Prosím o kontrolu

[Bruce]

Dobrý večer,

poprosil bych o kontrolu logu, kolega má nějaké to trápení s počítačem, údajné zamrzání apod..

HijackThis nešel bohužel na jeho pc spustit a tak přikládáme log z FRST:




FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014
Ran by Milan (administrator) on MILAN-PC on 05-02-2014 19:48:31
Running from C:\Users\Milan\Desktop
Microsoft Windows 7 Ultimate (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) ===================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\Milan\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [36352 2007-10-10] ()
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [94208 2006-04-29] (Elaborate Bytes AG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-11-07] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296096 2012-07-22] (RealNetworks, Inc.)
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3813200 2014-01-23] (LogMeIn Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3080264 2011-09-22] (ESET)
HKU\S-1-5-21-1928382850-24487426-3158694640-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4763008 2012-11-01] (SUPERAntiSpyware.com)
HKU\S-1-5-21-1928382850-24487426-3158694640-1000\...\Run: [HydraVisionDesktopManager] - C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-16] (AMD)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {0938B271-5654-478B-BF05-AC6A474C8BF0} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {133EF90A-31FF-4003-AE97-9FB60FAD48E5} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {31B0E63B-E6A5-45A3-A53C-62D91F292A43} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {963AEC39-D5CD-49B5-8439-15DF4C79D764} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKCU - {9894743E-AA82-48AA-AF33-E41C27EAFE77} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {CE6CEA6C-C44D-42F0-A664-F7112017EE5B} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {E6D5992E-46E7-4B1E-BFE8-862C1C9675EB} URL = http://www.firmy.cz/phr/{searchTerms}?s ... arch_13415
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopcast.com/download/SOPCORE.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://77.95.196.129/activex/AMC.cab
DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} http://gate.muotrokovice.cz:8080/plugin ... ontrol.cab
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [974944 2011-09-22] (ESET)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1677136 2014-01-23] (LogMeIn Inc.)
S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-12-13] (LogMeIn, Inc.)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2013-11-23] ()

