Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Bitcoin viry a další

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Stephano
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 23 čer 2014 12:56

Bitcoin viry a další

#1 Příspěvek od Stephano »

Dobrý den. Včera jsem zjistil, že mám v PC viry. Nemám žádné problémy se zamrzáním, padáním, vyšší hodnotou fyzické paměti ani procesoru.
Ihned jsem začal tuto situaci řešit.

Nejprve jsem nechal PC zkontrolovat free verzí Avast, ten zablokoval 12 virů, některé jsem vymazal po karanténě. Nicméně se mi objevilo šest souborů, které se nacházely v C/Users/Steve Wonder/ Apps/Data/Roaming/OpenCandy. Avast sice napsal, že tyto věci odstranil, avšak v karanéně se nic neobjevil a tlačítko "použít" bylo šede. Jednalo se o nsis.hdr, (2) Deamon Process.exe (1), Mobogenie exe (2), Mogobenie.exe, update a mgAssist.exe. Zbytek složky OpenCandy jsem smazal ručně.

Dál jsem to neřešil. Ovšem když jsem test prováděl, opět se objevil stejný výsledek. Zajímavé bylo, že když jsem test vícekrát zopakoval Avast nic nenahlásil. Většinou to udělá, když zapnu PC.

Pak jsem tedy použil Spyware Terminator Malwarebytes, které sice objevily pár maličkostí, avšak zmíněné soubory Avastu nikoliv. Měl jsem tedy za to, že se jedná o falešný poplach Avastu, a že PC je pokud možno čistý. Spyware Terminator a Malwarebytes již pak nic neobjevovaly (pozn. u všech programů jsem dával celé testy i jednotlivé složky - hlavně inf a Disk C). Jednou jsem zkusil bod obnovení. Následně jsem se dočetl, že bod obnovení by bylo dobré vymazat. Tak jsem jej vymazal a nyní nejsou v PC žádné body obnovení. Ochranu jsem ale zapnul.

Po debatě s jedním správcem tohoto fóra, jsem ještě hledal informace. Např. jak vymazat Deamon Process přes configm přes Startup, tam ale dotyčný soubor nebyl v nabídce. Opět jsem byl trochu nerohodný zda, Avast zbytečně neohlašuje již smazané.

Nakonec jsem zkusil SpyHunter. Ten objevil především toolbary, ale také zmíněné registry Mobogenie. Nemám placenou verzi, takže výsledky nemohu opravit. Nejsem tak zběhlý na vytisknutí logů, chtěl jsem zaslat sceeny, to co vyhodnotil Avast a SpyHunter. Ovšem příloha je moc velká, takže bych obrázky poslal mailem.

Myslím si, že by bylo nejlepší registry (alespoň ručně díky SpyHunteru, který mi ukáže umístnění) vymazat, aby se neobnovovaly. Nemám moc důvěru tam tuto havěť nechávat dlouho. Mám obavu, aby se fuknce PC nezhoršila, nebo aby nemohlo dojít např. k hackingu. Pracuji totiž z domova. Ale jak jsem na začátku napsal, PC zřejmě jde zřejmě bez sebenšího defektů. Reinstalace s novým naformatovaním a vyčištěním disků by byla nejlepší řešení, aby tam toho zbylo co možná nejméně, i když vím, že ani to není na 100%.

Děkuji předem všem, kteří jsou mi ochotni pomoci. Omlouvám se za případné chyby, jsem už trochu unavený, neboť jsem přečetl tuny názorů, návodů a videí :)
Naposledy upravil(a) Stephano dne 24 čer 2014 13:11, celkem upraveno 6 x.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Bitcoin viry a další

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: SpyHunter a SpywareTerminator odinstalujte

:arrow: Zkuste dat log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100 a podivame se na to
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Stephano
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 23 čer 2014 12:56

Re: Bitcoin viry a další

#3 Příspěvek od Stephano »

Scan Tool mám na ploše, ale u launcheru se mi napíše, spojení prerušeno.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Bitcoin viry a další

#4 Příspěvek od vyosek »

Tak spustte jen samotne FRST
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Stephano
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 23 čer 2014 12:56

