Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

VIRTOOL:WIN32/obfuscator.xz

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Šnajdr
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 27 led 2015 20:46

VIRTOOL:WIN32/obfuscator.xz

#1 Příspěvek od Šnajdr »

Dobrý den, mám problém s odstraněním výše uvedého červa či co to je. Microsoft Security Essentials mi identifikoval objekt jako rizikový ale nejde odstranit..antivir se vždy sekne. A PC je celkově takové apatické....prohlížeč padá...dlouho načítá. děkuji za radu


Logfile of random's system information tool 1.10 (written by random/random)
Run by preshing at 2015-01-27 20:42:47
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 124 GB (26%) free of 477 GB
Total RAM: 6143 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:42:58, on 27.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\preshing.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6770 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
C:\Windows\system32\HPSIsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 88ad1d5a-b61c-42fd-97f8-67e4ec0ded71 1
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
\??\C:\Windows\system32\conhost.exe "-656631429-1171360976-119740244-712177183511211649287009902-6184754171386101423
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "186147528121179607721228922737-8933561922134558957-53641616630966807-2025798807
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
WLIDSvcM.exe 1204
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dfc9825f-41ca-49aa-a668-1c69a9b470ce -SystemEventPortName:HostProcess-68ccd2dc-c81a-4b74-84bd-fb338d0509eb -IoCancelEventPortName:HostProcess-78860ca4-1564-438b-9594-8f07a906ef22 -NonStateChangingEventPortName:HostProcess-6157ad90-9067-46ac-885e-f058c51afac5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6333bb3e-c3c2-40d2-a05b-7a86b38b4a8c
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\preshing\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\preshing\AppData\Roaming\Mozilla\Firefox\Profiles\38977qqp.default-1420387755293

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-09-17 2461504]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-09-17 2799784]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"=C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2013-01-17 267792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-01-27 20:42:47 ----D---- C:\rsit
2015-01-27 20:42:47 ----D---- C:\Program Files\trend micro
2015-01-26 22:56:24 ----D---- C:\ProgramData\e4c649400004eb3
2015-01-26 19:04:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-25 21:44:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2015-01-23 08:11:01 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-01-23 08:08:45 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvopencl.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvoglv64.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvinitx.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\NvIFR64.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvhdap64.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\NvFBC64.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvdispco6434725.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvcuvid.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\nvcuda.dll
2015-01-23 08:08:45 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-01-23 08:08:45 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2015-01-23 08:08:44 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-01-23 08:08:44 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-01-23 08:08:44 ----A---- C:\Windows\system32\nvcompiler.dll
2015-01-21 12:39:56 ----A---- C:\Windows\system32\HPSIsvc.exe