==================== Drivers (Whitelisted) ====================

S3 busenum; C:\Windows\System32\DRIVERS\SteelBus.sys [110464 2012-11-12] (SteelSeries Corporation)
S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
S2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [8064 2006-04-22] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [4608 2005-04-12] (Elaborate Bytes AG)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2011-08-04] (ESET)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 OmniUsb; C:\Windows\System32\DRIVERS\OmniUsb.sys [28640 2005-09-22] (Ideazon)
R3 OmniUsbl; C:\Windows\System32\DRIVERS\OmniUsbl.sys [8160 2005-09-22] (Ideazon)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham.sys [34304 2012-10-15] (SteelSeries Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2011-07-18] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 19:48 - 2014-02-05 19:48 - 00008679 _____ () C:\Users\Milan\Desktop\FRST.txt
2014-02-05 19:47 - 2014-02-05 19:48 - 00000000 ____D () C:\FRST
2014-02-05 19:44 - 2014-02-05 19:44 - 01139200 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2014-02-05 19:23 - 2014-02-05 19:23 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Desktop\FRSTLauncher.exe
2014-02-05 18:53 - 2014-02-05 19:22 - 00000000 ____D () C:\Program Files\trend micro
2014-02-05 18:53 - 2014-02-05 18:55 - 00781909 _____ () C:\Users\Milan\Desktop\RSIT.exe
2014-02-05 18:53 - 2014-02-05 18:53 - 00000000 ____D () C:\rsit
2014-02-03 20:24 - 2014-02-03 20:24 - 00001038 _____ () C:\Users\Milan\Desktop\deadspace2.lnk
2014-02-02 14:18 - 2014-02-02 14:18 - 00000000 ____D () C:\Users\Milan\Documents\EA Games
2014-02-02 14:17 - 2014-02-02 14:17 - 00000000 ____D () C:\Users\Milan\AppData\Local\EA Games
2014-01-31 19:39 - 2014-01-31 19:39 - 00000000 ____D () C:\Users\Milan\AppData\Local\ESET
2014-01-31 17:18 - 2014-01-31 17:18 - 00000000 ____D () C:\ProgramData\ESET
2014-01-31 17:18 - 2014-01-31 17:18 - 00000000 ____D () C:\Program Files\ESET
2014-01-29 20:54 - 2014-01-29 20:54 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-01-29 20:54 - 2009-03-18 17:35 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-01-29 20:53 - 2014-02-05 19:05 - 00001288 _____ () C:\Windows\setupact.log
2014-01-29 20:53 - 2014-01-31 18:26 - 00000844 _____ () C:\Windows\PFRO.log
2014-01-29 20:53 - 2014-01-29 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-29 18:45 - 2014-01-29 18:45 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\eCyber
2014-01-29 18:26 - 2014-01-29 19:27 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\iSafe
2014-01-29 17:21 - 2014-01-29 18:24 - 00000000 ____D () C:\Users\Milan\AppData\Local\WebPlayer
2014-01-25 19:43 - 2014-01-25 23:25 - 557082754 _____ () C:\Users\Milan\Downloads\Kasimir-retro-pornofilm.avi
2014-01-25 19:38 - 2014-01-25 19:40 - 33307685 _____ () C:\Users\Milan\Downloads\1677085_retro_annette_haven.flv
2014-01-25 17:14 - 2014-01-25 17:17 - 57796387 _____ () C:\Users\Milan\Downloads\ebony-slut-gets-pussy-creampie-xfactorplus-com-pres-MultiLoad.cz.wmv
2014-01-25 16:58 - 2014-01-25 17:13 - 36501487 _____ () C:\Users\Milan\Downloads\-Woman-HD-18years-ebony-black-creampie-insemination-inseminated-oplodneni-oplodnena-teen-cum-inside-vaginal-creampied-vaginal-pregnant-sperm-young-por-xxx-sex.mp4
2014-01-24 17:46 - 2014-01-24 18:01 - 251962990 _____ () C:\Users\Milan\Downloads\Ebony-Babe-Fucks-In-Crotchless-Panties.avi
2014-01-22 09:55 - 2014-01-22 10:09 - 243736576 ____H () C:\Users\Milan\Downloads\Kirsty_Waay_&_Peter_North_-_Mickey_Ray's_Sex_Search_4_Long_and_Hard.avi
2014-01-22 09:30 - 2014-01-22 09:32 - 36509696 ____H () C:\Users\Milan\Downloads\hot-asian-girl-getting-fucked-porno-sex-xxx-erotika-přes-MultiLoad.cz.mpg
2014-01-22 09:22 - 2014-01-22 09:23 - 35421788 ____H () C:\Users\Milan\Downloads\Prison-Warden-Pimps-Out-A-Young-Asian-Inmate.flv
2014-01-20 21:42 - 2014-02-05 19:15 - 00000000 ____D () C:\Users\Milan\AppData\Local\LogMeIn Hamachi
2014-01-20 21:42 - 2014-01-20 21:42 - 00000000 ____D () C:\Users\Milan\AppData\Local\LogMeIn
2014-01-20 21:42 - 2014-01-20 21:42 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-01-20 21:39 - 2014-01-20 21:39 - 12292798 _____ () C:\Users\Milan\Downloads\hamachi-setup.exe
2014-01-19 00:51 - 2014-01-19 01:07 - 94568877 ____H () C:\Users\Milan\Downloads\WifeCrazy_den_mother_hi.wmv
2014-01-19 00:44 - 2014-01-19 00:51 - 30586058 ____H () C:\Users\Milan\Downloads\Sexy-Mom-Fucks-Young-Guy-mature-mature-porn-granny-old-cumshots-cumshot.flv
2014-01-19 00:13 - 2014-01-19 00:34 - 90297806 ____H () C:\Users\Milan\Downloads\Syn-znasilní-svou-mámu-CZ--incest--xxx-.avi

