VIRY.CZ

Dobrý den, mám zřejmě problém s virem, využívá Facebook k přeposílání zavirovaného souboru v podobě odkazu na video lidem v mých kontaktech. Předem děkuji za radu a pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Milan (administrator) on MILAN-PC (09-04-2016 20:39:29)
Running from C:\Users\Milan\Desktop
Loaded Profiles: Milan (Available Profiles: Milan)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ManyCam LLC) C:\Program Files\ManyCam\Bin\ManyCam.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe
(Google, Inc) C:\Users\Milan\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
() C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Milan\Desktop\FRSTLauncher (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1097808 2011-04-19] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2217256 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\Run: [ManyCam] => C:\Program Files\ManyCam\Bin\ManyCam.exe [5402960 2013-02-12] (ManyCam LLC)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\Run: [Google Update] => C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-25] (Google Inc.)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\Run: [Google Photos Backup] => C:\Users\Milan\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc)
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {0d4e0eb8-7961-11e2-8b43-4c72b95d85d1} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {3df0653c-5b17-11e2-82cf-4c72b95d85d1} - G:\PcOptions.exe
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {418a0b4b-4dfb-11e2-9be2-4c72b95d85d1} - G:\PcOptions.exe
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {418a0b50-4dfb-11e2-9be2-4c72b95d85d1} - G:\PcOptions.exe
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {418a0c5c-4dfb-11e2-9be2-4c72b95d85d1} - G:\PcOptions.exe
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\...\MountPoints2: {dc7a76c9-3297-11e2-9113-806e6f6e6963} - E:\DistinguishOS.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FastMediaConverter.lnk [2014-02-27]
ShortcutTarget: FastMediaConverter.lnk -> C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe ()
Startup: C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Photosmart 5510 series.lnk [2016-03-16]
ShortcutTarget: Sledovat výstrahy inkoustu - HP Photosmart 5510 series.lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2014-03-06]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.152.40.4 10.152.40.5
Tcpip\..\Interfaces\{5282BB45-29C1-469C-8978-5273D99AD7AE}: [DhcpNameServer] 10.152.40.4 10.152.40.5
Tcpip\..\Interfaces\{FAC77702-3463-4F27-B98C-9914066A9D50}: [DhcpNameServer] 62.129.50.20 85.135.32.100

