avast zachytil http://nes0049.ddns.net:83/is-ready

Zpráva

bigron · #1 Příspěvek od **bigron** » 24 čer 2016 08:32

avast zachytil http://ines0049.ddns.net:83/is-ready
Infekce URL:Mal
C:\windows\system32\wscript.exe

neustále vybíhá zablokovaná hrozba

Předem děkuji

FRST text:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by admin (administrator) on NOTEBOOK (24-06-2016 09:20:51)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803496 2011-06-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-11] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [3 2016-06-20] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [windows] => wscript.exe //B "C:\Users\admin\AppData\Local\Temp\windows.vbs" <===== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3510066434-365780922-4255288675-1000\...\Run: [windows] => wscript.exe //B "C:\Users\admin\AppData\Local\Temp\windows.vbs" <===== ATTENTION
HKU\S-1-5-21-3510066434-365780922-4255288675-1000\...\MountPoints2: {c05c0eb7-1ded-11e6-aa66-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-20] (AVAST Software)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 88.81.64.1 88.81.92.1
Tcpip\..\Interfaces\{357B8FDD-3C44-4B1F-A190-1054F722C40E}: [DhcpNameServer] 88.81.64.1 88.81.92.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-20] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-20] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://google.cz/
CHR StartupUrls: Default -> "hxxp://hbogo.cz/"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Google Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-20] (AVAST Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-20] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-16] (Sonix Tech. Co., Ltd.)
U3 DfSdkS; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-24 09:20 - 2016-06-24 09:21 - 00010675 _____ C:\Users\admin\Desktop\FRST.txt
2016-06-24 09:20 - 2016-06-24 09:20 - 00000000 ____D C:\FRST
2016-06-24 09:17 - 2016-06-24 09:17 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher.exe
2016-06-24 09:14 - 2016-06-24 09:14 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Downloads\Unconfirmed 557478.crdownload
2016-06-24 09:11 - 2016-06-24 09:11 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Downloads\Unconfirmed 266365.crdownload
2016-06-24 09:09 - 2016-06-24 09:09 - 02387456 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2016-06-24 09:05 - 2016-06-24 09:07 - 00000000 ____D C:\ProgramData\Smarty Uninstaller 4
2016-06-24 09:05 - 2016-06-24 09:05 - 00000000 ____D C:\ProgramData\Isolated Storage
2016-06-24 08:57 - 2016-06-24 08:57 - 00000000 ____D C:\Users\admin\AppData\Roaming\KSafe
2016-06-24 08:57 - 2016-06-24 08:57 - 00000000 ____D C:\ProgramData\KSafe
2016-06-24 08:38 - 2016-06-24 08:38 - 00109680 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-24 08:32 - 2016-06-24 08:32 - 00000902 _____ C:\Users\Public\Desktop\One-Click-Optimizer (WO12).lnk
2016-06-24 08:32 - 2016-06-24 08:32 - 00000714 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 12.lnk
2016-06-24 08:32 - 2016-06-24 08:32 - 00000214 _____ C:\Users\Public\Desktop\My Software Deals.url
2016-06-24 08:32 - 2016-06-24 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-06-24 08:32 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\Windows\system32\DfSdkBt.exe
2016-06-24 08:31 - 2016-06-24 08:31 - 00000000 ____D C:\ProgramData\Ashampoo
2016-06-24 08:28 - 2016-06-24 08:28 - 00000000 ____D C:\Users\admin\Downloads\Ashampoo-WinOptimizer-12.00.45
2016-06-24 08:28 - 2016-06-24 08:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\WinRAR
2016-06-24 08:28 - 2016-06-24 08:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-24 08:28 - 2016-06-24 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-22 17:14 - 2016-06-22 17:23 - 00001409 _____ C:\Users\admin\.youtube-upload-credentials.json
2016-06-22 06:54 - 2016-06-22 06:56 - 00000000 ____D C:\Users\admin\Desktop\intranet
2016-06-22 06:41 - 2016-06-22 06:56 - 00000000 ____D C:\Users\admin\Desktop\Model Box
2016-06-21 18:38 - 2016-06-21 18:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2016-06-21 18:35 - 2016-06-21 18:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-06-21 18:35 - 2016-06-21 18:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-06-20 20:02 - 2016-06-20 20:02 - 00001143 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2016-06-20 20:02 - 2016-06-20 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-06-20 20:01 - 2016-06-20 20:01 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-06-20 19:57 - 2016-06-22 17:12 - 00009425 _____ C:\Users\admin\Documents\starburn.txt
2016-06-20 19:57 - 2016-06-20 19:57 - 00000000 ____D C:\ProgramData\Wondershare
2016-06-20 19:56 - 2016-06-20 19:56 - 00000000 ____D C:\Users\admin\AppData\Local\Wondershare