==================== One Month Modified Files and Folders =======

2014-02-05 19:48 - 2014-02-05 19:48 - 00008679 _____ () C:\Users\Milan\Desktop\FRST.txt
2014-02-05 19:48 - 2014-02-05 19:47 - 00000000 ____D () C:\FRST
2014-02-05 19:44 - 2014-02-05 19:44 - 01139200 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2014-02-05 19:23 - 2014-02-05 19:23 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Desktop\FRSTLauncher.exe
2014-02-05 19:22 - 2014-02-05 18:53 - 00000000 ____D () C:\Program Files\trend micro
2014-02-05 19:15 - 2014-01-20 21:42 - 00000000 ____D () C:\Users\Milan\AppData\Local\LogMeIn Hamachi
2014-02-05 19:06 - 2013-02-21 18:24 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 19:05 - 2014-01-29 20:53 - 00001288 _____ () C:\Windows\setupact.log
2014-02-05 19:05 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 18:55 - 2014-02-05 18:53 - 00781909 _____ () C:\Users\Milan\Desktop\RSIT.exe
2014-02-05 18:53 - 2014-02-05 18:53 - 00000000 ____D () C:\rsit
2014-02-04 23:34 - 2012-10-01 16:31 - 01580061 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 23:19 - 2012-08-11 14:12 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 23:01 - 2013-02-21 18:24 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 20:19 - 2012-04-17 15:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-04 20:19 - 2011-07-17 19:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 19:57 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 19:57 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 19:04 - 2012-12-22 19:23 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-02-04 19:04 - 2012-12-22 19:23 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-02-04 18:28 - 2011-07-29 15:58 - 00000000 ____D () C:\Users\Milan\AppData\Local\CrashDumps
2014-02-03 23:24 - 2011-07-18 17:17 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\vlc
2014-02-03 20:24 - 2014-02-03 20:24 - 00001038 _____ () C:\Users\Milan\Desktop\deadspace2.lnk
2014-02-02 14:44 - 2011-07-18 17:32 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\uTorrent
2014-02-02 14:18 - 2014-02-02 14:18 - 00000000 ____D () C:\Users\Milan\Documents\EA Games
2014-02-02 14:17 - 2014-02-02 14:17 - 00000000 ____D () C:\Users\Milan\AppData\Local\EA Games
2014-02-01 10:29 - 2011-08-14 10:25 - 00000000 ____D () C:\Users\Milan\AppData\Local\Adobe
2014-01-31 19:39 - 2014-01-31 19:39 - 00000000 ____D () C:\Users\Milan\AppData\Local\ESET
2014-01-31 18:26 - 2014-01-29 20:53 - 00000844 _____ () C:\Windows\PFRO.log
2014-01-31 17:18 - 2014-01-31 17:18 - 00000000 ____D () C:\ProgramData\ESET
2014-01-31 17:18 - 2014-01-31 17:18 - 00000000 ____D () C:\Program Files\ESET
2014-01-31 16:46 - 2011-07-18 17:19 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Winamp
2014-01-31 16:05 - 2011-07-17 12:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-31 16:05 - 2011-07-17 12:38 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-01-29 20:54 - 2014-01-29 20:54 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-01-29 20:53 - 2014-01-29 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-29 19:27 - 2014-01-29 18:26 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\iSafe
2014-01-29 18:45 - 2014-01-29 18:45 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\eCyber
2014-01-29 18:27 - 2011-07-17 12:09 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-29 18:24 - 2014-01-29 17:21 - 00000000 ____D () C:\Users\Milan\AppData\Local\WebPlayer
2014-01-27 16:33 - 2009-07-14 05:53 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-25 23:25 - 2014-01-25 19:43 - 557082754 _____ () C:\Users\Milan\Downloads\Kasimir-retro-pornofilm.avi
2014-01-25 19:40 - 2014-01-25 19:38 - 33307685 _____ () C:\Users\Milan\Downloads\1677085_retro_annette_haven.flv
2014-01-25 17:17 - 2014-01-25 17:14 - 57796387 _____ () C:\Users\Milan\Downloads\ebony-slut-gets-pussy-creampie-xfactorplus-com-pres-MultiLoad.cz.wmv
2014-01-25 17:13 - 2014-01-25 16:58 - 36501487 _____ () C:\Users\Milan\Downloads\-Woman-HD-18years-ebony-black-creampie-insemination-inseminated-oplodneni-oplodnena-teen-cum-inside-vaginal-creampied-vaginal-pregnant-sperm-young-por-xxx-sex.mp4
2014-01-24 18:01 - 2014-01-24 17:46 - 251962990 _____ () C:\Users\Milan\Downloads\Ebony-Babe-Fucks-In-Crotchless-Panties.avi
2014-01-22 10:09 - 2014-01-22 09:55 - 243736576 ____H () C:\Users\Milan\Downloads\Kirsty_Waay_&_Peter_North_-_Mickey_Ray's_Sex_Search_4_Long_and_Hard.avi
2014-01-22 09:32 - 2014-01-22 09:30 - 36509696 ____H () C:\Users\Milan\Downloads\hot-asian-girl-getting-fucked-porno-sex-xxx-erotika-přes-MultiLoad.cz.mpg
2014-01-22 09:23 - 2014-01-22 09:22 - 35421788 ____H () C:\Users\Milan\Downloads\Prison-Warden-Pimps-Out-A-Young-Asian-Inmate.flv
2014-01-21 16:43 - 2009-07-14 05:33 - 00296704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-20 22:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-20 21:42 - 2014-01-20 21:42 - 00000000 ____D () C:\Users\Milan\AppData\Local\LogMeIn
2014-01-20 21:42 - 2014-01-20 21:42 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-01-20 21:39 - 2014-01-20 21:39 - 12292798 _____ () C:\Users\Milan\Downloads\hamachi-setup.exe
2014-01-20 20:44 - 2011-09-18 09:59 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-20 20:22 - 2011-07-17 12:16 - 00063480 _____ () C:\Users\Milan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-20 18:38 - 2011-08-01 17:50 - 00000000 ____D () C:\Users\Milan\Documents\My Games
2014-01-19 01:07 - 2014-01-19 00:51 - 94568877 ____H () C:\Users\Milan\Downloads\WifeCrazy_den_mother_hi.wmv
2014-01-19 00:51 - 2014-01-19 00:44 - 30586058 ____H () C:\Users\Milan\Downloads\Sexy-Mom-Fucks-Young-Guy-mature-mature-porn-granny-old-cumshots-cumshot.flv
2014-01-19 00:34 - 2014-01-19 00:13 - 90297806 ____H () C:\Users\Milan\Downloads\Syn-znasilní-svou-mámu-CZ--incest--xxx-.avi