Re: Bitcoin viry a další

#5 Příspěvek od Stephano »

Hotovo, scenoval jsem vše kromě List BCD, Drivers MB5 a shortcut txt a addition txt. čekám na další instrukce. Děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Steve Wonder (administrator) on STEPHANO on 23-06-2014 21:32:25
Running from C:\Users\Steve Wonder\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) D:\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) D:\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => D:\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-29] (AVAST Software)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.p ... 287514&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.p ... 287514&ir=
SearchScopes: HKCU - URL http://www.trovigo.com/Results.aspx?gd= ... rms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... earchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.p ... 287514&ir=
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60747
SearchScopes: HKCU - {2F4EF942-1B10-410D-A874-9F166C0057C4} URL = http://www.mapy.cz/?query={searchTerms} ... arch_12454
SearchScopes: HKCU - {3B61FB7B-44C8-43E2-8780-C3DDA67BCD6B} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {49404975-8451-409F-BBEF-96BBF48FEF65} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
SearchScopes: HKCU - {53071B66-D0CA-4DBC-AA0B-65AB652EE6E8} URL = http://search.seznam.cz/?q={searchTerms ... arch_12454
SearchScopes: HKCU - {5C9464DB-1570-43B4-AD3C-5FCC41E39FD6} URL = http://www.firmy.cz/phr/{searchTerms}?s ... arch_12454
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {7DCA2735-22C1-4DAB-9C90-62AE2765815F} URL = http://encyklopedie.seznam.cz/search?q= ... arch_12454
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {CF1307E2-6C11-4D86-B024-868439982F64} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Steve Wonder\AppData\Roaming\Mozilla\Firefox\Profiles\uvlmo93m.default
FF SelectedSearchEngine: http://www.trovigo.com/Results.aspx?gd= ... rms}&SSPV=
FF Homepage: www.google.cz/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - D:\Ubisoft\npuplaypc.dll No File
FF Extension: New Tab Homepage - C:\Users\Steve Wonder\AppData\Roaming\Mozilla\Firefox\Profiles\uvlmo93m.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-03-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-21]
FF StartMenuInternet: FIREFOX.EXE - d:\mozilla firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-29] (AVAST Software)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [120136 2012-11-20] (Intel Corporation)
S3 Microsoft Office Groove Audit Service; D:\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-07-19] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2013-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2013-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2013-12-29] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2013-12-29] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-05-20] (GFI Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-02-21] () [File not signed]
U3 ax065zeu; C:\Windows\system32\Drivers\ax065zeu.sys [0 ] (Microsoft Corporation)
S3 AmdLLD; system32\DRIVERS\AmdLLD.sys [X]
R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 21:32 - 2014-06-23 21:32 - 00010861 _____ () C:\Users\Steve Wonder\Desktop\FRST.txt
2014-06-23 21:29 - 2014-06-23 21:32 - 00000000 ____D () C:\FRST
2014-06-23 21:24 - 2014-06-23 21:24 - 01073152 _____ (Farbar) C:\Users\Steve Wonder\Desktop\FRST.exe
2014-06-23 19:36 - 2014-06-23 21:20 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-06-23 19:36 - 2014-06-23 19:36 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-23 12:07 - 2014-06-23 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 11:41 - 2014-06-23 11:41 - 00007597 _____ () C:\Users\Steve Wonder\AppData\Local\Resmon.ResmonCfg
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Roaming\eCyber
2014-06-22 21:01 - 2014-06-22 21:21 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Roaming\iSafe
2014-06-21 23:32 - 2014-06-21 23:32 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Uber Entertainment
2014-06-21 22:04 - 2014-06-18 22:42 - 00000618 _____ () C:\Users\Steve Wonder\Desktop\Prison Architect.lnk
2014-06-21 21:58 - 2014-06-21 21:58 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Introversion
2014-06-15 19:28 - 2014-06-15 19:28 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Adobe
2014-06-11 10:43 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 10:43 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 10:43 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 10:43 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 10:43 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:43 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 10:43 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 10:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 10:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 10:26 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 10:26 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 10:26 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 10:26 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 10:26 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 10:26 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 10:26 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 10:26 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 10:26 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 10:26 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 10:26 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 10:26 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 10:26 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 10:26 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 10:26 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 10:24 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 10:24 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