2016-06-20 19:55 - 2016-06-20 19:58 - 00000000 ____D C:\Users\admin\Documents\Wondershare Filmora
2016-06-20 19:55 - 2016-06-20 19:55 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2016-06-15 18:44 - 2016-06-15 18:46 - 00067584 ___SH C:\Users\admin\Downloads\Thumbs.db
2016-06-14 20:00 - 2016-06-14 20:01 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2016-06-14 20:00 - 2016-06-14 20:00 - 00000000 ____D C:\Users\admin\AppData\Local\Apple Computer
2016-06-14 19:59 - 2016-06-14 19:59 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-06-14 19:59 - 2016-06-14 19:59 - 00001440 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-14 19:59 - 2016-06-14 19:59 - 00000000 ____D C:\Users\admin\AppData\Local\Apple
2016-06-14 19:59 - 2016-06-14 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-14 19:59 - 2016-06-14 19:59 - 00000000 ____D C:\ProgramData\Apple Computer
2016-06-14 19:59 - 2016-06-14 19:59 - 00000000 ____D C:\Program Files\iPod
2016-06-14 19:59 - 2016-06-14 19:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-14 19:59 - 2016-06-14 19:59 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-06-14 19:58 - 2016-06-14 19:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-14 19:58 - 2016-06-14 19:58 - 00000000 ____D C:\Program Files\Bonjour
2016-06-14 19:58 - 2016-06-14 19:58 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-06-14 19:57 - 2016-06-14 19:59 - 00000000 ____D C:\ProgramData\Apple
2016-06-14 19:04 - 2016-06-14 18:57 - 36046527 ____N C:\Users\admin\Downloads\IMG_4370.MOV
2016-06-14 19:04 - 2016-06-14 18:39 - 47210936 ____N C:\Users\admin\Downloads\IMG_4369.MOV
2016-06-14 19:04 - 2016-06-14 17:39 - 63580214 ____N C:\Users\admin\Downloads\IMG_4367.MOV
2016-06-14 19:04 - 2016-06-14 17:39 - 34270298 ____N C:\Users\admin\Downloads\IMG_4368.MOV
2016-06-14 19:04 - 2016-06-14 17:38 - 49100629 ____N C:\Users\admin\Downloads\IMG_4366.MOV
2016-06-14 19:04 - 2016-06-14 17:36 - 33413091 ____N C:\Users\admin\Downloads\IMG_4365.MOV
2016-06-14 19:04 - 2016-06-14 17:35 - 38563544 ____N C:\Users\admin\Downloads\IMG_4363.MOV
2016-06-14 19:04 - 2016-06-14 17:35 - 06954629 ____N C:\Users\admin\Downloads\IMG_4364.MOV
2016-06-14 19:04 - 2016-06-14 17:28 - 55688097 ____N C:\Users\admin\Downloads\IMG_4362.MOV
2016-06-14 19:04 - 2016-06-14 17:24 - 74756875 ____N C:\Users\admin\Downloads\IMG_4361.MOV
2016-06-14 19:00 - 2016-06-14 19:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-06-13 19:23 - 2016-06-13 19:23 - 00000000 ____D C:\Users\admin\SkyDrive
2016-06-13 18:12 - 2016-06-13 18:12 - 00000000 ____D C:\$SysReset
2016-06-12 21:23 - 2016-06-23 11:06 - 00000000 ____D C:\Users\admin\Documents\Soubory aplikace Outlook
2016-06-12 17:43 - 2016-06-12 17:43 - 00000000 ____D C:\Users\admin\Documents\Složka Bluetooth Exchange
2016-06-11 14:59 - 2016-06-11 14:55 - 03534552 _____ C:\Users\admin\Desktop\WinRAR.v5.30 Final (x86x64) Incl Key [4realtorrentz].zip
2016-06-11 14:44 - 2016-06-11 14:44 - 00000778 _____ C:\Users\admin\Desktop\Smarty Uninstaller 4.lnk
2016-06-11 11:56 - 2016-06-13 19:23 - 00000000 ____D C:\Users\admin\Documents\Bluetooth
2016-06-11 11:22 - 2016-06-11 11:22 - 00002658 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-09 23:18 - 2016-06-09 23:18 - 00008192 _____ C:\Windows\system32\config\userdiff
2016-06-09 21:17 - 2016-06-13 18:25 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-09 21:17 - 2016-06-09 22:46 - 00010449 _____ C:\Windows\diagerr.xml
2016-06-09 21:17 - 2016-06-09 22:46 - 00009528 _____ C:\Windows\diagwrn.xml
2016-06-09 21:14 - 2016-06-13 18:24 - 00000066 _____ C:\Windows\progress.ini
2016-06-09 20:52 - 2016-06-13 19:17 - 00000000 ____D C:\Windows\system32\appmgmt
2016-06-09 20:49 - 2016-06-09 22:49 - 00000000 ____D C:\Windows10Upgrade
2016-06-09 20:49 - 2016-06-09 22:48 - 00000000 ___HD C:\$GetCurrent
2016-06-09 20:49 - 2016-06-09 20:49 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník při upgradu na Windows 10.lnk
2016-06-09 20:49 - 2016-06-09 20:49 - 00000682 _____ C:\Users\admin\Desktop\Pomocník při upgradu na Windows 10.lnk
2016-06-02 16:49 - 2016-06-02 16:49 - 00000000 ____D C:\ProgramData\GRETECH
2016-06-02 16:20 - 2016-06-02 16:20 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Adobe
2016-06-02 16:20 - 2016-06-02 16:20 - 00000000 ____D C:\Users\admin\AppData\Local\CEF
2016-06-02 16:18 - 2016-06-13 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2016-06-02 16:18 - 2016-06-02 16:18 - 00001209 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-06-02 16:18 - 2016-06-02 16:18 - 00001185 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-06-02 16:18 - 2016-06-02 16:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\GRETECH
2016-06-02 16:18 - 2016-06-02 16:18 - 00000000 ____D C:\Program Files (x86)\GRETECH

