VIRY.CZ

Pozdravujem,
dnes za mnou prišla kolegyňa v štýle: ahoj mám na domácom PC problém, otvorila som nejaký e-mail, niečo sa stalo a za ten deň čo sa to stávalo mi to postupne zablokovalo všetky dokumenty a známym to posiela vraj tiež zavírené maily

Má tam neskutočné množstvo dokumentov asi odhadom za 12 rokov práce, záloha samozrejme žiadna
všetky word, excel atď dokumenty dostali dlhý názov bez možnosti otvorenia...
sklamane som sa na ňu pozrel že skúsim, ale veľa možnosti nevidím tak sa otočila a myslím že mierny infarkt so slzami v očiach určite prežila

Win XP aj Office, používa Outlook xpress, AVG trial čiže už nefungoval :/ a už jej tam stihol švagor nainštalovať McAfee Security lebo si myslel že ak preverí PC všetko sa dá do normálu...

moja úvaha, predpokladám že je to nejaký starý vírus, je tam prosím nejaké riešenie ako sa k tým dokumentom dostať?
snáď viete o čo ide
ďakujem

toto píše v každej zložke

!!! IMPORTANT INFORMATION !!!!

All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
http://en.wikipedia.org/wiki/RSA_(cryptosystem)
http://en.wikipedia.org/wiki/Advanced_E ... n_Standard

Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:

Edit rudy: Odkazy smazány, blokuje antivir a je nebezpečí, že si někdo klikne a zaviruje si PC.

If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: i3ezlvkoi7fwyood.onion/7379621EB1DBBDEE
4. Follow the instructions on the site.

!!! Your personal identification ID: 7379621EB1DBBDEE !!!

a tu je log čo som sa dočítal že Vám pomôže

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2016-03-23 17:12:25
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 58 GB (77%) free of 76 GB
Total RAM: 255 MB (24% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job - C:\WINDOWS\TEMP\{944388ED-FAB2-4C8C-9A55-D4AC16FC8EF2}.exe --uninstall=1
C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job - C:\WINDOWS\TEMP\{2BE050C3-A40D-4D64-A11E-4A89651A9521}.exe --uninstall=1
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004Core.job - C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004UA.job - C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ed74uhr0.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2222, avg@toolbar:15.2.0.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.0.0.248

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ed74uhr0.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E2402A0-5F99-4188-B30D-D8743996B340}]
SliderShowCtrl Class - C:\Program Files\LuckyTender\1.3.1\LuckyTender.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\19.3.0.491\AVG Secure Search_toolbar.dll [2016-03-16 3775560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - I.R.I.S. Desktop Search - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll [2006-01-11 1385768]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\19.3.0.491\AVG Secure Search_toolbar.dll [2016-03-16 3775560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-27 73728]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HPPQVideo"=C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [2007-05-07 106496]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2008-08-01 53248]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2008-08-04 36864]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2016-03-16 2662472]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AVG_UI"=C:\Program Files\AVG\Av\avuirunnerx.exe [2016-03-02 25512]
"AvgUi"=C:\Program Files\AVG\Framework\Common\avguirnx.exe [2016-02-18 179624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
"I.R.I.S. Desktop Search"=C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe [2006-01-11 5193512]
"ChromeFrameHelper"=C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome Frame\Application\32.0.1700.107\chrome_frame_helper.exe [2014-02-02 83784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\AVG2014\avgmfapx.exe"="C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\AVG\AVG2015\avgmfapx.exe"="C:\Program Files\AVG\AVG2015\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\Av\avgmfapx.exe"="C:\Program Files\AVG\Av\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"
"C:\Program Files\AVG\Av\avgnsx.exe"="C:\Program Files\AVG\Av\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\Av\avgdiagex.exe"="C:\Program Files\AVG\Av\avgdiagex.exe:*:Enabled:AVG Diagnostics"
"C:\Program Files\AVG\Av\avgemcx.exe"="C:\Program Files\AVG\Av\avgemcx.exe:*:Enabled:Personal Email Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2016-03-23 17:12:29 ----D---- C:\Program Files\trend micro
2016-03-23 17:12:25 ----D---- C:\rsit
2016-03-16 13:26:00 ----A---- C:\_Locky_recover_instructions.txt