Internet Explorer:
==================
HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ATUSP-SAT&o=AP ... psv=&pt=tb
URLSearchHook: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
URLSearchHook: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
SearchScopes: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3458083E8E5F5AFE&affID=121564&tsp=4966
SearchScopes: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> {738EB5A9-C49E-40D4-8CAD-EE4BABFBDC53} URL = hxxp://www.search.ask.com/web?tpid=ATUSP-SAT&o ... psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> {A022376F-74C4-438E-84F4-7BE7C08461EF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File
Toolbar: HKU\S-1-5-21-3417029144-3067851500-4194244906-1000 -> No Name - {4D594333-0076-A76A-76A7-7A786E7484D7} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3417029144-3067851500-4194244906-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3417029144-3067851500-4194244906-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Milan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Quick Start) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghjjiajgjailphijjleedaankckhimge [2016-04-07]
CHR Extension: (Skype) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [aaaaaejaghnbcjilindpkgmcmdflpgjf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [aaaaapdcjfaomkafnbpoclmfakjianjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Milan\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Milan\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [25728 2009-12-24] (Google Inc)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [100864 2010-01-14] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [108032 2010-02-04] (QUALCOMM Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 20:39 - 2016-04-09 20:39 - 00016357 _____ C:\Users\Milan\Desktop\FRST.txt
2016-04-09 20:38 - 2016-04-09 20:39 - 00000000 ____D C:\FRST
2016-04-09 20:32 - 2016-04-09 20:32 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Downloads\Nepotvrzeno 464919.crdownload
2016-04-09 20:31 - 2016-04-09 20:31 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Downloads\Nepotvrzeno 195900.crdownload
2016-04-09 20:29 - 2016-04-09 20:33 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Desktop\FRSTLauncher (1).exe
2016-04-09 20:29 - 2016-04-09 20:29 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Downloads\Nepotvrzeno 76729.crdownload
2016-04-09 20:19 - 2016-04-09 20:19 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Downloads\Nepotvrzeno 278035.crdownload
2016-04-09 20:17 - 2016-04-09 20:17 - 01725440 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2016-04-07 20:44 - 2016-04-07 20:44 - 00172451 _____ C:\Users\Milan\Downloads\pravidla_souteze.pdf
2016-04-04 13:27 - 2016-04-04 13:27 - 06226574 _____ C:\Users\Milan\Desktop\Letak.pdf
2016-03-25 14:32 - 2016-03-25 14:32 - 00000000 ____D C:\Users\Milan\Desktop\jesus
2016-03-25 10:59 - 2016-03-25 11:53 - 969331902 _____ C:\Users\Milan\Downloads\Dánská-dívka-2015-cz-tit-[natu3].avi
2016-03-25 10:27 - 2016-03-25 10:40 - 224659019 _____ C:\Users\Milan\Downloads\Jesus-Christ-Superstar-Soundtrack-1973.rar
2016-03-11 17:33 - 2016-03-11 17:37 - 00024064 _____ C:\Users\Milan\Desktop\Harmonogram - jaro 2016.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 20:36 - 2013-01-02 19:40 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Skype
2016-04-09 20:01 - 2013-12-18 13:17 - 00000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2016-04-09 19:57 - 2013-01-01 19:00 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-09 19:07 - 2014-02-27 22:28 - 00000000 ____D C:\Program Files\FastMediaConverter
2016-04-09 19:01 - 2009-07-14 06:34 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-09 19:01 - 2009-07-14 06:34 - 00031744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-09 09:09 - 2013-01-01 19:00 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-09 08:56 - 2015-12-25 12:15 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417029144-3067851500-4194244906-1000Core.job
2016-04-08 20:05 - 2013-01-23 14:36 - 00000000 ____D C:\Users\Milan\AppData\Roaming\vlc
2016-03-28 20:59 - 2013-01-01 19:00 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-16 18:37 - 2011-04-12 03:37 - 00669132 _____ C:\Windows\system32\perfh005.dat
2016-03-16 18:37 - 2011-04-12 03:37 - 00141760 _____ C:\Windows\system32\perfc005.dat
2016-03-16 18:37 - 2010-11-20 23:01 - 01584626 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-16 18:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-03-16 18:31 - 2014-01-24 16:55 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-03-16 18:31 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

==================== Files in the root of some directories =======

2012-12-27 23:28 - 2015-12-28 09:58 - 0014336 _____ () C:\Users\Milan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-04 22:17 - 2015-11-04 22:17 - 0000275 _____ () C:\Users\Milan\AppData\Local\HamsterAudioConverterSettings.cfg
2012-12-31 03:54 - 2012-12-31 03:54 - 0004096 ____H () C:\Users\Milan\AppData\Local\keyfile3.drm
2015-12-21 17:36 - 2015-12-21 17:36 - 0001503 _____ () C:\Users\Milan\AppData\Local\recently-used.xbel
2014-12-18 21:20 - 2014-12-18 21:20 - 0000000 _____ () C:\Users\Milan\AppData\Local\{C746EFD0-B104-421B-A158-BCB7E4400BC0}
2013-12-18 13:15 - 2013-12-18 13:15 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Milan\AppData\Local\Temp\APNSetup.exe
C:\Users\Milan\AppData\Local\Temp\atcMedia6811446672335.exe
C:\Users\Milan\AppData\Local\Temp\atcMedia7891446672021.exe
C:\Users\Milan\AppData\Local\Temp\CSDJavaInstaller.dll
C:\Users\Milan\AppData\Local\Temp\csvrelay32.dll
C:\Users\Milan\AppData\Local\Temp\csvrelay64.dll
C:\Users\Milan\AppData\Local\Temp\csvrjavaloader32.dll
C:\Users\Milan\AppData\Local\Temp\csvrjavaloader64.dll
C:\Users\Milan\AppData\Local\Temp\csvrxul32.dll
C:\Users\Milan\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Milan\AppData\Local\Temp\PIP2691_MYC_.exe
C:\Users\Milan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Milan\AppData\Local\Temp\tbBitT.dll
C:\Users\Milan\AppData\Local\Temp\tbedrs.dll
C:\Users\Milan\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Milan\AppData\Local\Temp\~83B5.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417029144-3067851500-4194244906-1000Core.job => C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417029144-3067851500-4194244906-1000UA.job => C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Milan\Desktop" je 80685 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím
Na začátek poprosím o log z Frstu
http://forum.viry.cz/viewtopic.php?f=13&t=133100