2015-01-21 12:39:09 ----A---- C:\Windows\system32\HP1100SM.EXE
2015-01-21 12:39:09 ----A---- C:\Windows\system32\HP1100LM.DLL
2015-01-21 12:38:45 ----A---- C:\Windows\system32\mvhlewsi.dll
2015-01-21 12:38:43 ----D---- C:\Program Files\HP
2015-01-21 12:38:42 ----A---- C:\Windows\system32\drivers\mvusbews.sys
2015-01-21 12:38:40 ----A---- C:\Windows\system32\mvusbews.dll
2015-01-21 12:38:39 ----A---- C:\Windows\system32\HP1100SMs.dll
2015-01-20 12:20:02 ----D---- C:\Program Files (x86)\Google
2015-01-15 22:24:42 ----D---- C:\Windows\Minidump
2015-01-15 10:32:31 ----D---- C:\ProgramData\BesetSavEForYou
2015-01-15 10:31:59 ----D---- C:\ProgramData\NEwSaaver
2015-01-14 10:33:28 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:33:28 ----A---- C:\Windows\system32\profsvc.dll
2015-01-14 10:33:27 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-14 10:33:27 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-14 10:33:27 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-14 10:33:27 ----A---- C:\Windows\system32\nlaapi.dll
2015-01-14 10:33:27 ----A---- C:\Windows\system32\ncsi.dll
2015-01-14 10:33:25 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-14 10:33:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-01-14 10:33:22 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-01-14 10:33:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:33:21 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-01-14 10:33:21 ----A---- C:\Windows\system32\srcore.dll
2015-01-14 10:33:21 ----A---- C:\Windows\system32\srclient.dll
2015-01-14 10:33:21 ----A---- C:\Windows\system32\rstrui.exe
2015-01-09 15:24:01 ----D---- C:\ProgramData\7sAve
2015-01-09 15:23:32 ----D---- C:\ProgramData\coinsaAve
2015-01-08 13:08:40 ----D---- C:\ProgramData\FuenDeals
2015-01-08 13:08:18 ----D---- C:\ProgramData\DigiSeaverr
2014-12-31 15:15:08 ----D---- C:\Windows\Migration
2014-12-31 15:06:59 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2014-12-31 15:06:59 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2014-12-31 15:06:59 ----A---- C:\Windows\system32\XAudio2_7.dll
2014-12-31 15:06:59 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2014-12-31 15:06:58 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2014-12-31 15:06:58 ----A---- C:\Windows\system32\xactengine3_7.dll
2014-12-31 15:06:57 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2014-12-31 15:06:57 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2014-12-31 15:06:56 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2014-12-31 15:06:56 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2014-12-31 15:06:56 ----A---- C:\Windows\system32\d3dx11_43.dll
2014-12-31 15:06:56 ----A---- C:\Windows\system32\d3dcsx_43.dll
2014-12-31 15:06:55 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2014-12-31 15:06:55 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2014-12-31 15:06:55 ----A---- C:\Windows\system32\D3DX9_43.dll
2014-12-31 15:06:55 ----A---- C:\Windows\system32\d3dx10_43.dll
2014-12-31 15:06:54 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2014-12-31 15:06:54 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2014-12-31 15:06:54 ----A---- C:\Windows\system32\XAudio2_6.dll
2014-12-31 15:06:54 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2014-12-31 15:06:53 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2014-12-31 15:06:53 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2014-12-31 15:06:53 ----A---- C:\Windows\system32\xactengine3_6.dll
2014-12-31 15:06:53 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2014-12-31 10:12:45 ----D---- C:\ProgramData\11606907315732743215
2014-12-30 09:40:42 ----D---- C:\ProgramData\ReguluarDeeaels
2014-12-30 09:40:18 ----D---- C:\ProgramData\NewSaver