==================== One Month Modified Files and Folders =======

2014-06-23 21:32 - 2014-06-23 21:32 - 00010861 _____ () C:\Users\Steve Wonder\Desktop\FRST.txt
2014-06-23 21:32 - 2014-06-23 21:29 - 00000000 ____D () C:\FRST
2014-06-23 21:24 - 2014-06-23 21:24 - 01073152 _____ (Farbar) C:\Users\Steve Wonder\Desktop\FRST.exe
2014-06-23 21:20 - 2014-06-23 19:36 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-06-23 21:08 - 2013-02-21 16:34 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 20:28 - 2013-02-21 16:00 - 01467399 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 19:36 - 2014-06-23 19:36 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-23 19:36 - 2013-02-21 16:38 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-06-23 18:26 - 2009-07-14 06:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 18:26 - 2009-07-14 06:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 18:23 - 2010-11-20 23:01 - 00006252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 18:18 - 2013-05-20 22:56 - 00058251 _____ () C:\Windows\setupact.log
2014-06-23 18:18 - 2013-02-21 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-23 18:18 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 12:07 - 2014-06-23 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 11:41 - 2014-06-23 11:41 - 00007597 _____ () C:\Users\Steve Wonder\AppData\Local\Resmon.ResmonCfg
2014-06-23 10:47 - 2010-11-20 23:48 - 00369082 _____ () C:\Windows\PFRO.log
2014-06-23 00:42 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-06-22 22:11 - 2013-05-21 21:46 - 00000065 _____ () C:\Windows\wininit.ini
2014-06-22 21:21 - 2014-06-22 21:01 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Roaming\iSafe
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Roaming\eCyber
2014-06-22 20:26 - 2013-02-21 17:40 - 00002051 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-22 20:25 - 2013-02-21 16:23 - 00000000 ____D () C:\Users\Steve Wonder
2014-06-22 20:24 - 2014-05-18 19:32 - 00000000 ____D () C:\Program Files\EACom
2014-06-22 20:24 - 2013-02-23 00:19 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-22 20:24 - 2011-04-12 03:46 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-22 20:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-06-22 20:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-21 23:32 - 2014-06-21 23:32 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Uber Entertainment
2014-06-21 21:58 - 2014-06-21 21:58 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Introversion
2014-06-18 22:42 - 2014-06-21 22:04 - 00000618 _____ () C:\Users\Steve Wonder\Desktop\Prison Architect.lnk
2014-06-18 15:44 - 2013-02-24 04:36 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Roaming\vlc
2014-06-18 13:29 - 2013-02-24 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-06-18 13:29 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-17 09:03 - 2009-07-14 06:53 - 00032524 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-17 09:03 - 2009-07-14 06:53 - 00032524 _____ () C:\Windows\Tasks\SCHEDLGU(19).TXT
2014-06-15 19:28 - 2014-06-15 19:28 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Adobe
2014-06-12 16:31 - 2013-11-06 02:55 - 00000496 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-12 16:31 - 2013-11-06 02:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-12 16:19 - 2013-02-21 16:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-12 16:19 - 2013-02-21 16:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-11 10:48 - 2014-05-04 00:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 10:37 - 2013-07-13 03:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:37 - 2013-02-21 17:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 10:35 - 2013-02-21 22:38 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 10:48 - 2014-06-11 10:43 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-11 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 22:07 - 2014-04-21 13:51 - 00000693 _____ () C:\Users\Public\Desktop\FTL.lnk
2014-06-05 21:57 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-29 22:02 - 2013-02-22 00:07 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-28 18:48 - 2014-06-11 10:26 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-11 10:26 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-11 10:26 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-11 10:26 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-11 10:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-11 10:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-11 10:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-11 10:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-11 10:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-11 10:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-11 10:26 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-11 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-11 10:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-11 10:26 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-11 10:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 11:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

Some content of TEMP:
====================
C:\Users\Steve Wonder\AppData\Local\Temp\SHSetup.exe
C:\Users\Steve Wonder\AppData\Local\Temp\_is7FF8.exe
C:\Users\Steve Wonder\AppData\Local\Temp\_isF630.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 12:59