Log jsem vlozila do 1. prispevku. Dekuji za pomoc

Co je jednotka G?

Já tu přes den občas nakouknu, tak Vám tu hodím celý postup, ať to máte vyčištěné dočista

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

Obnovte prohlížeče, které používáte
https://www.pcrisk.cz/jak-odstranit-spy ... cu-vychozi

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Dekuji moc...
vubec nevim, co by mela byt jednotka G. tady je log z cleanu
# AdwCleaner v5.109 - Log soubor vytvořen 10/04/2016 o 09:18:58
# Aktualizováno 04/04/2016 by Xplode
# Databáze : 2016-04-09.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (x86)
# Jméno uživatele : Milan - MILAN-PC
# Spuštěno z : C:\Users\Milan\Desktop\AdwCleaner.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****

[-] Složka smazáno : C:\Program Files\Conduit
[-] Složka smazáno : C:\Program Files\FastMediaConverter
[-] Složka smazáno : C:\Program Files\VNT
[-] Složka smazáno : C:\ProgramData\apn
[-] Složka smazáno : C:\ProgramData\Babylon
[#] Složka smazáno : C:\ProgramData\Application Data\apn
[#] Složka smazáno : C:\ProgramData\Application Data\Babylon
[-] Složka smazáno : C:\Users\Milan\AppData\Local\Conduit
[-] Složka smazáno : C:\Users\Milan\AppData\Local\NativeMessaging
[-] Složka smazáno : C:\Users\Milan\AppData\Local\TBHostSupport
[-] Složka smazáno : C:\Users\Milan\AppData\Local\VNT
[-] Složka smazáno : C:\Users\Milan\AppData\Local\WhiteListing
[-] Složka smazáno : C:\Users\Milan\AppData\Local\Temp\apn
[-] Složka smazáno : C:\Users\Milan\AppData\Local\Temp\APN-Stub
[-] Složka smazáno : C:\Users\Milan\AppData\LocalLow\BitTorrentControl_v12
[-] Složka smazáno : C:\Users\Milan\AppData\LocalLow\Conduit
[-] Složka smazáno : C:\Users\Milan\AppData\Roaming\Babylon
[-] Složka smazáno : C:\Users\Milan\AppData\Roaming\FastMediaConverter
[-] Složka smazáno : C:\Users\Milan\AppData\Roaming\OpenCandy
[-] Složka smazáno : C:\Users\Milan\Desktop\ppt

***** [ Soubory ] *****

[-] Soubor smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FastMediaConverter.lnk
[-] Soubor smazáno : C:\Windows\system32\roboot.exe

***** [ DLLs ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****

[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
[-] Klávesa smazáno : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
[-] Klávesa smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
[-] Klávesa smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf
[-] Klávesa smazáno : HKCU\Software\Classes\pokki
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Prod.cap
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
[-] Hodnota smazáno : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
[-] Klávesa smazáno : HKCU\Software\Conduit
[-] Klávesa smazáno : HKCU\Software\Cr_Installer
[-] Klávesa smazáno : HKCU\Software\DownLite
[-] Klávesa smazáno : HKCU\Software\powerpack
[-] Klávesa smazáno : HKCU\Software\VNT
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Crossrider
[-] Klávesa smazáno : HKLM\SOFTWARE\Conduit
[-] Klávesa smazáno : HKLM\SOFTWARE\hosts
[-] Klávesa smazáno : HKLM\SOFTWARE\PIP
[-] Klávesa smazáno : HKLM\SOFTWARE\Speedchecker Limited
[-] Klávesa smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3417029144-3067851500-4194244906-1000\Software\AskPartnerNetwork
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Obnoveno : HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{738EB5A9-C49E-40D4-8CAD-EE4BABFBDC53}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A022376F-74C4-438E-84F4-7BE7C08461EF}