======List of files/folders modified in the last 1 month======

2016-03-23 17:12:29 ----RD---- C:\Program Files
2016-03-23 17:11:47 ----D---- C:\WINDOWS\Prefetch
2016-03-23 17:11:34 ----D---- C:\WINDOWS\system32\CatRoot2
2016-03-23 16:37:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2016-03-23 16:12:23 ----D---- C:\WINDOWS\Temp
2016-03-23 15:53:42 ----HD---- C:\WINDOWS\inf
2016-03-23 07:57:09 ----SHD---- C:\WINDOWS\Installer
2016-03-23 07:55:11 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2016-03-21 18:37:44 ----A---- C:\WINDOWS\wincmd.ini
2016-03-21 07:30:26 ----D---- C:\WINDOWS
2016-03-17 11:48:26 ----D---- C:\WINDOWS\system32\drivers
2016-03-16 13:31:49 ----D---- C:\ac2a3a1d92a8bf7f22b9f9001d
2016-03-16 07:02:12 ----D---- C:\WINDOWS\system32\cache
2016-03-16 07:01:57 ----D---- C:\Program Files\AVG Secure Search
2016-03-14 07:21:49 ----D---- C:\WINDOWS\system32
2016-03-14 07:21:43 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-10 03:16:25 ----D---- C:\WINDOWS\system32\MRT
2016-03-10 03:03:51 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2016-01-26 207792]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2016-02-03 297904]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2016-03-02 205744]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2015-12-04 37296]
R0 Avgunivx;AVG Universal Driver; C:\WINDOWS\system32\DRIVERS\avgunivx.sys [2016-01-08 23472]
R1 Avgdiskx;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiskx.sys [2015-11-06 149936]
R1 AVGIDSDriverl;AVGIDSDriverl; C:\WINDOWS\system32\DRIVERS\avgidsdriverlx.sys [2016-01-26 244656]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2015-11-20 31664]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2015-10-08 231856]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2015-10-21 229296]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgsvc;AVG Service; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [2016-02-18 865704]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\Av\avgwdsvcx.exe [2016-03-02 561104]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 vToolbarUpdater19.3.0;vToolbarUpdater19.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe [2016-03-16 1888328]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [2016-03-02 3934184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-14 269504]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-15 147624]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

ĎAKUJEM

Zdravím!
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

ďakujem, logy nižšie

Malwarebytes Anti-Malware
www.malwarebytes.org

Dátum kontroly: 23.3.2016
Čas kontroly: 19:33:02
Protokol: mam.txt
Správca: Áno

Verzia: 2.2.1.1043
Dazabáza malware: v2016.02.16.06
Databáza rootkitov: v2016.02.08.01
Licencia: Bezplatná verzia
Ochrana pred škodlivým softvérom: Vypnuté
Ochrana pred škodlivými webstránkami: Vypnuté
Vlastná ochrana: Vypnuté

OS: Windows XP Service Pack 3
CPU: x86
Súborový systém: NTFS
Používateľ: Peter

Typ kontroly: Kontrola hrozieb
Výsledok: Dokončená
Skontrolovaných objektov: 314497
Uplynulý čas: 1 hod, 37 min 41 s

Pamäť: Zapnuté
Pri spustení: Zapnuté
Súborový systém: Zapnuté
Archívy: Zapnuté
Rootkity: Vypnuté
Heuristika: Zapnuté
PUP: Zapnuté
PUM: Zapnuté

Procesy: 0
(Žiadne škodlivé položky neboli zistené)

Moduly: 0
(Žiadne škodlivé položky neboli zistené)

Kľúče databázy Registry: 12
Adware.LuckyTender, HKLM\SOFTWARE\CLASSES\CLSID\{3794345D-C731-4FBB-8471-73DDC8DFFDD2}, , [580e5f020a8f76c042830f79867ceb15],
Adware.LuckyTender, HKLM\SOFTWARE\CLASSES\INTERFACE\{3794345D-C731-4FBB-8471-73DDC8DFFDD2}, , [580e5f020a8f76c042830f79867ceb15],
Adware.LuckyTender, HKLM\SOFTWARE\CLASSES\CLSID\{5E2402A0-5F99-4188-B30D-D8743996B340}, , [6ef81d449efb3df914b2a3e5fa080df3],
Adware.LuckyTender, HKLM\SOFTWARE\CLASSES\TYPELIB\{96EDCF67-4637-4288-9A0D-4282EBF26D62}, , [6ef81d449efb3df914b2a3e5fa080df3],
Adware.LuckyTender, HKLM\SOFTWARE\CLASSES\INTERFACE\{13E3FF74-B861-4E69-B223-43D711686832}, , [6ef81d449efb3df914b2a3e5fa080df3],
Adware.LuckyTender, HKLM\SOFTWARE\CLASSES\INTERFACE\{DE85A67A-3F04-4ABA-A10B-A37B220AFB70}, , [6ef81d449efb3df914b2a3e5fa080df3],
Adware.LuckyTender, HKLM\SOFTWARE\CLASSES\SliderShow.SliderShowCtrl.1, , [6ef81d449efb3df914b2a3e5fa080df3],
Adware.LuckyTender, HKLM\SOFTWARE\CLASSES\SliderShow.SliderShowCtrl, , [6ef81d449efb3df914b2a3e5fa080df3],
Adware.LuckyTender, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5E2402A0-5F99-4188-B30D-D8743996B340}, , [6ef81d449efb3df914b2a3e5fa080df3],
Adware.LuckyTender, HKU\S-1-5-21-583907252-2052111302-682003330-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5E2402A0-5F99-4188-B30D-D8743996B340}, , [6ef81d449efb3df914b2a3e5fa080df3],
Rogue.WinAntiVirus, HKU\S-1-5-21-583907252-2052111302-682003330-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}, , [bfa7c69be4b5be7847c6c7c68f73f907],
Adware.LuckyTender, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\LuckyTender, , [bda976eba4f576c0ba5c125793703cc4],