==================== End Of Log ============================


ditional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Steve Wonder at 2014-06-23 21:32:50
Running from C:\Users\Steve Wonder\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Aktualizace NVIDIA 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2011 - Avast Software)
Batman: Arkham City™ (Version: 1.0.0003.131 - WB Games) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Toolbar (HKLM\...\DAEMON Tools Toolbar) (Version: 1.1.0.0283 - DT Soft Ltd) <==== ATTENTION
DarthMod Rome (Alexander Addon) (HKLM\...\DarthMod Rome (Alexander Addon)) (Version: - )
DarthMod Rome (HKLM\...\DarthMod Rome) (Version: - )
Electronic Arts Game Updater (HKLM\...\Electronic Arts Game Updater) (Version: - )
Europa Universalis IV (HKLM\...\Steam App 236850) (Version: - Paradox Development Studio)
Fallout2 (HKLM\...\Fallout2) (Version: - )
Football Manager 2014 (HKLM\...\Steam App 231670) (Version: - Sports Interactive)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
FTL - Advanced Edition (HKLM\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
Intel(R) Network Connections 18.0.1.0 (HKLM\...\PROSetDX) (Version: 18.0.1.0 - Intel)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0 - Intel) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0 - Microsoft Game Studios) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 cs) (HKLM\...\Mozilla Firefox 27.0 (x86 cs)) (Version: 27.0 - Mozilla)
Mozilla Firefox 30.0 (x86 cs) (HKCU\...\Mozilla Firefox 30.0 (x86 cs)) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Ovladač 3D Vision 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Rome - Total War Anthology (HKLM\...\InstallShield_{29BA43D8-07F9-4D78-A682-91BAAA98A302}) (Version: 1.00.0000 - CD Projekt)
Rome - Total War Anthology (Version: 1.00.0000 - CD Projekt) Hidden
Seznam Software (HKCU\...\SeznamInstall) (Version: - Seznam.cz)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{A030537D-0034-46AD-A730-B1119786F607}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
Vietcong & Vietcong: Fist Alpha (HKLM\...\{DCF5C463-BD5C-4982-91F9-2C3F8F9E9C88}) (Version: 1.06 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points =========================

23-06-2014 17:36:12 Installed SpyHunter
23-06-2014 19:19:26 Removed SpyHunter

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {CF948B4F-2C0D-4B9F-B811-83E8891C3979} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-29] (AVAST Software)
Task: {D1EDF7C0-FCAB-4105-9E2C-6EE1C332DA97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-23 19:37 - 2014-06-23 18:38 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062301\algo.dll
2013-02-21 17:31 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-07-19 13:21 - 2013-07-19 13:25 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-12-29 02:31 - 2013-12-29 02:31 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-11 00:52 - 2014-06-11 00:52 - 03852912 _____ () D:\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Myš Microsoft pro port PS/2
Description: Myš Microsoft pro port PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 07:36:40 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Během obnovení systému došlo k nespecifikované chybě: (Windows Update). Další informace: 0xc0000022.

Error: (06/23/2014 06:23:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error: (06/23/2014 06:23:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (06/23/2014 06:23:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (06/23/2014 06:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2014 06:12:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error: (06/23/2014 06:12:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (06/23/2014 06:12:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (06/23/2014 06:08:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2014 11:59:02 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.


System errors:
=============
Error: (06/23/2014 07:31:17 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Neočekávaná chyba. Kód chyby: 490@01010004

Error: (06/23/2014 06:21:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (06/23/2014 06:21:02 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (06/23/2014 06:09:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (06/23/2014 06:09:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (06/23/2014 11:56:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (06/23/2014 11:56:54 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (06/23/2014 11:45:14 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Neočekávaná chyba. Kód chyby: 490@01010004

Error: (06/23/2014 11:10:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (06/23/2014 11:10:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (02/27/2013 01:25:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3063.06 MB
Available physical RAM: 1804.52 MB
Total Pagefile: 6124.41 MB
Available Pagefile: 4758.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.1 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:342.45 GB) (Free:312.02 GB) NTFS
Drive d: (DATA) (Fixed) (Total:343.09 GB) (Free:163.17 GB) NTFS
Drive m: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 627552DA)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=343 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Bitcoin viry a další

