Dobrý den,
prosím o kontrolu logu. Počítač je zpomalený, pravděpodobně s nedostatku paměti, ale pro kontrolu se chci ujistit, že v něm není vir.
Tady je log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Verca at 2013-12-15 10:53:30
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 255 GB (87%) free of 292 GB
Total RAM: 1012 MB (6% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:26 AM, on 12/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\taskmgr.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Verca\Downloads\RSIT (2).exe
C:\Program Files\trend micro\Verca.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120718013317.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GfxServiceInstall] C:\Windows\system32\GfxCUIServiceInstall.vbs
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Verca\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 10500 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Acer Registration - Reminder Recall task.job
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1174890330-338545365-3989712098-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1174890330-338545365-3989712098-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120718013317.dll [2012-02-22 79744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2013-10-02 250896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D381FF29-7CFB-4D4E-B92A-C4EDDC696614}]
Windows 7 Starter Helper - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll [2009-12-09 137904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo - C:\Program Files\Yontoo\YontooIEClient.dll [2012-10-24 194928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2013-10-02 250896]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2013-01-14 1278064]
"SuiteTray"=C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-09-20 341360]
"Norton Online Backup"=C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 966488]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-07-06 142144]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-07-06 175936]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-07-06 168256]
"GfxServiceInstall"=C:\Windows\system32\GfxCUIServiceInstall.vbs [2012-06-27 131]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2011-07-01 1103440]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2012-05-02 2193744]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2012-01-10 10959464]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2012-02-08 714120]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-07-25 20684656]
"Facebook Update"=C:\Users\Verca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-29 138096]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-06-27 224768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-12-15 10:37:33 ----D---- C:\Program Files\TeamViewer
======List of files/folders modified in the last 1 month======
2013-12-15 10:55:26 ----D---- C:\Program Files\trend micro
2013-12-15 10:54:29 ----D---- C:\Windows\Temp
2013-12-15 10:38:28 ----D---- C:\Windows\system32\Tasks
2013-12-15 10:38:12 ----RSD---- C:\Windows\Fonts
2013-12-15 10:38:03 ----D---- C:\Windows\Prefetch
2013-12-15 10:37:33 ----D---- C:\Program Files
2013-12-15 10:31:21 ----D---- C:\Users\Verca\AppData\Roaming\Skype
2013-12-15 10:28:00 ----D---- C:\Windows\Minidump
2013-12-15 10:27:57 ----D---- C:\Windows
2013-12-14 18:13:11 ----SHD---- C:\System Volume Information
2013-12-14 10:51:25 ----D---- C:\Windows\system32\config
2013-12-08 22:35:16 ----SHD---- C:\Windows\Installer
2013-11-24 13:31:26 ----D---- C:\Windows\System32
2013-11-24 13:31:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-24 13:31:24 ----D---- C:\Windows\inf
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-06 354840]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2012-12-26 565416]
R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2012-12-26 210168]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2012-07-18 21600]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2012-07-18 16936]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-07-18 62240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2012-01-20 2231808]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2012-12-26 60480]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2012-05-02 225616]
R3 igddim32;igddim32; C:\Windows\system32\DRIVERS\igddim32.sys [2012-06-27 1349120]
R3 igdkmd32;igdkmd32; C:\Windows\system32\DRIVERS\igdkmd32.sys [2012-06-27 435200]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2012-01-10 3932584]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-06-09 278528]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2012-12-26 132976]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2012-12-26 234824]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2012-12-26 362640]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 254056]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 HipShieldK;McAfee Inc. HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [2012-04-20 146872]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2012-12-26 65488]
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2012-12-26 92192]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 BrowserProtect;BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-01-16 2550224]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R2 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 738688]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 IconMan_R;IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 1755136]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-12-26 203400]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-12-26 168880]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2012-12-26 171976]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 NOBU;Norton Online Backup; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2057560]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-02 5316448]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-19 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 253600]
S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-19 116648]
S3 McAWFwk;McAfee Activation Service; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-01-28 203080]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2012-11-16 279048]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 1713536]
S4 McOobeSv;McAfee OOBE Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
-----------------EOF-----------------
Děkuji
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivní kontrola
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivní kontrola
Prosím o kontrolu logu,
děkuji.
děkuji.
Re: Preventivní kontrola
Zdravím, tím že si budeš sám sobě přidávat odpovědi to nijak neurychlíš, ba naopak.