======List of files/folders modified in the last 1 month======

2015-01-27 20:42:47 ----RD---- C:\Program Files
2015-01-27 20:39:54 ----D---- C:\Windows\Temp
2015-01-27 20:34:31 ----D---- C:\Windows\System32
2015-01-27 20:34:31 ----D---- C:\Windows\inf
2015-01-27 20:34:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-27 20:32:56 ----SHD---- C:\System Volume Information
2015-01-27 20:28:25 ----D---- C:\ProgramData\NVIDIA
2015-01-27 19:48:15 ----D---- C:\Windows
2015-01-27 00:34:17 ----D---- C:\Windows\system32\config
2015-01-26 22:58:39 ----RD---- C:\Program Files (x86)
2015-01-26 22:57:02 ----D---- C:\ProgramData\a11404b52722042f
2015-01-26 22:56:24 ----HD---- C:\ProgramData
2015-01-26 22:54:13 ----D---- C:\Windows\system32\Tasks
2015-01-26 22:53:48 ----D---- C:\Windows\Prefetch
2015-01-26 22:41:25 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 21:44:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-25 21:44:01 ----D---- C:\Windows\SysWOW64
2015-01-25 20:13:02 ----D---- C:\Windows\system32\NDF
2015-01-23 08:10:58 ----D---- C:\Windows\system32\DriverStore
2015-01-23 08:10:55 ----D---- C:\Windows\system32\drivers
2015-01-23 08:09:51 ----D---- C:\Windows\system32\catroot2
2015-01-21 12:44:10 ----D---- C:\Windows\system32\FxsTmp
2015-01-21 12:38:47 ----SHD---- C:\Windows\Installer
2015-01-14 21:02:46 ----D---- C:\Windows\winsxs
2015-01-14 17:07:35 ----D---- C:\Windows\system32\MRT
2015-01-14 17:04:47 ----A---- C:\Windows\system32\MRT.exe
2015-01-13 10:07:22 ----D---- C:\Users\preshing\AppData\Roaming\ESTsoft
2015-01-13 05:15:56 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2015-01-10 09:07:47 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-01-10 09:07:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-01-10 09:07:47 ----A---- C:\Windows\system32\OpenCL.dll
2015-01-10 09:07:47 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-01-10 09:07:47 ----A---- C:\Windows\system32\nvapi64.dll
2015-01-10 00:30:01 ----A---- C:\Windows\system32\nvsvc64.dll
2015-01-10 00:30:01 ----A---- C:\Windows\system32\nvcpl.dll
2015-01-10 00:29:53 ----A---- C:\Windows\system32\nvvsvc.exe
2015-01-10 00:29:53 ----A---- C:\Windows\system32\nvsvcr.dll
2015-01-10 00:29:52 ----A---- C:\Windows\system32\nvshext.dll
2015-01-10 00:29:52 ----A---- C:\Windows\system32\nvmctray.dll
2015-01-09 15:42:44 ----D---- C:\ProgramData\3872871776
2015-01-09 15:42:24 ----D---- C:\Windows\Tasks
2015-01-02 11:21:10 ----D---- C:\Windows\Microsoft.NET
2015-01-02 03:04:15 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-12-31 15:22:38 ----D---- C:\ProgramData\Package Cache
2014-12-31 15:18:39 ----RSD---- C:\Windows\assembly
2014-12-31 15:15:14 ----D---- C:\Windows\SYSWOW64\en-US
2014-12-31 15:15:14 ----D---- C:\Windows\system32\en-US
2014-12-31 15:15:08 ----SD---- C:\ProgramData\Microsoft
2014-12-31 14:59:55 ----D---- C:\Games
2014-12-31 14:20:59 ----D---- C:\Users\preshing\AppData\Roaming\uTorrent
2014-12-31 12:14:31 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 269008]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-10-08 283064]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 125584]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-01-13 195728]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-09-17 20288]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-09-04 38048]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [2012-12-10 44544]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2011-04-04 20480]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2013-01-03 78336]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-09-17 1149760]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2011-05-11 126520]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 23784]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-09-17 1796928]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-09-17 19440960]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-10 935056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-01-09 410768]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 Blackberry Device Manager;BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-01-18 577536]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-26 114800]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-06 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: VIRTOOL:WIN32/obfuscator.xz

#2 Příspěvek od Rudy »

Zdravím!
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Šnajdr
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 27 led 2015 20:46

Re: VIRTOOL:WIN32/obfuscator.xz

#3 Příspěvek od Šnajdr »

Děkuji za ochotu. Tady posílám scan co mi vyjel výše uvedený pragram.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27.1.2015
Scan Time: 21:11:10
Logfile: scan 1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.27.09
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: preshing

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370278
Time Elapsed: 9 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}, , [610414e86e1b8caac7fc9a4360a1bf41],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.EnjoyCoupon.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}, , [c79e708cf198fe387021c1aedd267e82],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 14
Rogue.Multiple, C:\ProgramData\3872871776, , [ee7759a3d6b31125b3c1f1411ee5c23e],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, , [77ee4eae3e4bf6407eeafb5c14efb24e],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, , [77ee4eae3e4bf6407eeafb5c14efb24e],
PUP.Optional.Booster.A, C:\ProgramData\Trusted Publisher\GS_Booster, , [e77e36c698f1f34380083623e61d1ee2],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [b4b19e5e751441f5398ae475d1321be5],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, , [b4b19e5e751441f5398ae475d1321be5],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [b4b19e5e751441f5398ae475d1321be5],
PUP.Optional.MultiPlug.A, C:\ProgramData\RegularDeals, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, C:\ProgramData\Isaver, , [1253a25a5a2f1e18c4ab61fbb35039c7],
PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraCoupon, , [b0b5bf3d95f49b9b47638cdb6a99c040],
PUP.Optional.GoSave.A, C:\ProgramData\GoSave, , [c89d4fad2b5ece68f318dd8cb44f8977],
PUP.Optional.RandomPrice.A, C:\ProgramData\RandomPrice, , [70f5cb311e6ba88ec7dff974c43f9c64],
PUP.Optional.EnjoyCoupon.A, C:\ProgramData\EnjoyCoupon, , [c79e708cf198fe387021c1aedd267e82],
PUP.Optional.FunDeals.A, C:\ProgramData\FunDeals, , [adb84cb0ea9f191d34a06f071be8c040],