#6 Příspěvek od vyosek »

:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Stephano
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 23 čer 2014 12:56

Re: Bitcoin viry a další

#7 Příspěvek od Stephano »

unkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Steve Wonder on Łt 24.06.2014 at 10:53:56,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ctoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{53071B66-D0CA-4DBC-AA0B-65AB652EE6E8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Steve Wonder\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 24.06.2014 at 10:55:40,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ještě doplním, že při dnešním startu PC se v procesech na chvilku objevil rdl.exe, který ale po pár minutách zmizel. Při tomto spuštění byl procesor na pár vteřin na 30%. Jelikož se ale tento proces sám vypnul, asi to nebude vážné. PC se po vytvoření logu nerestartoval.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Bitcoin viry a další

#8 Příspěvek od vyosek »

Jeste to prozente AdwCleanerem :)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Stephano
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 23 čer 2014 12:56

Re: Bitcoin viry a další

#9 Příspěvek od Stephano »

# AdwCleaner v3.213 - Report created 24/06/2014 at 11:17:47
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Steve Wonder - STEPHANO
# Running from : C:\Users\Steve Wonder\Desktop\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Steve Wonder\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Steve Wonder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSHunter.TV
File Deleted : C:\Users\Steve Wonder\AppData\Local\mysearchdial.crx

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v27.0 (cs)

[ File : C:\Users\Steve Wonder\AppData\Roaming\Mozilla\Firefox\Profiles\uvlmo93m.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "hxxp://www.trovigo.com/Results.aspx?gd=&ctid=C ... q={searchT[...]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [2865 octets] - [24/06/2014 11:16:42]
AdwCleaner[S0].txt - [2762 octets] - [24/06/2014 11:17:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2822 octets] ##########

Zde je log po restartu. Proběhlo to nějak rychle :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Bitcoin viry a další

#10 Příspěvek od vyosek »

:arrow: Probehlo to korektne

:arrow: Poprosim o novy log z FRST
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Stephano
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 23 čer 2014 12:56

Re: Bitcoin viry a další

#11 Příspěvek od Stephano »