***** [ Webové prohlížeče ] *****

[-] [C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : aaaaaejaghnbcjilindpkgmcmdflpgjf
[-] [C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : aaaaahaeginbdcckocjkhbciadcafnep
[-] [C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : aaaamlnbcjjkcgabjgbhdkjncianpaah
[-] [C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] smazáno : hxxp://www.search.ask.com/?p2=%5EAKH%5EYYYYYY% ... 03-26&psv=

*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5448 bytes] - [10/04/2016 09:18:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [7203 bytes] - [10/04/2016 09:16:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5594 bytes] ##########

a jeste vysledky ze zoek.Budu se tesit na rozlusteni problemu.


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Milan on ne 10.04.2016 at 9:34:03,77.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Milan\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.4.2016 9:36:10 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Dialup For Android Handset deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\paint.net deleted successfully
C:\Users\Milan\AppData\Roaming\Nico Mak Computing deleted successfully
C:\Users\Milan\AppData\Roaming\Opera Software deleted successfully
C:\Users\Milan\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Milan\AppData\Local\EmieSiteList deleted successfully
C:\Users\Milan\AppData\Local\EmieUserList deleted successfully
C:\Users\Milan\AppData\Local\GHISLER deleted successfully
C:\Users\Milan\AppData\Local\Opera Software deleted successfully
C:\Users\Milan\AppData\Local\Skype deleted successfully
C:\Users\Milan\AppData\Local\TB deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3417029144-3067851500-4194244906-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4D594333-0076-A76A-76A7-7A786E7484D7} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\Dialup For Android Handset not found
C:\Program Files\paint.net not found
C:\Users\Milan\AppData\Local\paint.net deleted
C:\Windows\system32\Tasks\HP Photo Creations Messager deleted
C:\Windows\tasks\HP Photo Creations Messager.job deleted
C:\Users\Milan\AppData\LocalLow\TB deleted
C:\Users\Public\Desktop\WinX YouTube Downloader.lnk deleted
"C:\Users\Milan\AppData\Local\{C746EFD0-B104-421B-A158-BCB7E4400BC0}" deleted

==== Orphaned Tasks deleted from Registry ======================

Software Removal Tool post reboot run deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaapdcjfaomkafnbpoclmfakjianjd - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08.01.2016 11:47]

Quick Start - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghjjiajgjailphijjleedaankckhimge
Skype - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF596e221.TMP will be reset at reboot
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\Desktop\toshiba_muj_stary_milenec\\rathead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\Desktop\toshiba_muj_stary_milenec\\rathead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Milan\Desktop\toshiba_muj_stary_milenec\\rathead\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02ODC7LA will be deleted at reboot
C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6FHMQKB will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=260 folders=8 5271142 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Milan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Milan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF596e221.TMP" not found
"C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02ODC7LA" not found
"C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6FHMQKB" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ne 10.04.2016 at 9:51:17,46 ======================

Ještě si změňte heslo na FCB. pak se podívejte na nastavení - aplikace, pokud je tam nějaká, kterou neznáte, odstraňte ji.

A ještě udělejte mbam, nic nemažte, log vložte zde.
http://forum.viry.cz/viewtopic.php?f=29&t=144868


Nevím, zda byl vir pouze jako aplikace na FCB, nebo i zažraný v prohlížeči, ale kroky co jsme udělaly, by měli pomoci:)

Dobre odpoledne,
provedla jsem vse podle navodu, ale log mi to nenabidlo ulozit, takze po restartu ho asi nikde nemam no, jsem uplny amater. Omlouvam se. A hlavne-dekuji! Jak se mohu revanzovat?
Bylo tam jeste 6 detekovanych veci, ale v cem a kde, to se nepamatuji.

