VIRY.CZ

Dobrý den. Na pc se mi zobrazila hláška zablokovaný pc - policie - zaplatit pokutu. pc jsem vypnul, při opětovném zapnutí uvedl do stavu nouze a proskenoval Nortonem, který nic nenalezl. Připojení na internet mi ani v nouzovém režimu nefunguje. Píšu tedy z jiného pc a prosím o pomoc.

Zdravim

Udelejte log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=24&t=130783

Udělám a ozvu se.

tady je výpis z logu:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by Administrator (administrator) on OP on 14-02-2015 15:39:22
Running from F:\
Loaded Profiles: Administrator (Available profiles: Pavel & Mirka & Anička & NeroMediaHomeUser.4 & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AMBDef] => C:\WINDOWS\AMBDef.exe [53248 2008-01-24] (Creative Technology Ltd.)
HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Nero MediaHome 4] => C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
URLSearchHook: [S-1-5-21-790525478-1417001333-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 0534727796
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0535043984
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @palmsource.com/installer,version=1.0 -> C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-17]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-14]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-14]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-14]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-14]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Torch\Plugins\TorchPlugin.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-10] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-10-29] (Nero AG)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2013-02-10] (Creative Labs) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
R3 ASAPIW2k; C:\WINDOWS\System32\drivers\ASAPIW2k.sys [11264 2004-03-10] (Pinnacle Systems GmbH) [File not signed]
S1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx86.sys [1164504 2015-02-03] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 cdrblock; C:\WINDOWS\System32\DRIVERS\cdrblock.sys [27704 2008-05-30] (Canopus Co,. Ltd.)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-14] (DT Soft Ltd)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
S2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S3 IDSxpx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150213.001\IDSxpx86.sys [475792 2015-02-06] (Symantec Corporation)
S3 k750bus; C:\WINDOWS\System32\DRIVERS\k750bus.sys [55216 2005-06-03] (MCCI)
S3 k750mdfl; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [6576 2005-06-03] (MCCI)
S3 k750mdm; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [89872 2005-06-03] (MCCI)
S3 k750mgmt; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [81728 2005-06-03] (MCCI)
S3 k750obex; C:\WINDOWS\System32\DRIVERS\k750obex.sys [79488 2005-06-03] (MCCI)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150213.019\NAVENG.SYS [95704 2015-01-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150213.019\NAVEX15.SYS [1636696 2015-01-20] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [458112 2007-10-29] (PixArt Imaging Inc.)
S3 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
S1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-11-16] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1506000.020\SYMTDI.SYS [423256 2014-02-18] (Symantec Corporation)
S3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1617408 2009-11-25] (VIA Technologies, Inc.)
S3 AsrCDDrv; \??\C:\WINDOWS\system32\Drivers\AsrCDDrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 15:38 - 2015-02-14 15:39 - 00000000 ____D () C:\FRST
2015-02-14 12:50 - 2015-02-14 12:50 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2015-02-14 12:47 - 2015-02-14 12:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Adobe
2015-02-14 12:46 - 2015-02-14 12:47 - 00001813 _____ () C:\Documents and Settings\Administrator\Plocha\Google Chrome.lnk
2015-02-14 12:46 - 2015-02-14 12:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Adobe
2015-02-14 12:42 - 2015-02-14 12:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google
2015-02-14 12:42 - 2015-02-14 12:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Google
2015-02-14 12:20 - 2015-02-14 12:20 - 00005120 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 13:47 - 2015-02-12 13:47 - 00454656 _____ () C:\Documents and Settings\Pavel\Plocha\A150210_VEN_024_DANE_2014C.XLS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 15:39 - 2014-04-29 10:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-02-14 15:37 - 2013-02-09 07:29 - 01121846 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-14 15:10 - 2014-01-31 11:51 - 00000000 ____D () C:\Documents and Settings\NeroMediaHomeUser.4\Local Settings\Temp
2015-02-14 15:09 - 2013-05-19 12:48 - 00000275 _____ () C:\WINDOWS\wiadebug.log
2015-02-14 15:09 - 2013-05-19 12:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-14 15:09 - 2013-02-09 14:50 - 00032514 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-14 15:09 - 2013-02-09 14:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 15:09 - 2013-02-09 14:46 - 01278720 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-14 15:06 - 2014-04-29 10:14 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-14 12:50 - 2014-04-29 10:14 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-02-14 12:49 - 2014-04-29 10:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Oblíbené položky
2015-02-14 12:47 - 2014-04-29 10:14 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2015-02-14 12:46 - 2014-04-29 10:14 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2015-02-14 12:46 - 2014-04-29 10:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2015-02-14 12:42 - 2013-10-29 20:02 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-14 12:19 - 2013-05-16 09:52 - 00920671 _____ () C:\WINDOWS\setupapi.log
2015-02-14 11:48 - 2013-02-09 14:55 - 00000272 ___SH () C:\Documents and Settings\Pavel\ntuser.ini
2015-02-14 11:45 - 2013-02-09 14:55 - 00000000 ____D () C:\Documents and Settings\Pavel\Local Settings\Temp
2015-02-14 11:44 - 2013-02-13 07:34 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 11:20 - 2013-06-21 16:27 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-14 11:11 - 2013-02-09 14:55 - 00000000 ____D () C:\Documents and Settings\Pavel\Plocha
2015-02-14 10:07 - 2014-03-28 09:33 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-14 10:07 - 2013-02-13 07:34 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 10:05 - 2006-03-02 13:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-12 15:04 - 2013-08-14 08:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 14:56 - 2013-02-12 02:06 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 14:55 - 2013-02-09 14:55 - 00000000 ____D () C:\Documents and Settings\Pavel
2015-02-12 13:57 - 2013-02-14 20:51 - 00002561 _____ () C:\Documents and Settings\Pavel\Plocha\Microsoft Office Word 2003.lnk
2015-02-10 22:14 - 2014-02-10 22:43 - 00000000 ____D () C:\Documents and Settings\Pavel\Plocha\Mirka
2015-02-09 00:44 - 2013-02-09 14:55 - 00000000 ___HD () C:\Documents and Settings\Pavel\Local Settings\Data aplikací
2015-02-08 15:05 - 2014-03-28 09:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-07 02:46 - 2013-02-13 08:12 - 00000178 ___SH () C:\Documents and Settings\Anička\ntuser.ini
2015-02-07 02:46 - 2013-02-13 08:12 - 00000000 ____D () C:\Documents and Settings\Anička
2015-02-06 19:58 - 2013-02-13 08:12 - 00000000 ____D () C:\Documents and Settings\Anička\Local Settings\Temp
2015-02-06 16:01 - 2013-04-25 15:56 - 00000000 ____D () C:\Documents and Settings\Anička\Local Settings\Data aplikací\Conduit
2015-02-06 16:01 - 2013-02-13 08:12 - 00000000 __RHD () C:\Documents and Settings\Anička\Data aplikací
2015-02-05 19:08 - 2013-04-23 13:20 - 00000000 ____D () C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Conduit
2015-02-05 18:20 - 2013-02-13 07:26 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 18:20 - 2013-02-13 07:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-28 19:54 - 2013-02-13 08:12 - 00000000 ____D () C:\Documents and Settings\Anička\Plocha