can result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Steve Wonder (administrator) on STEPHANO on 24-06-2014 11:26:19
Running from C:\Users\Steve Wonder\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) D:\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) D:\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => D:\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-29] (AVAST Software)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://www.trovigo.com/Results.aspx?gd= ... rms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... earchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {2F4EF942-1B10-410D-A874-9F166C0057C4} URL = http://www.mapy.cz/?query={searchTerms} ... arch_12454
SearchScopes: HKCU - {3B61FB7B-44C8-43E2-8780-C3DDA67BCD6B} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {49404975-8451-409F-BBEF-96BBF48FEF65} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
SearchScopes: HKCU - {5C9464DB-1570-43B4-AD3C-5FCC41E39FD6} URL = http://www.firmy.cz/phr/{searchTerms}?s ... arch_12454
SearchScopes: HKCU - {7DCA2735-22C1-4DAB-9C90-62AE2765815F} URL = http://encyklopedie.seznam.cz/search?q= ... arch_12454
SearchScopes: HKCU - {CF1307E2-6C11-4D86-B024-868439982F64} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Steve Wonder\AppData\Roaming\Mozilla\Firefox\Profiles\uvlmo93m.default
FF Homepage: www.google.cz/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - D:\Ubisoft\npuplaypc.dll No File
FF Extension: New Tab Homepage - C:\Users\Steve Wonder\AppData\Roaming\Mozilla\Firefox\Profiles\uvlmo93m.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-03-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-21]
FF StartMenuInternet: FIREFOX.EXE - d:\mozilla firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-29] (AVAST Software)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [120136 2012-11-20] (Intel Corporation)
S3 Microsoft Office Groove Audit Service; D:\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-07-19] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2013-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2013-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2013-12-29] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2013-12-29] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-05-20] (GFI Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-02-21] () [File not signed]
U3 azycmqp0; C:\Windows\system32\Drivers\azycmqp0.sys [0 ] (Microsoft Corporation)
S3 AmdLLD; system32\DRIVERS\AmdLLD.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-24 11:26 - 2014-06-24 11:26 - 00009489 _____ () C:\Users\Steve Wonder\Desktop\FRST.txt
2014-06-24 11:25 - 2014-06-24 11:25 - 01073152 _____ (Farbar) C:\Users\Steve Wonder\Desktop\FRST.exe
2014-06-24 11:16 - 2014-06-24 11:22 - 00000000 ____D () C:\AdwCleaner
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Steve Wonder\Desktop\adwcleaner_3.213.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 00002865 _____ () C:\Users\Steve Wonder\Desktop\AdwCleaner[R0].txt
2014-06-24 11:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-24 10:55 - 2014-06-24 10:55 - 00003462 _____ () C:\Users\Steve Wonder\Desktop\JRT.txt
2014-06-24 10:53 - 2014-06-24 10:53 - 01016261 _____ (Thisisu) C:\Users\Steve Wonder\Desktop\JRT.exe
2014-06-24 10:53 - 2014-06-24 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 21:29 - 2014-06-24 11:26 - 00000000 ____D () C:\FRST
2014-06-23 19:36 - 2014-06-23 19:36 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-23 12:07 - 2014-06-23 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 11:41 - 2014-06-23 11:41 - 00007597 _____ () C:\Users\Steve Wonder\AppData\Local\Resmon.ResmonCfg
2014-06-21 23:32 - 2014-06-21 23:32 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Uber Entertainment
2014-06-21 22:04 - 2014-06-18 22:42 - 00000618 _____ () C:\Users\Steve Wonder\Desktop\Prison Architect.lnk
2014-06-21 21:58 - 2014-06-21 21:58 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Introversion
2014-06-15 19:28 - 2014-06-15 19:28 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Adobe
2014-06-11 10:43 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 10:43 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 10:43 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 10:43 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 10:43 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:43 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 10:43 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 10:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 10:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 10:26 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 10:26 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 10:26 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 10:26 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 10:26 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 10:26 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 10:26 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 10:26 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 10:26 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 10:26 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 10:26 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 10:26 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 10:26 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 10:26 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 10:26 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 10:26 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 10:24 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 10:24 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