Tohle fixni v HJT :
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Verca\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\Verca.exe
Fix znamená že spustíš HJT
jako admin
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Google Update Service (gupdate)
Google Update Service (gupdatem)
Live Updater Service
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Plánovači úkolů zakaž :
Acer Registration
FacebookUpdate bude to tam několikrát
GoogleUpdate bude to tam několikrát
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Pak použij Mbam z mého podpisu a také mi sem z něj dej log, předem nic nemazat !
Tohle fixni v HJT :
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Verca\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\Verca.exe
Fix znamená že spustíš HJT
jako adminv okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Google Update Service (gupdate)
Google Update Service (gupdatem)
Live Updater Service
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Plánovači úkolů zakaž :
Acer Registration
FacebookUpdate bude to tam několikrát
GoogleUpdate bude to tam několikrát
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Pak použij Mbam z mého podpisu a také mi sem z něj dej log, předem nic nemazat !
Re: Preventivní kontrola
Výsledek AdwCleaneru:
# AdwCleaner v3.017 - Report created 19/01/2014 at 23:05:58
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Verca - VERCA-PC
# Running from : C:\Users\Verca\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : BrowserProtect
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Users\Verca\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Verca\AppData\Roaming\DSite
Folder Deleted : C:\Users\Verca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
File Deleted : C:\Users\Verca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
File Deleted : C:\Users\Verca\Desktop\Qtrax Player.lnk
File Deleted : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\DSite
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96E3E700-8DFE-4597-8987-144A724E3531}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96E3E700-8DFE-4597-8987-144A724E3531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKCU\Software\d57dddee73be810
Key Deleted : HKLM\SOFTWARE\d57dddee73be810
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16446
-\\ Google Chrome v32.0.1700.76
[ File : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5851 octets] - [19/01/2014 23:03:47]
AdwCleaner[S0].txt - [5971 octets] - [19/01/2014 23:05:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6031 octets] ##########
Dal jsem omylem clear, a pak už jsem to nechal radši dokončit. Jinak zde je pouze report z MBAMu:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.19.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Verca :: VERCA-PC [administrator]
1/19/2014 8:05:59 PM
MBAM-log-2014-01-19 (23-02-46).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264776
Time elapsed: 1 hour(s), 52 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> No action taken.
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DSite (PUP.Optional.DigitalSites.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> No action taken.
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> No action taken.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BProtector) -> Bad: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) Good: () -> No action taken.
Folders Detected: 1
C:\Users\Verca\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
Files Detected: 6
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> No action taken.
C:\Program Files\FLVPlayer\FLVPlayer.exe (PUP.Optional.InstallCore) -> No action taken.
C:\Program Files\Yontoo\OptChrome.exe (PUP.Optional.OptChrome.A) -> No action taken.
C:\Users\Verca\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> No action taken.
C:\Users\Verca\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.
(end)
# AdwCleaner v3.017 - Report created 19/01/2014 at 23:05:58
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Verca - VERCA-PC
# Running from : C:\Users\Verca\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : BrowserProtect
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Users\Verca\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Verca\AppData\Roaming\DSite
Folder Deleted : C:\Users\Verca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
File Deleted : C:\Users\Verca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
File Deleted : C:\Users\Verca\Desktop\Qtrax Player.lnk
File Deleted : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\DSite
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96E3E700-8DFE-4597-8987-144A724E3531}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96E3E700-8DFE-4597-8987-144A724E3531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKCU\Software\d57dddee73be810
Key Deleted : HKLM\SOFTWARE\d57dddee73be810
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16446
-\\ Google Chrome v32.0.1700.76
[ File : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5851 octets] - [19/01/2014 23:03:47]
AdwCleaner[S0].txt - [5971 octets] - [19/01/2014 23:05:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6031 octets] ##########
Dal jsem omylem clear, a pak už jsem to nechal radši dokončit. Jinak zde je pouze report z MBAMu:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.19.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Verca :: VERCA-PC [administrator]
1/19/2014 8:05:59 PM
MBAM-log-2014-01-19 (23-02-46).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264776
Time elapsed: 1 hour(s), 52 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> No action taken.
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DSite (PUP.Optional.DigitalSites.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> No action taken.
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> No action taken.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BProtector) -> Bad: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) Good: () -> No action taken.
Folders Detected: 1
C:\Users\Verca\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
Files Detected: 6
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> No action taken.