Files: 29
Trojan.Agent, C:\ProgramData\ExstraCoupon\Oue83ImotxZYAl.exe, , [362ffb01cdbc3303b7b3f40f51b1ff01],
PUP.Optional.MultiPlug, C:\ProgramData\GoSave\AuO01ToLhzN6njo.exe, , [610414e86e1b8caac7fc9a4360a1bf41],
Trojan.Agent, C:\ProgramData\RegularDeals\vs2nzQoATtRsc6.exe, , [a6bfeb11890089ad86e426dd778b49b7],
PUP.Optional.CrossRider.A, C:\Users\preshing\AppData\Roaming\VPSI.exe, , [a9bc4daf6029c076664f43988a7b7d83],
PUP.Optional.MultiPlug, C:\Users\preshing\AppData\Local\Temp\E1De8d7470Cf.exe, , [d88d6d8f04850e281c3612d7679a3fc1],
PUP.Optional.MultiPlug.A, C:\Users\preshing\AppData\Local\Temp\72d72.exe, , [6401e319f594f73fdae820e95aa8649c],
PUP.Optional.WindowsProtectManger.A, C:\Users\preshing\AppData\Local\Temp\{3D2B3714-F20B-486C-81A2-1949BAE31CF2}_AZ\{50472A36-E0E1-4508-9D19-10C009DF99E4}_DYG\tmp\wpm_v20.0.0.1277.exe, , [372e9d5f484174c25aa1d6f0e51cc040],
PUP.Optional.OpenCandy, C:\Users\preshing\AppData\Local\Temp\nsq1F16.tmp\DTLite.exe, , [98cdb04c5237d561c430ceff40c542be],
PUP.Optional.MultiPlug.A, C:\Users\preshing\AppData\Local\Temp\fDB55\temp\Sims4-Origins.exe.exe, , [ce9775873059ab8bedd5be4b9a68ea16],
PUP.Optional.MultiPlug, C:\Users\preshing\AppData\Local\Temp\955B992\temp\extIE_setup.exe, , [2e3719e38aff270f4c776f6eb948b848],
PUP.Optional.MultiPlug, C:\Users\preshing\AppData\Local\Temp\955B992\temp\setupespl.exe, , [481d21db41480333ae15d805cf32926e],
Trojan.Downloader, C:\Users\preshing\AppData\Local\Temp\955B992\temp\usetup.exe, , [056009f3ea9f65d1d9d339aca161b749],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, , [f07563997316fc3a4a715362af5416ea],
PUP.Optional.ISearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\omiga-plus.xml, , [ec794daf7811ca6c290c7275e61e8f71],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, , [b0b5867619703402653ccb2d6e96ff01],
Rogue.Multiple, C:\ProgramData\3872871776\BIT6AC6.tmp, , [ee7759a3d6b31125b3c1f1411ee5c23e],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, , [77ee4eae3e4bf6407eeafb5c14efb24e],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-10-08[18-32-14-494].log, , [b4b19e5e751441f5398ae475d1321be5],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [b4b19e5e751441f5398ae475d1321be5],
PUP.Optional.MultiPlug.A, C:\ProgramData\RegularDeals\vs2nzQoATtRsc6.dat, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, C:\ProgramData\RegularDeals\vs2nzQoATtRsc6.exe, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, C:\ProgramData\RegularDeals\vs2nzQoATtRsc6.tlb, , [aeb752aa26630f27f6b62f2beb187e82],
PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraCoupon\Oue83ImotxZYAl.dat, , [b0b5bf3d95f49b9b47638cdb6a99c040],
PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraCoupon\Oue83ImotxZYAl.exe, , [b0b5bf3d95f49b9b47638cdb6a99c040],
PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraCoupon\Oue83ImotxZYAl.tlb, , [b0b5bf3d95f49b9b47638cdb6a99c040],
PUP.Optional.EnjoyCoupon.A, C:\ProgramData\EnjoyCoupon\qn9gkwPe1QIyoM.exe, , [c79e708cf198fe387021c1aedd267e82],
PUP.Optional.EnjoyCoupon.A, C:\ProgramData\EnjoyCoupon\qn9gkwPe1QIyoM.tlb, , [c79e708cf198fe387021c1aedd267e82],
PUP.Optional.FunDeals.A, C:\ProgramData\FunDeals\1CGEmVkXRLLad8.exe, , [adb84cb0ea9f191d34a06f071be8c040],
PUP.Optional.FunDeals.A, C:\ProgramData\FunDeals\1CGEmVkXRLLad8.tlb, , [adb84cb0ea9f191d34a06f071be8c040],