==================== One Month Modified Files and Folders =======

2014-06-24 11:26 - 2014-06-24 11:26 - 00009489 _____ () C:\Users\Steve Wonder\Desktop\FRST.txt
2014-06-24 11:26 - 2014-06-23 21:29 - 00000000 ____D () C:\FRST
2014-06-24 11:25 - 2014-06-24 11:25 - 01073152 _____ (Farbar) C:\Users\Steve Wonder\Desktop\FRST.exe
2014-06-24 11:25 - 2009-07-14 06:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 11:25 - 2009-07-14 06:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 11:23 - 2010-11-20 23:01 - 00006252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-24 11:22 - 2014-06-24 11:16 - 00000000 ____D () C:\AdwCleaner
2014-06-24 11:18 - 2013-05-20 22:56 - 00058419 _____ () C:\Windows\setupact.log
2014-06-24 11:18 - 2013-02-21 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-24 11:18 - 2013-02-21 16:00 - 01513050 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 11:18 - 2010-11-20 23:48 - 00369396 _____ () C:\Windows\PFRO.log
2014-06-24 11:18 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Steve Wonder\Desktop\adwcleaner_3.213.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 00002865 _____ () C:\Users\Steve Wonder\Desktop\AdwCleaner[R0].txt
2014-06-24 11:08 - 2013-02-21 16:34 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 10:55 - 2014-06-24 10:55 - 00003462 _____ () C:\Users\Steve Wonder\Desktop\JRT.txt
2014-06-24 10:53 - 2014-06-24 10:53 - 01016261 _____ (Thisisu) C:\Users\Steve Wonder\Desktop\JRT.exe
2014-06-24 10:53 - 2014-06-24 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 22:03 - 2013-02-21 16:38 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-06-23 19:36 - 2014-06-23 19:36 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-23 12:07 - 2014-06-23 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 11:41 - 2014-06-23 11:41 - 00007597 _____ () C:\Users\Steve Wonder\AppData\Local\Resmon.ResmonCfg
2014-06-23 10:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-06-22 22:11 - 2013-05-21 21:46 - 00000065 _____ () C:\Windows\wininit.ini
2014-06-22 20:26 - 2013-02-21 17:40 - 00002051 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-22 20:25 - 2013-02-21 16:23 - 00000000 ____D () C:\Users\Steve Wonder
2014-06-22 20:24 - 2014-05-18 19:32 - 00000000 ____D () C:\Program Files\EACom
2014-06-22 20:24 - 2013-02-23 00:19 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-22 20:24 - 2011-04-12 03:46 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-22 20:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-06-22 20:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-21 23:32 - 2014-06-21 23:32 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Uber Entertainment
2014-06-21 21:58 - 2014-06-21 21:58 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Introversion
2014-06-18 22:42 - 2014-06-21 22:04 - 00000618 _____ () C:\Users\Steve Wonder\Desktop\Prison Architect.lnk
2014-06-18 15:44 - 2013-02-24 04:36 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Roaming\vlc
2014-06-18 13:29 - 2013-02-24 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-06-18 13:29 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-17 09:03 - 2009-07-14 06:53 - 00032524 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-17 09:03 - 2009-07-14 06:53 - 00032524 _____ () C:\Windows\Tasks\SCHEDLGU(19).TXT
2014-06-15 19:28 - 2014-06-15 19:28 - 00000000 ____D () C:\Users\Steve Wonder\AppData\Local\Adobe
2014-06-12 16:31 - 2013-11-06 02:55 - 00000496 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-12 16:31 - 2013-11-06 02:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-12 16:19 - 2013-02-21 16:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-12 16:19 - 2013-02-21 16:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-11 10:48 - 2014-05-04 00:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 10:37 - 2013-07-13 03:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:37 - 2013-02-21 17:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 10:35 - 2013-02-21 22:38 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 10:48 - 2014-06-11 10:43 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-11 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 22:07 - 2014-04-21 13:51 - 00000693 _____ () C:\Users\Public\Desktop\FTL.lnk
2014-06-05 21:57 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-29 22:02 - 2013-02-22 00:07 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-28 18:48 - 2014-06-11 10:26 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-11 10:26 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-11 10:26 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-11 10:26 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-11 10:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-11 10:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-11 10:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-11 10:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-11 10:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-11 10:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-11 10:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-11 10:26 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-11 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-11 10:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-11 10:26 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-11 10:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 11:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

Some content of TEMP:
====================
C:\Users\Steve Wonder\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve Wonder\AppData\Local\Temp\SHSetup.exe
C:\Users\Steve Wonder\AppData\Local\Temp\_is7FF8.exe
C:\Users\Steve Wonder\AppData\Local\Temp\_isF630.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 12:59


==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Bitcoin viry a další

#12 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => D:\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://www.trovigo.com/Results.aspx?gd= ... 1D7AA9E&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

U3 azycmqp0; C:\Windows\system32\Drivers\azycmqp0.sys [0 ] (Microsoft Corporation)
S3 AmdLLD; system32\DRIVERS\AmdLLD.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

C:\Program Files\Enigma Software Group
2014-06-24 11:26 - 2014-06-24 11:26 - 00009489 _____ () C:\Users\Steve Wonder\Desktop\FRST.txt
2014-06-24 11:16 - 2014-06-24 11:22 - 00000000 ____D () C:\AdwCleaner
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Steve Wonder\Desktop\adwcleaner_3.213.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 00002865 _____ () C:\Users\Steve Wonder\Desktop\AdwCleaner[R0].txt
2014-06-24 11:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-24 10:55 - 2014-06-24 10:55 - 00003462 _____ () C:\Users\Steve Wonder\Desktop\JRT.txt
2014-06-24 10:53 - 2014-06-24 10:53 - 01016261 _____ (Thisisu) C:\Users\Steve Wonder\Desktop\JRT.exe
2014-06-24 10:53 - 2014-06-24 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 22:11 - 2013-05-21 21:46 - 00000065 _____ () C:\Windows\wininit.ini
C:\Users\Steve Wonder\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve Wonder\AppData\Local\Temp\SHSetup.exe
C:\Users\Steve Wonder\AppData\Local\Temp\_is7FF8.exe
C:\Users\Steve Wonder\AppData\Local\Temp\_isF630.exe

