poprosil bych o kontrolu logu, vyskakují ruské stránky, samy od sebe a ntb se i po vyčištění a přepastování přehřívá ale to bych na viry asi neshazoval ale jistý si nejsem, no uvidíme
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-07-2017
Ran by Mirka (administrator) on PAVILION (05-08-2017 21:28:25)
Running from C:\Users\Mirka\Desktop
Loaded Profiles: Mirka (Available Profiles: Mirka)
Platform: Microsoft Windows 8.1 Pro (Update) (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\stacsv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\AEstSrv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(FinalWire Ltd.) C:\Users\Mirka\Desktop\Aida64 Extreme\aida64.exe
(Ghisler Software GmbH) C:\Utility\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\Mirka\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe
HKU\S-1-5-21-3092850105-3264190426-919869547-1001\...\MountPoints2: {54065daa-e68f-11e3-971b-002186bde8c4} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3092850105-3264190426-919869547-1001\...\MountPoints2: {54065e56-e68f-11e3-971b-002186bde8c4} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3092850105-3264190426-919869547-1001\...\MountPoints2: {54066193-e68f-11e3-971b-002186bde8c4} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3092850105-3264190426-919869547-1001\...\MountPoints2: {540661ff-e68f-11e3-971b-002186bde8c4} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3092850105-3264190426-919869547-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2014-10-29] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6BEB58D3-F5F6-4E9F-9D95-23955B037B15}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BBEBAF7A-F1DA-48E8-9B19-97A992EAB950}: [DhcpNameServer] 192.168.159.1 46.149.113.2
Internet Explorer:
==================
HKU\S-1-5-21-3092850105-3264190426-919869547-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Mirka\AppData\Roaming\Mozilla\Firefox\Profiles\6sv4c8yl.default [2017-08-05]
FF Homepage: Mozilla\Firefox\Profiles\6sv4c8yl.default -> hxxp://www.seznam.cz/
FF Extension: (Adblock Plus) - C:\Users\Mirka\AppData\Roaming\Mozilla\Firefox\Profiles\6sv4c8yl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll [2014-05-30] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default [2017-08-05]
CHR Extension: (Dokumenty Google) - C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-10]
CHR Extension: (Disk Google) - C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-14]
CHR Extension: (YouTube) - C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Vyhledávání Google) - C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Colors of Play) - C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hachknfcgphlhjlhnnepieckaakkkclj [2017-07-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\Mirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-20]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2069936 2017-06-13] (ESET)
S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1432824 2015-09-14] (O&O Software GmbH)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AIDA64Driver; C:\Users\Mirka\AppData\Local\Temp\AIDA64Driver.sys [35344 2017-04-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113512 2017-06-22] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [90656 2017-05-04] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14368 2017-05-04] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [139384 2017-05-04] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [43920 2017-05-04] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [69304 2017-05-04] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [86504 2017-05-04] (ESET)
S3 hwusbfake; C:\Windows\system32\DRIVERS\ewusbfake.sys [100736 2009-07-23] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-05] (Malwarebytes)
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-05 21:28 - 2017-08-05 21:28 - 000010346 _____ C:\Users\Mirka\Desktop\FRST.txt
2017-08-05 21:28 - 2017-08-05 21:20 - 000112640 _____ (forum.viry.cz) C:\Users\Mirka\Desktop\FRSTLauncher.exe
2017-08-05 21:22 - 2017-08-05 21:28 - 000000000 ____D C:\FRST
2017-08-05 21:20 - 2017-08-05 21:19 - 001777664 _____ (Farbar) C:\Users\Mirka\Desktop\FRST.exe
2017-08-05 21:15 - 2017-08-05 21:16 - 000002578 _____ C:\Windows\ntbtlog.txt
2017-08-05 15:58 - 2017-08-05 15:58 - 000000000 ____D C:\Users\Mirka\AppData\Local\ESET
2017-08-05 15:51 - 2017-08-05 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-08-05 15:51 - 2017-08-05 15:51 - 000000000 ____D C:\ProgramData\ESET
2017-08-05 15:51 - 2017-08-05 15:51 - 000000000 ____D C:\Program Files\ESET
2017-07-16 16:33 - 2017-08-05 21:10 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-16 16:33 - 2017-08-01 17:25 - 000074656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-16 16:33 - 2017-07-29 13:08 - 000085400 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-16 16:33 - 2017-07-29 13:08 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-16 16:33 - 2017-07-16 16:33 - 000162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-16 16:33 - 2017-07-16 16:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-16 16:33 - 2017-06-27 12:06 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-16 16:32 - 2017-07-16 16:32 - 000000000 ____D C:\Program Files\Malwarebytes
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-05 21:21 - 2017-07-03 18:57 - 000000000 ____D C:\Users\Mirka\Desktop\CrystalDiskInfo7_0_5
2017-08-05 21:18 - 2013-08-22 09:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-05 21:15 - 2013-08-22 08:21 - 000000000 ____D C:\Windows\inf
2017-08-05 21:08 - 2014-05-28 16:55 - 000000000 ____D C:\Users\Mirka
2017-08-05 15:54 - 2013-08-22 10:17 - 000000000 ___HD C:\Windows\ELAMBKUP
2017-08-05 15:47 - 2013-08-22 08:13 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-08-04 15:56 - 2016-11-14 17:38 - 000000338 _____ C:\Windows\Tasks\HPCeeScheduleForMirka.job
2017-07-29 13:22 - 2013-08-22 10:17 - 000000000 ____D C:\Windows\LiveKernelReports
2017-07-20 16:57 - 2013-08-22 10:17 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-20 16:57 - 2013-08-22 10:17 - 000000000 ____D C:\Windows\AppReadiness
2017-07-16 17:29 - 2014-05-28 17:02 - 001745984 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-16 17:29 - 2013-09-30 05:48 - 000739924 _____ C:\Windows\system32\perfh005.dat
2017-07-16 17:29 - 2013-09-30 05:48 - 000151610 _____ C:\Windows\system32\perfc005.dat
2017-07-16 16:32 - 2016-11-06 11:34 - 000000000 ____D C:\ProgramData\Malwarebytes
==================== Files in the root of some directories =======
2016-07-19 07:41 - 2016-07-19 07:41 - 000000000 _____ () C:\Users\Mirka\AppData\Local\{E0D27E5F-1D05-4B04-8751-A3A11C785607}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-29 13:30
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:297.75 GB) (Free:239.84 GB) NTFS
Drive e: (ESYSRESCUE) (Removable) (Total:1.08 GB) (Free:0.31 GB) FAT32
Available physical RAM: 1246.53 MB
Total physical RAM: 2045.83 MB
Percentage of memory in use: 39%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DFB05FD3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForMirka.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Mirka\Desktop" je 7284 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Přispějete na provoz fóra?