Physical Sectors: 0
(No malicious items detected)


(end)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: VIRTOOL:WIN32/obfuscator.xz

#4 Příspěvek od Rudy »

Vše, co MBAM nalezl, smažte a pak dejte log FRST:

stáhněte FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 a uložte na plochu. Spusťte a klikněte na >Scan<. Po skončení skenu se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Šnajdr
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 27 led 2015 20:46

Re: VIRTOOL:WIN32/obfuscator.xz

#5 Příspěvek od Šnajdr »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by preshing (administrator) on PRESHING-PC on 27-01-2015 21:39:44
Running from C:\Users\preshing\Desktop
Loaded Profiles: preshing (Available profiles: preshing)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(forum.viry.cz) C:\Users\preshing\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKU\S-1-5-21-1601116588-1914785365-4272034699-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1601116588-1914785365-4272034699-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1601116588-1914785365-4272034699-1000\...\MountPoints2: {681f940d-a146-11e4-b096-00235435603b} - J:\SISetup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Users\preshing\AppData\Roaming\Mozilla\Firefox\Profiles\38977qqp.default-1420387755293
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin HKU\S-1-5-21-1601116588-1914785365-4272034699-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Greasemonkey - C:\Users\preshing\AppData\Roaming\Mozilla\Firefox\Profiles\38977qqp.default-1420387755293\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-01-11]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\preshing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoSave) - C:\Users\preshing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikcfjjnagoahgbcmbedlcldmibabcpm [2014-11-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-08] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 21:39 - 2015-01-27 21:40 - 00009227 _____ () C:\Users\preshing\Desktop\FRST.txt
2015-01-27 21:39 - 2015-01-27 21:39 - 00000000 ____D () C:\FRST
2015-01-27 21:37 - 2015-01-27 21:37 - 02129920 _____ (Farbar) C:\Users\preshing\Desktop\FRST64.exe
2015-01-27 21:37 - 2015-01-27 21:37 - 00112640 _____ (forum.viry.cz) C:\Users\preshing\Desktop\FRSTLauncher.exe
2015-01-27 21:21 - 2015-01-27 21:21 - 00007374 _____ () C:\Users\preshing\Desktop\scan 1.txt
2015-01-27 21:10 - 2015-01-27 21:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 21:10 - 2015-01-27 21:10 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-27 21:10 - 2015-01-27 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-27 21:10 - 2015-01-27 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-27 21:10 - 2015-01-27 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-27 21:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 21:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 21:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-27 21:09 - 2015-01-27 21:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\preshing\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-27 20:42 - 2015-01-27 20:42 - 01222144 _____ () C:\Users\preshing\Downloads\RSITx64.exe
2015-01-27 20:42 - 2015-01-27 20:42 - 00000000 ____D () C:\rsit
2015-01-27 20:42 - 2015-01-27 20:42 - 00000000 ____D () C:\Program Files\trend micro
2015-01-27 20:41 - 2015-01-27 20:41 - 00112107 _____ (forum.viry.cz) C:\Users\preshing\Downloads\VerzeOS.exe
2015-01-26 22:56 - 2015-01-26 22:56 - 00000000 ____D () C:\ProgramData\e4c649400004eb3
2015-01-26 22:54 - 2015-01-26 22:54 - 00003140 _____ () C:\Windows\System32\Tasks\{9C5FA9D8-E1E6-4DED-9C87-B765B25D01DF}
2015-01-26 20:37 - 2015-01-26 20:37 - 00000000 ____D () C:\Users\preshing\Desktop\2015_01_24-Kesky_Michal
2015-01-26 19:04 - 2015-01-26 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 22:43 - 2015-01-25 22:45 - 749387776 _____ () C:\Users\preshing\Downloads\Bez dechu novinky (2011) CZ dabing.avi
2015-01-25 21:44 - 2015-01-25 21:44 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-23 08:11 - 2015-01-09 23:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 08:08 - 2015-01-13 05:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 08:08 - 2015-01-13 05:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 08:08 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 08:08 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-21 12:39 - 2015-01-21 12:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_mvusbews_01007.Wdf