Hodnoty databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Údaj databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Priečinky: 2
Adware.LuckyTender, C:\Program Files\LUCKYTENDER, , [71f5e67beeab7fb7b57c209021e106fa],
Adware.LuckyTender, C:\Program Files\LUCKYTENDER\1.3.1, , [71f5e67beeab7fb7b57c209021e106fa],

Súbory: 0
(Žiadne škodlivé položky neboli zistené)

Fyzické sektory: 0
(Žiadne škodlivé položky neboli zistené)

(end)

Smažte všechny nalezené položky, restartujte a pak spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

páči sa

# AdwCleaner v5.105 - Logfile created 24/03/2016 at 00:30:53
# Updated 21/03/2016 by Xplode
# Database : 2016-03-20.7 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Peter - SPRAVKYNA
# Running from : C:\Documents and Settings\Peter\Desktop\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : AVG Security Toolbar Service
[-] Service Deleted : vToolbarUpdater19.3.0

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[-] Folder Deleted : C:\Documents and Settings\Peter\Application Data\AVG Secure Search
[-] Folder Deleted : C:\Documents and Settings\Peter\Application Data\Yahoo!\Companion
[-] Folder Deleted : C:\Documents and Settings\Peter\Local Settings\Application Data\AVG Secure Search
[-] Folder Deleted : C:\Documents and Settings\Peter\Local Settings\Application Data\AVG Security Toolbar
[-] Folder Deleted : C:\Program Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\AVG\AVG10\Toolbar
[-] Folder Deleted : C:\Program Files\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_HP_rmv
[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC
[-] Key Deleted : HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AVG Web TuneUp
[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\DesktopSearch
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Secure
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Security Toolbar
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Data Restored : HKU\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ed74uhr0.default\prefs.js] [Preference] Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\FireFoxExt\\18.0.0.248");
[-] [C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ed74uhr0.default\prefs.js] [Preference] Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[-] [C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ed74uhr0.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[-] [C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [11089 bytes] - [24/03/2016 00:30:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [11987 bytes] - [24/03/2016 00:28:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11237 bytes] ##########

Dejte nový log RSIT.

nech sa páči, ďakujem

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2016-03-24 18:21:43
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 58 GB (76%) free of 76 GB
Total RAM: 255 MB (12% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004Core.job - C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004UA.job - C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ed74uhr0.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2222, avg@toolbar:15.2.0.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ed74uhr0.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - I.R.I.S. Desktop Search - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll [2006-01-11 1385768]
{95B7759C-8C7F-4BF1-B163-73684A933233}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-27 73728]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HPPQVideo"=C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [2007-05-07 106496]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2008-08-01 53248]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2008-08-04 36864]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AVG_UI"=C:\Program Files\AVG\Av\avuirunnerx.exe [2016-03-02 25512]
"AvgUi"=C:\Program Files\AVG\Framework\Common\avguirnx.exe [2016-02-18 179624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
"I.R.I.S. Desktop Search"=C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe [2006-01-11 5193512]
"ChromeFrameHelper"=C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome Frame\Application\32.0.1700.107\chrome_frame_helper.exe [2014-02-02 83784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\AVG2014\avgmfapx.exe"="C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\AVG\AVG2015\avgmfapx.exe"="C:\Program Files\AVG\AVG2015\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\Av\avgmfapx.exe"="C:\Program Files\AVG\Av\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"
"C:\Program Files\AVG\Av\avgnsx.exe"="C:\Program Files\AVG\Av\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\Av\avgdiagex.exe"="C:\Program Files\AVG\Av\avgdiagex.exe:*:Enabled:AVG Diagnostics"
"C:\Program Files\AVG\Av\avgemcx.exe"="C:\Program Files\AVG\Av\avgemcx.exe:*:Enabled:Personal Email Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2016-03-23 22:00:24 ----ASH---- C:\hiberfil.sys
2016-03-23 21:54:58 ----D---- C:\AdwCleaner
2016-03-23 19:32:40 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2016-03-23 19:32:01 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2016-03-23 19:32:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-03-23 19:32:01 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2016-03-23 19:32:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2016-03-23 17:12:29 ----D---- C:\Program Files\trend micro
2016-03-23 17:12:25 ----D---- C:\rsit
2016-03-16 13:26:00 ----A---- C:\_Locky_recover_instructions.txt