C:\Program Files\FLVPlayer\FLVPlayer.exe (PUP.Optional.InstallCore) -> No action taken.
C:\Program Files\Yontoo\OptChrome.exe (PUP.Optional.OptChrome.A) -> No action taken.
C:\Users\Verca\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> No action taken.
C:\Users\Verca\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.
(end)
Re: Preventivní kontrola
Výsledek AdwCleaneru:
# AdwCleaner v3.017 - Report created 19/01/2014 at 23:05:58
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Verca - VERCA-PC
# Running from : C:\Users\Verca\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : BrowserProtect
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Users\Verca\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Verca\AppData\Roaming\DSite
Folder Deleted : C:\Users\Verca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
File Deleted : C:\Users\Verca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
File Deleted : C:\Users\Verca\Desktop\Qtrax Player.lnk
File Deleted : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\DSite
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96E3E700-8DFE-4597-8987-144A724E3531}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96E3E700-8DFE-4597-8987-144A724E3531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKCU\Software\d57dddee73be810
Key Deleted : HKLM\SOFTWARE\d57dddee73be810
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16446
-\\ Google Chrome v32.0.1700.76
[ File : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5851 octets] - [19/01/2014 23:03:47]
AdwCleaner[S0].txt - [5971 octets] - [19/01/2014 23:05:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6031 octets] ##########
Dal jsem omylem clear, a pak už jsem to nechal radši dokončit. Jinak zde je pouze report z MBAMu:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.19.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Verca :: VERCA-PC [administrator]
1/19/2014 8:05:59 PM
MBAM-log-2014-01-19 (23-02-46).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264776
Time elapsed: 1 hour(s), 52 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> No action taken.
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DSite (PUP.Optional.DigitalSites.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> No action taken.
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> No action taken.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BProtector) -> Bad: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) Good: () -> No action taken.
Folders Detected: 1
C:\Users\Verca\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
Files Detected: 6
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> No action taken.
C:\Program Files\FLVPlayer\FLVPlayer.exe (PUP.Optional.InstallCore) -> No action taken.
C:\Program Files\Yontoo\OptChrome.exe (PUP.Optional.OptChrome.A) -> No action taken.
C:\Users\Verca\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> No action taken.
C:\Users\Verca\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.
(end)
# AdwCleaner v3.017 - Report created 19/01/2014 at 23:05:58
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Verca - VERCA-PC
# Running from : C:\Users\Verca\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : BrowserProtect
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Users\Verca\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Verca\AppData\Roaming\DSite
Folder Deleted : C:\Users\Verca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
File Deleted : C:\Users\Verca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
File Deleted : C:\Users\Verca\Desktop\Qtrax Player.lnk
File Deleted : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\DSite
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96E3E700-8DFE-4597-8987-144A724E3531}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96E3E700-8DFE-4597-8987-144A724E3531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKCU\Software\d57dddee73be810
Key Deleted : HKLM\SOFTWARE\d57dddee73be810
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16446
-\\ Google Chrome v32.0.1700.76
[ File : C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5851 octets] - [19/01/2014 23:03:47]
AdwCleaner[S0].txt - [5971 octets] - [19/01/2014 23:05:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6031 octets] ##########
Dal jsem omylem clear, a pak už jsem to nechal radši dokončit. Jinak zde je pouze report z MBAMu:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.19.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Verca :: VERCA-PC [administrator]
1/19/2014 8:05:59 PM
MBAM-log-2014-01-19 (23-02-46).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264776
Time elapsed: 1 hour(s), 52 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> No action taken.
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DSite (PUP.Optional.DigitalSites.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> No action taken.
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> No action taken.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BProtector) -> Bad: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) Good: () -> No action taken.
Folders Detected: 1
C:\Users\Verca\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
Files Detected: 6
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> No action taken.
C:\Program Files\FLVPlayer\FLVPlayer.exe (PUP.Optional.InstallCore) -> No action taken.
C:\Program Files\Yontoo\OptChrome.exe (PUP.Optional.OptChrome.A) -> No action taken.
C:\Users\Verca\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> No action taken.
C:\Users\Verca\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Verca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.
(end)
Re: Preventivní kontrola
Máš štěstí, že se AdwCleaner nespletl.scorpion píše:Dal jsem omylem clear, a pak už jsem to nechal radši dokončit
To co našel Mbam nech smazat a pak mi sem dej zase log co z něj vypadne.
Přispějete na provoz fóra?