==================== Files in the root of some directories =======

2015-02-14 12:20 - 2015-02-14 12:20 - 0005120 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Documents and Settings\Pavel\WindowsXP-KB936929-SP3-x86-CSY.exe


Some content of TEMP:
====================
C:\Documents and Settings\Pavel\Local Settings\Temp\AUMgr.exe
C:\Documents and Settings\Pavel\Local Settings\Temp\GLF78.tmp.tbMovi.dll
C:\Documents and Settings\Pavel\Local Settings\Temp\installhelper.dll
C:\Documents and Settings\Pavel\Local Settings\Temp\NEW9A.tmp.exe
C:\Documents and Settings\Pavel\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Pavel\Local Settings\Temp\SRAssetsHelper.dll
C:\Documents and Settings\Pavel\Local Settings\Temp\tbMov0.dll
C:\Documents and Settings\Pavel\Local Settings\Temp\Welcome.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Log vypada cisty, zkuste nastartovat PC do bezneho rezimu, jestli bude blokovan

Divné. Blokován není. Jak je to možné? Nyní se hlásím už přímo z problémového pc. V nouzovém režimu se nešlo přihlásit na web. při pokusu o přihlášení na web se objevila hláška, že v pc něco změnilo nastavení prohlížeče a že stránky jsou nedostupné - jakékoli stránky - zkoušel jsem různé. Tak teď vůbec nevím, co se děje. Vir??

Ono je mnoho mutaci, nektere se jen nactou do docasnych souboru a doufaji na prekvapeni uzivatele a ze hned zaplati

Udelejte MBAM dle navodu kolegy

cernohous13 píše: Stáhni a nainstaluj MBAM zde http://www.bleepingcomputer.com/downloa ... re/dl/241/ verzi 1.75
Při instalaci ti jako první nabídne instalaci nové verze - dáš Storno - bude aktualizována jen databáze
Po instalaci Spustit -> na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program nezavírej

Rád bych odstranil případné "zbytky". nemám spustit ccleaner a případně poslat výpis? Není možné, že mám teď v pc něco, co sice neblokuje pc a přístup na web, ale sleduje, co dělám, případně mám pc zapojen v botnetu? A co ta hláška, že něco změnilo nastavení prohlížečů - není to něco stále v pc?

Ano udělám MBAM a ozvu se.

Pockame na MBAM a uvidime...

Zatím dva nalezené objekty. Ještě testuje. Pak se ozvu.

OuKej...

Tady to je. Bohužel skenování trvalo 7 hodin.


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2015.02.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pavel :: OP [administrátor]

Ochrana: Povolena

14.2.2015 17:59:57
MBAM-log-2015-02-15 (01-08-37).txt

Typ: Kompletní kontrola (C:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 587912
Uplynulý čas: 7 hodin, 10 minut, 35 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof (PUP.Optional.Delta.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Documents and Settings\Pavel\AppData\LocalLow\DataMngr (PUP.Optional.Datamngr.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pavel\Data aplikací\searchresultstb (PUP.Optional.SearchResultsToolbar.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 6
C:\Documents and Settings\Pavel\Dokumenty\Downloads\Movier-Installer.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pavel\Dokumenty\Downloads\Movier-Installer (1).exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pavel\Local Settings\Temp\NeroInstallFiles\NERO20131202115311600\ISSetupPrerequisites\opencandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Adobe1\keygen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{0D46959D-058B-4BAB-B75D-20207AFB4FFA}\RP544\A0056257.dll (PUP.Optional.Conduit) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pavel\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED} (PUP.Optional.Datamngr.A) -> Nebyla provedena žádná instrukce.

(konec)

vsechny nalezy MBAMu smazte

pak dejte FRST dle tohoto http://forum.viry.cz/viewtopic.php?f=30&t=133101