======List of files/folders modified in the last 1 month======

2016-03-24 18:21:13 ----D---- C:\WINDOWS\Temp
2016-03-24 00:37:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2016-03-24 00:33:32 ----D---- C:\WINDOWS\Prefetch
2016-03-24 00:33:15 ----SD---- C:\WINDOWS\Tasks
2016-03-24 00:33:14 ----D---- C:\Program Files\Common Files
2016-03-24 00:32:17 ----RD---- C:\Program Files
2016-03-23 21:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2016-03-23 19:32:40 ----D---- C:\WINDOWS\system32\drivers
2016-03-23 17:39:01 ----D---- C:\WINDOWS\system32\CatRoot2
2016-03-23 15:53:42 ----HD---- C:\WINDOWS\inf
2016-03-23 07:57:09 ----SHD---- C:\WINDOWS\Installer
2016-03-21 18:37:44 ----A---- C:\WINDOWS\wincmd.ini
2016-03-21 07:30:26 ----D---- C:\WINDOWS
2016-03-16 13:31:49 ----D---- C:\ac2a3a1d92a8bf7f22b9f9001d
2016-03-16 07:02:12 ----D---- C:\WINDOWS\system32\cache
2016-03-14 07:21:49 ----D---- C:\WINDOWS\system32
2016-03-14 07:21:43 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-10 03:16:25 ----D---- C:\WINDOWS\system32\MRT
2016-03-10 03:03:51 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2016-01-26 207792]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2016-02-03 297904]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2016-03-02 205744]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2015-12-04 37296]
R0 Avgunivx;AVG Universal Driver; C:\WINDOWS\system32\DRIVERS\avgunivx.sys [2016-01-08 23472]
R1 Avgdiskx;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiskx.sys [2015-11-06 149936]
R1 AVGIDSDriverl;AVGIDSDriverl; C:\WINDOWS\system32\DRIVERS\avgidsdriverlx.sys [2016-01-26 244656]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2015-11-20 31664]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2015-10-08 231856]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2015-10-21 229296]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgsvc;AVG Service; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [2016-02-18 865704]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\Av\avgwdsvcx.exe [2016-03-02 561104]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [2016-03-02 3934184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-14 269504]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-15 147624]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004UA.job
C:\Program Files\McAfee Security Scan
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-

:services
McComponentHostService

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

nový RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2016-03-24 20:10:56
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 61 GB (80%) free of 76 GB
Total RAM: 255 MB (6% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ed74uhr0.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2222, avg@toolbar:15.2.0.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ed74uhr0.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-27 73728]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HPPQVideo"=C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [2007-05-07 106496]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2008-08-01 53248]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2008-08-04 36864]
"AVG_UI"=C:\Program Files\AVG\Av\avuirunnerx.exe [2016-03-02 25512]
"AvgUi"=C:\Program Files\AVG\Framework\Common\avguirnx.exe [2016-02-18 179624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
"I.R.I.S. Desktop Search"=C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe [2006-01-11 5193512]
"ChromeFrameHelper"=C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome Frame\Application\32.0.1700.107\chrome_frame_helper.exe [2014-02-02 83784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\AVG2014\avgmfapx.exe"="C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\AVG\AVG2015\avgmfapx.exe"="C:\Program Files\AVG\AVG2015\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\Av\avgmfapx.exe"="C:\Program Files\AVG\Av\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"
"C:\Program Files\AVG\Av\avgnsx.exe"="C:\Program Files\AVG\Av\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\Av\avgdiagex.exe"="C:\Program Files\AVG\Av\avgdiagex.exe:*:Enabled:AVG Diagnostics"
"C:\Program Files\AVG\Av\avgemcx.exe"="C:\Program Files\AVG\Av\avgemcx.exe:*:Enabled:Personal Email Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2016-03-24 20:03:03 ----D---- C:\_OTM
2016-03-23 22:00:24 ----ASH---- C:\hiberfil.sys
2016-03-23 21:54:58 ----D---- C:\AdwCleaner
2016-03-23 19:32:40 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2016-03-23 19:32:01 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2016-03-23 19:32:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-03-23 19:32:01 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2016-03-23 19:32:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2016-03-23 17:12:29 ----D---- C:\Program Files\trend micro
2016-03-23 17:12:25 ----D---- C:\rsit
2016-03-16 13:26:00 ----A---- C:\_Locky_recover_instructions.txt