Hosts:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Stephano
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 23 čer 2014 12:56

Re: Bitcoin viry a další

#13 Příspěvek od Stephano »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:22-06-2014
Ran by Steve Wonder at 2014-06-24 14:04:09 Run:1
Running from C:\Users\Steve Wonder\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
tart
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => D:\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://www.trovigo.com/Results.aspx?gd= ... 1D7AA9E&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

U3 azycmqp0; C:\Windows\system32\Drivers\azycmqp0.sys [0 ] (Microsoft Corporation)
S3 AmdLLD; system32\DRIVERS\AmdLLD.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

C:\Program Files\Enigma Software Group
2014-06-24 11:26 - 2014-06-24 11:26 - 00009489 _____ () C:\Users\Steve Wonder\Desktop\FRST.txt
2014-06-24 11:16 - 2014-06-24 11:22 - 00000000 ____D () C:\AdwCleaner
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Steve Wonder\Desktop\adwcleaner_3.213.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 00002865 _____ () C:\Users\Steve Wonder\Desktop\AdwCleaner[R0].txt
2014-06-24 11:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-24 10:55 - 2014-06-24 10:55 - 00003462 _____ () C:\Users\Steve Wonder\Desktop\JRT.txt
2014-06-24 10:53 - 2014-06-24 10:53 - 01016261 _____ (Thisisu) C:\Users\Steve Wonder\Desktop\JRT.exe
2014-06-24 10:53 - 2014-06-24 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 22:11 - 2013-05-21 21:46 - 00000065 _____ () C:\Windows\wininit.ini
C:\Users\Steve Wonder\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve Wonder\AppData\Local\Temp\SHSetup.exe
C:\Users\Steve Wonder\AppData\Local\Temp\_is7FF8.exe
C:\Users\Steve Wonder\AppData\Local\Temp\_isF630.exe

Hosts:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://www.trovigo.com/Results.aspx?gd= ... => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... => Value not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
azycmqp0 => Service deleted successfully.
AmdLLD => Service deleted successfully.
esgiguard => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Users\Steve Wonder\Desktop\FRST.txt => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Steve Wonder\Desktop\adwcleaner_3.213.exe => Moved successfully.
C:\Users\Steve Wonder\Desktop\AdwCleaner[R0].txt => Moved successfully.
C:\Windows\system32\sqlite3.dll => Moved successfully.
C:\Users\Steve Wonder\Desktop\JRT.txt => Moved successfully.
C:\Users\Steve Wonder\Desktop\JRT.exe => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Windows\wininit.ini => Moved successfully.
C:\Users\Steve Wonder\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Steve Wonder\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Steve Wonder\AppData\Local\Temp\_is7FF8.exe => Moved successfully.
C:\Users\Steve Wonder\AppData\Local\Temp\_isF630.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Doplním, že mohu poslat obrázek, který ukazuje výsledek Avastu, jenž jsem zmiňoval v první zprávě.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Bitcoin viry a další

#14 Příspěvek od vyosek »

:arrow: Log uz vypada cisty a FRST provedlo co melo...

:arrow: Jsou nyni nejake problemy s PC :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Stephano
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 23 čer 2014 12:56

Re: Bitcoin viry a další

#15 Příspěvek od Stephano »

Viditelné problémy nejsou. Pouze Avast ukazuje hlášení se soubory, o kterém jsem se zmínil. Když jsem zkoušel SpyHunter, v drtivé většině se jednalo o toolbary, pouze pár věcí vypadalo jako škodlivý vir. Nic jsem ale neodstraňoval, ani jako registr. Pokud log vypadá dobře, jsem klidnější. Pro jistotu ale stejně přeinstaluji Windows. Mám zaslat daný obrázek Avastu ve Winraru, abyste se podíval?
Naposledy upravil(a) Stephano dne 24 čer 2014 13:34, celkem upraveno 2 x.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“