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-24 08:43 - 2016-05-20 08:22 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-24 08:41 - 2016-05-20 08:30 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-24 08:41 - 2016-05-20 08:30 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-24 08:35 - 2016-05-20 08:22 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-24 08:35 - 2016-05-20 08:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-24 08:35 - 2016-05-20 07:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2016-06-24 08:35 - 2016-05-19 21:15 - 00000000 ____D C:\Windows\Panther
2016-06-24 08:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-24 08:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-24 08:23 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-24 08:23 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-24 08:17 - 2016-05-20 13:44 - 00000318 _____ C:\Windows\Tasks\AutoKMS.job
2016-06-22 17:14 - 2016-05-19 20:27 - 00000000 ____D C:\Users\admin
2016-06-22 13:10 - 2009-07-14 17:18 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-06-22 13:10 - 2009-07-14 17:18 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-06-22 13:10 - 2009-07-14 07:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-21 21:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-21 18:38 - 2016-05-20 13:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-21 18:38 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-06-20 19:56 - 2009-07-14 06:57 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-20 18:21 - 2016-05-20 08:31 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-20 18:21 - 2016-05-20 08:31 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-13 20:35 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-13 19:17 - 2016-05-20 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-06-13 19:17 - 2016-05-20 08:27 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-06-13 19:17 - 2016-05-20 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-13 19:17 - 2016-05-20 08:17 - 00000000 ____D C:\Windows\SysWOW64\SDA
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\2C0A
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0C0A
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0C04
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0816
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0804
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0424
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\041F
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\041E
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\041D
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\041B
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0419
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0416
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0415
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0414
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0413
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0412
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0411
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0410
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\040E
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\040D
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\040C
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\040B
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\040A
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0408
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0407
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0406
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0405
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0404
2016-06-13 19:17 - 2016-05-20 08:04 - 00000000 ____D C:\Windows\system32\0401
2016-06-13 19:17 - 2016-05-19 22:02 - 00000000 ____D C:\Windows\system32\SPReview
2016-06-13 19:17 - 2016-05-19 22:02 - 00000000 ____D C:\Windows\system32\EventProviders
2016-06-13 19:17 - 2009-07-14 17:37 - 00000000 ____D C:\Windows\ShellNew
2016-06-13 19:17 - 2009-07-14 17:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-06-13 19:17 - 2009-07-14 17:18 - 00000000 ____D C:\Windows\system32\0409
2016-06-13 19:17 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2016-06-13 19:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-06-13 19:17 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-13 19:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-13 17:43 - 2016-05-20 13:44 - 00151552 _____ C:\Windows\KMSEmulator.exe
2016-06-13 17:38 - 2016-05-19 21:21 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-11 12:51 - 2016-05-19 20:27 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2016-06-09 22:45 - 2016-05-20 13:44 - 00003038 _____ C:\Windows\System32\Tasks\AutoKMS
2016-06-09 22:45 - 2016-05-20 08:30 - 00004058 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-09 22:45 - 2016-05-20 08:30 - 00003806 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-09 22:45 - 2016-05-20 08:29 - 00004000 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1463725754
2016-06-09 22:45 - 2016-05-20 08:27 - 00004292 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-09 22:45 - 2016-05-20 08:22 - 00003962 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-09 22:45 - 2016-05-20 08:11 - 00003416 _____ C:\Windows\System32\Tasks\{1EE643B7-0973-436A-B2EC-4C8B24C2394E}
2016-06-09 22:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2016-06-09 22:41 - 2016-05-20 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-06-09 21:27 - 2016-05-20 08:30 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2016-06-09 20:53 - 2016-05-20 08:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-06-09 20:51 - 2016-05-20 08:36 - 00000000 ____D C:\Program Files\VideoLAN
2016-06-02 16:20 - 2016-05-20 08:22 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2016-06-02 16:20 - 2016-05-20 08:20 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2016-06-01 18:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat

