní disk) (Fixed) (Total:300 GB) (Free:207.38 GB) NTFS
Drive d: (Data) (Fixed) (Total:631.41 GB) (Free:567.87 GB) NTFS
Drive f: () (Removable) (Total:14.83 GB) (Free:13.13 GB) FAT32

Available physical RAM: 7001.12 MB
Total physical RAM: 8103.21 MB
Percentage of memory in use: 13%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: C099E35C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=631.4 GB) - (Type=OF Extended)
Disk: 2 (Size: 14.8 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Semerak\Desktop" je 905 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 3400C
C:\sj652\hpupdate.exe 3400C [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium
"C:\Program Files (x86)\QIP 2012\qip.exe" /autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU
"C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf
C:\PROGRA~2\GAMING~1\MouseElf.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu
"C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut
"C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut
"C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut
"C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V��ezy obrazovky a spu�t�n� aplikace OneNote 2010.lnk
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE /tsr [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[altrok]

Velikost plochy by nemela presahovat 200 MB. Snizuje se pak start i samotny chod celeho PC.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
  HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\MountPoints2: {6e3d0097-0dd5-11e1-ab27-f46d047b04f6} - K:\unlock.exe autoplay=true
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
  FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
  FF Plugin: @microsoft.com/GENUINE -> disabled No File
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
  2015-01-13 18:08 - 2015-01-13 18:08 - 00012146 _____ () C:\Users\Semerak\Desktop\FRST.txt
  2015-01-13 18:04 - 2015-01-12 08:42 - 00112640 _____ (forum.viry.cz) C:\Users\Semerak\Desktop\FRSTLauncher.exe
  2015-01-13 17:10 - 2015-01-13 17:11 - 00000000 ____D () C:\AdwCleaner
  2015-01-13 17:09 - 2015-01-12 07:54 - 02191360 _____ () C:\Users\Semerak\Desktop\adwcleaner_4.107.exe
  2015-01-13 13:45 - 2015-01-13 13:45 - 00038440 _____ () C:\Users\Semerak\Desktop\info.txt
  2015-01-13 13:36 - 2015-01-12 03:59 - 01222144 _____ () C:\Users\Semerak\Desktop\RSITx64.exe
  2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\rsit
  2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Program Files\trend micro
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 3400C" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut" /f
  
  Task: {5CFD5C3C-CB9B-4740-A757-BE8B9DD1EB40} - System32\Tasks\{15B5C25E-37DA-4160-B15A-D7E94B8A49AA} => pcalua.exe -a C:\Users\Semerak\Desktop\fotos.exe -d C:\Users\Semerak\Desktop
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Hosts:
  EmptyTemp:
  End
  

[Fjup]

Když mi přeposílali mailem log, rozsypala se diakritika, tak snad to nebude ničemu vadit... Případně dodám nový log.
Jinak s tou plochou jim to vtloukám dohlavy pořád dokola, leč neúspěšně .

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02
Ran by Semerak at 2015-01-13 22:05:33 Run:1
Running from C:\Users\Semerak\Desktop
Loaded Profile: Semerak (Available profiles: Semerak)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\MountPoints2: {6e3d0097-0dd5-11e1-ab27-f46d047b04f6} - K:\unlock.exe autoplay=true
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2015-01-13 18:08 - 2015-01-13 18:08 - 00012146 _____ () C:\Users\Semerak\Desktop\FRST.txt
2015-01-13 18:04 - 2015-01-12 08:42 - 00112640 _____ (forum.viry.cz) C:\Users\Semerak\Desktop\FRSTLauncher.exe
2015-01-13 17:10 - 2015-01-13 17:11 - 00000000 ____D () C:\AdwCleaner
2015-01-13 17:09 - 2015-01-12 07:54 - 02191360 _____ () C:\Users\Semerak\Desktop\adwcleaner_4.107.exe
2015-01-13 13:45 - 2015-01-13 13:45 - 00038440 _____ () C:\Users\Semerak\Desktop\info.txt
2015-01-13 13:36 - 2015-01-12 03:59 - 01222144 _____ () C:\Users\Semerak\Desktop\RSITx64.exe
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\rsit
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Program Files\trend micro
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 3400C" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut" /f

Task: {5CFD5C3C-CB9B-4740-A757-BE8B9DD1EB40} - System32\Tasks\{15B5C25E-37DA-4160-B15A-D7E94B8A49AA} => pcalua.exe -a C:\Users\Semerak\Desktop\fotos.exe -d C:\Users\Semerak\Desktop
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End

*****************

Processes closed successfully.
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
"HKU\S-1-5-21-3730243165-907656754-2530024790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e3d0097-0dd5-11e1-ab27-f46d047b04f6}" => Key deleted successfully.
HKCR\CLSID\{6e3d0097-0dd5-11e1-ab27-f46d047b04f6} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Semerak\Desktop\FRST.txt => Moved successfully.
C:\Users\Semerak\Desktop\FRSTLauncher.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Semerak\Desktop\adwcleaner_4.107.exe => Moved successfully.
C:\Users\Semerak\Desktop\info.txt => Moved successfully.
C:\Users\Semerak\Desktop\RSITx64.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 3400C" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CFD5C3C-CB9B-4740-A757-BE8B9DD1EB40}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CFD5C3C-CB9B-4740-A757-BE8B9DD1EB40}" => Key deleted successfully.
C:\Windows\System32\Tasks\{15B5C25E-37DA-4160-B15A-D7E94B8A49AA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{15B5C25E-37DA-4160-B15A-D7E94B8A49AA}" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:05:57 ====

[altrok]

To je v poradku - diakritika.

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[Fjup]

No nyní již je minimální šance že je v PC nějaká havěť z mailu, která by mohla uškodit? Jen jestli mohu vzkázat, ať PC s klidným svědomím připojí k internetu, případně co v příštích dnech sledovat (a neotvírat podezřelé přílohy samozřejmě ).

Každopádně děkuji za bezchybnou pomoc, ochotu a bleskurychlé reakce

[altrok]

Ona v PC havet z prilohy ani aktivni nebyla (studuju ji ted nekolik hodin a chova se presne jak jsem napsal v prvni reakci... pokud neco nestihla stahnout, tak je po restartu neaktivni... dalsi moznosti je, ze jen sesbirala data o systemu (stare verze doplnku, nezaplatovany system atd.), aby se mohlo lepe cilene utocit). Promazaly jsme tempy, kam se namnozila, cili ted je PC cisty. K internetu se pripojit muzete. Za par dni muzete pustit na kontrolu MBAM nebo vlozit log do sekce Preventivky s odkazem na tento topic a koukneme na to

Každopádně děkuji za bezchybnou pomoc, ochotu a bleskurychlé reakce

je zkouskove, takze idealni cas na pomoc navstevnikum tohoto fora

Nemate zac

[Fjup]

Dobrá, ještě jednou děkuji a ať jde učení od ruky

P.S.: Teď už fakt musím finančně podpořit běh fóra

[altrok]

Dekuji za prani a jmenem celeho tymu za podporu fora


Mejte se krasne a treba zase nekdy