Když otevřete mbam, někde nahoře je záložka logy, nabídne to uložení, většinou v dokumentech.
jak to ted vypadá s FCB?

K těm fleškám, G a E,nebo to mohou být třeba CD nebo externí disk, nevzpomenete si?

Tak jsem nejakym pro mne zahadnym zpusobem udelala export dvou logu do .txt. Snad to je ono:) E: je CD, tak G by mel bylo byt nektere usb. Ale krome flash disku tak myslim nebylo nic pripojeno. Na Facebooku zatim nikdo z pratel nehlasi, ze mu neco nevhodneho posilam...


Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 10.4.2016 12:16, SYSTEM, MILAN-PC, Protection, Malware Protection, Starting,
Protection, 10.4.2016 12:16, SYSTEM, MILAN-PC, Protection, Malware Protection, Started,
Protection, 10.4.2016 12:16, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.4.2016 12:16, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Started,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, Remediation Database, 2016.2.12.1, 2016.4.5.1,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.4.9.1,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, Domain Database, 2016.2.16.8, 2016.4.10.2,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, IP Database, 2016.2.8.1, 2016.4.7.1,
Update, 10.4.2016 12:17, SYSTEM, MILAN-PC, Manual, Malware Database, 2016.2.16.6, 2016.4.10.1,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Refresh, Starting,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Refresh, Success,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.4.2016 12:17, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Started,
Update, 10.4.2016 13:06, SYSTEM, MILAN-PC, Scheduler, Malware Database, 2016.4.10.1, 2016.4.10.2,
Protection, 10.4.2016 13:06, SYSTEM, MILAN-PC, Protection, Refresh, Starting,
Protection, 10.4.2016 13:06, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10.4.2016 13:06, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10.4.2016 13:07, SYSTEM, MILAN-PC, Protection, Refresh, Success,
Protection, 10.4.2016 13:07, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.4.2016 13:07, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Started,
Scan, 10.4.2016 13:50, SYSTEM, MILAN-PC, Manual, Začátek: 10.4.2016 12:21, Doba trvání: 1 hod 28 min 22 s, Vlastní sken, Dokončeno, Detekce malwaru 0, Detekce jiných hrozeb 6,
Protection, 10.4.2016 13:51, SYSTEM, MILAN-PC, Protection, Malware Protection, Starting,
Protection, 10.4.2016 13:51, SYSTEM, MILAN-PC, Protection, Malware Protection, Started,
Protection, 10.4.2016 13:51, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.4.2016 13:52, SYSTEM, MILAN-PC, Protection, Malicious Website Protection, Started,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 10.4.2016
Čas skenování: 12:21
Protokol: malware log 2.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.04.10.01
Databáze rootkitů: v2016.04.09.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Milan

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 464241
Uplynulý čas: 1 hod, 28 min, 22 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BitTorrent, Do karantény, [48e17c31e9b0c67043883aeab94c738d],
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, Do karantény, [3eeb723bd4c5211539a3f33f2ada07f9],
PUP.Optional.BitTorrentControl, HKU\S-1-5-21-3417029144-3067851500-4194244906-1000\SOFTWARE\APPDATALOW\SOFTWARE\BitTorrentControl_v12, Do karantény, [2ffa3974d9c065d1b73f937a3bc9f808],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 3
PUP.Optional.Babylon, C:\AdwCleaner\FileQuarantine\C\Users\Milan\AppData\Roaming\OpenCandy\0DBE7D06901143C99E608041294F7B52\DeltaTB.exe.vir, Do karantény, [d950edc01e7b2c0a2e6e75d4dd243bc5],
PUP.Optional.Conduit, C:\Program Files\BitTorrent\BitTorrent.exe, Do karantény, [48e17c31e9b0c67043883aeab94c738d],
PUP.Optional.CrossRider, C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0.localstorage-journal, Do karantény, [8d9cebc20b8ec1759009c2554cb88977],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

JJ, je to ono
Já bych to uzavřela, a kdyby se náhodou vir ukázal, napište

Moooc dekuji!

Není zač