==================== Files in the root of some directories =======

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\ose00000.exe
C:\Users\admin\AppData\Local\Temp\ose00001.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-13 18:54

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:58.79 GB) (Free:22.16 GB) NTFS
Drive d: () (Fixed) (Total:406.87 GB) (Free:402.08 GB) NTFS
Drive e: (OFFICE14 SP1 CZ ALL x86) (CDROM) (Total:1.82 GB) (Free:0 GB) UDF

Available physical RAM: 2365.45 MB
Total physical RAM: 4030.37 MB
Percentage of memory in use: 41%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9CB9F250)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=406.9 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\admin\Desktop" je 10 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **JaRon** » 24 čer 2016 09:15

ahoj,
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start

Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()
HKU\S-1-5-21-3510066434-365780922-4255288675-1000\...\Run: [windows] => wscript.exe //B "C:\Users\admin\AppData\Local\Temp\windows.vbs" <===== ATTENTION
HKLM-x32\...\Run: [windows] => wscript.exe //B "C:\Users\admin\AppData\Local\Temp\windows.vbs" <===== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe



EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

bigron · #3 Příspěvek od **bigron** » 24 čer 2016 09:27

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by admin (2016-06-24 10:16:37) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2016-05-03] ()
HKU\S-1-5-21-3510066434-365780922-4255288675-1000\...\Run: [windows] => wscript.exe //B "C:\Users\admin\AppData\Local\Temp\windows.vbs" <===== ATTENTION
HKLM-x32\...\Run: [windows] => wscript.exe //B "C:\Users\admin\AppData\Local\Temp\windows.vbs" <===== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

EmptyTemp:
Reboot:
End
*****************

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs => moved successfully
HKU\S-1-5-21-3510066434-365780922-4255288675-1000\Software\Microsoft\Windows\CurrentVersion\Run\\windows => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\windows => value removed successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12348922 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 19492032 B
Edge => 0 B
Chrome => 391597459 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58575877 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 66228 B
admin => 71412161 B

RecycleBin => 459269075 B
EmptyTemp: => 978 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 10:16:43 ====

#4 Příspěvek od **JaRon** » 24 čer 2016 09:46

po restarte, vycisti registre CCleanerom a napis, ci su este nejake problemy

bigron · #5 Příspěvek od **bigron** » 24 čer 2016 10:42

Ahoj, děkuji za pomoc, ale i při dodržení všech pokynů mi Avast hlásí stále to samé.

#6 Příspěvek od **JaRon** » 24 čer 2016 10:58

vycisti PC s mbam

bigron · #7 Příspěvek od **bigron** » 24 čer 2016 12:15

Děkuji za pomoc. Anti malware to vyčistil. Pošlu něco přes PayPal.

#8 Příspěvek od **JaRon** » 24 čer 2016 12:28

rado sa stalo - dakujeme

VIRY.CZ

avast zachytil http://nes0049.ddns.net:83/is-ready

avast zachytil http://nes0049.ddns.net:83/is-ready

Re: avast zachytil http://nes0049.ddns.net:83/is-ready

Re: avast zachytil http://nes0049.ddns.net:83/is-ready

Re: avast zachytil http://nes0049.ddns.net:83/is-ready

Re: avast zachytil http://nes0049.ddns.net:83/is-ready

Re: avast zachytil http://nes0049.ddns.net:83/is-ready

Re: avast zachytil http://nes0049.ddns.net:83/is-ready

Re: avast zachytil http://nes0049.ddns.net:83/is-ready