Files to move or delete:
====================
C:\ProgramData\lsass.exe
C:\ProgramData\netdislw.pad


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-30 19:14




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:298.08 GB) (Free:175.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Místní disk) (Fixed) (Total:298.09 GB) (Free:22.28 GB) NTFS

Available physical RAM: 1575.54 MB
Total physical RAM: 2047.12 MB
Percentage of memory in use: 23%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0F320F31)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
Disk: 1 (Size: 298 GB) (Disk ID: 0088A1B0)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF

==================== Security Center ==================

AV: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Milan\Desktop" je 11 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================



Děkuji i za kolegu.

[vyosek]

Zdravim

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[Bruce]

Takže první:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.05.09

Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Milan :: MILAN-PC [administrator]

5.2.2014 21:30:47
mbar-log-2014-02-05 (21-30-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 201662
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\lsass.exe (Trojan.Delf) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)





Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.02.05.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Milan :: MILAN-PC [administrátor]

Ochrana: Povolena

5.2.2014 22:01:39
MBAM-log-2014-02-05 (22-44-17).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 292373
Uplynulý čas: 35 minut, 36 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 17
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.Optional.VShareRedir) -> Data: ;áĂzĘ;XAł0öm»Áµ -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.Optional.VShareRedir) -> Data: VShareTB -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.Optional.VShareRedir) -> Data: -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.Optional.VShareRedir) -> Data: -> Nebyla provedena žádná instrukce.
HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Nebyla provedena žádná instrukce.
HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Data: network_marimedia_1 -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.Optional.VShareRedir) -> Nebyla provedena žádná instrukce.
C:\Windows\Setup\SCRIPTS\Windows7Loader.exe (Trojan.Agent.W) -> Nebyla provedena žádná instrukce.
C:\Users\Milan\Downloads\veetle-0.9.18.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

(konec)

[vyosek]

Je mi lito, ale dale nemohu pokracovat - dle pravidel fora se nelegalnimi systemy nezabyvame...

Dam aspon malou radu, nalezy smazte a pak pohledejte AdwCleaner.

[Bruce]

Dobře, děkujeme za pomoc.

Kolega hlásil už nějaké to zlepšení

[vyosek]

Nemate zac

A na zaklade Pravidla o zamykani temat