======List of files/folders modified in the last 1 month======

2016-03-24 20:11:21 ----D---- C:\WINDOWS\Prefetch
2016-03-24 20:11:04 ----D---- C:\WINDOWS\Temp
2016-03-24 20:08:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2016-03-24 20:06:35 ----D---- C:\WINDOWS\system32
2016-03-24 20:06:35 ----D---- C:\WINDOWS
2016-03-24 20:03:11 ----RD---- C:\Program Files
2016-03-24 20:03:10 ----SD---- C:\WINDOWS\Tasks
2016-03-24 20:02:03 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2016-03-24 00:33:14 ----D---- C:\Program Files\Common Files
2016-03-23 19:32:40 ----D---- C:\WINDOWS\system32\drivers
2016-03-23 17:39:01 ----D---- C:\WINDOWS\system32\CatRoot2
2016-03-23 15:53:42 ----HD---- C:\WINDOWS\inf
2016-03-23 07:57:09 ----SHD---- C:\WINDOWS\Installer
2016-03-21 18:37:44 ----A---- C:\WINDOWS\wincmd.ini
2016-03-16 13:31:49 ----D---- C:\ac2a3a1d92a8bf7f22b9f9001d
2016-03-16 07:02:12 ----D---- C:\WINDOWS\system32\cache
2016-03-14 07:21:43 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-10 03:16:25 ----D---- C:\WINDOWS\system32\MRT
2016-03-10 03:03:51 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2016-01-26 207792]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2016-02-03 297904]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2016-03-02 205744]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2015-12-04 37296]
R0 Avgunivx;AVG Universal Driver; C:\WINDOWS\system32\DRIVERS\avgunivx.sys [2016-01-08 23472]
R1 Avgdiskx;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiskx.sys [2015-11-06 149936]
R1 AVGIDSDriverl;AVGIDSDriverl; C:\WINDOWS\system32\DRIVERS\avgidsdriverlx.sys [2016-01-26 244656]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2015-11-20 31664]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2015-10-08 231856]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2015-10-21 229296]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgsvc;AVG Service; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [2016-02-18 865704]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\Av\avgwdsvcx.exe [2016-03-02 561104]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [2016-03-02 3934184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-14 269504]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-15 147624]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

pre "zaujímavosť" log z OTM

All processes killed
========== FILES ==========
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004UA.job moved successfully.
C:\Program Files\McAfee Security Scan\3.8.150\sacoredata folder moved successfully.
C:\Program Files\McAfee Security Scan\3.8.150 folder moved successfully.
C:\Program Files\McAfee Security Scan folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
========== SERVICES/DRIVERS ==========
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26733596 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38356 bytes

User: Peter
->Temp folder emptied: 1108011625 bytes
->Temporary Internet Files folder emptied: 168421516 bytes
->FireFox cache emptied: 199455480 bytes
->Google Chrome cache emptied: 28820091 bytes
->Flash cache emptied: 1551780 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1295643717 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 442064696 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 23221648 bytes

Total Files Cleaned = 3 143,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Peter
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 03242016_200303

Files moved on Reboot...

Registry entries deleted on Reboot...

Smazáno. Log je již OK.

Super a teraz mi prosím praďte ako mám odšifrovať názvy dokumentov a pootvárať ich

To je už složitější problém a nelze ho jednoduše řešit přes fórum. Je třeba přímý přístup do PC a toto nemáme právně ošetřeno. Zabývají se tím naši kolegové zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner .

Tak sa potom obrátim na nich

každopádne veľmi pekne ďakujem za ochotu vyčistiť logy

Rádo se stalo!

VIRY.CZ

RSA-2048 a AES-128 všetky dokumenty zablokovane

RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane

Re: RSA-2048 a AES-128 všetky dokumenty zablokovane