2015-01-21 12:39 - 2015-01-21 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-21 12:39 - 2011-05-11 12:21 - 00126520 _____ (HP) C:\Windows\system32\HPSIsvc.exe
2015-01-21 12:39 - 2011-04-02 16:05 - 01696256 _____ () C:\Windows\system32\HP1100SM.EXE
2015-01-21 12:39 - 2011-04-02 16:05 - 00290304 _____ () C:\Windows\system32\HP1100LM.DLL
2015-01-21 12:38 - 2015-01-21 12:38 - 00000000 ____D () C:\Program Files\HP
2015-01-21 12:38 - 2011-04-04 15:25 - 00082944 _____ () C:\Windows\system32\mvusbews.dll
2015-01-21 12:38 - 2011-04-04 15:25 - 00050688 _____ () C:\Windows\system32\HP1100SMs.dll
2015-01-21 12:38 - 2011-04-04 15:25 - 00020480 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvusbews.sys
2015-01-21 12:38 - 2011-04-02 23:12 - 00350720 _____ () C:\Windows\system32\mvhlewsi.dll
2015-01-20 12:20 - 2015-01-20 12:20 - 00002212 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2015-01-20 12:20 - 2015-01-20 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-01-20 12:20 - 2015-01-20 12:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-20 11:22 - 2015-01-20 11:22 - 25469280 _____ () C:\Users\preshing\Downloads\GoogleEarthWin.exe
2015-01-15 22:24 - 2015-01-27 19:48 - 720096527 _____ () C:\Windows\MEMORY.DMP
2015-01-15 22:24 - 2015-01-27 19:48 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 10:32 - 2015-01-27 00:24 - 00000000 ____D () C:\ProgramData\BesetSavEForYou
2015-01-15 10:31 - 2015-01-27 00:24 - 00000000 ____D () C:\ProgramData\NEwSaaver
2015-01-14 10:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:33 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 10:33 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 10:33 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 10:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 10:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 10:33 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 10:33 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 10:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 10:33 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 10:33 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 16:51 - 2015-01-21 10:57 - 00000000 ____D () C:\Users\preshing\Desktop\u Austisu (GC5JCGP)
2015-01-13 10:07 - 2015-01-13 10:22 - 00000000 ____D () C:\Users\preshing\Desktop\2015_01-Kesky_Nebusice
2015-01-09 15:24 - 2015-01-09 15:45 - 00000000 ____D () C:\ProgramData\7sAve
2015-01-09 15:23 - 2015-01-09 15:45 - 00000000 ____D () C:\ProgramData\coinsaAve
2015-01-08 13:08 - 2015-01-09 15:23 - 00000000 ____D () C:\ProgramData\FuenDeals
2015-01-08 13:08 - 2015-01-09 15:23 - 00000000 ____D () C:\ProgramData\DigiSeaverr
2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ____D () C:\Users\preshing\Documents\Electronic Arts
2014-12-31 15:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-12-31 15:06 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-31 15:06 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-12-31 15:06 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-31 15:06 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-31 15:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-31 15:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-31 15:06 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-31 15:06 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-31 15:06 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-31 15:06 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-31 15:06 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-31 15:06 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-31 15:06 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-31 15:06 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-31 15:01 - 2014-12-31 15:45 - 531492513 _____ () C:\Users\preshing\Desktop\Sim4-Offline-patch-2_DLC.exe
2014-12-31 14:59 - 2014-12-31 14:59 - 00001783 _____ () C:\Users\preshing\Desktop\Play The Sims 4.lnk
2014-12-31 14:51 - 2014-12-31 14:51 - 07194312 _____ (Microsoft Corporation) C:\Users\preshing\Desktop\vcredist_x64(1).exe
2014-12-31 14:51 - 2014-12-31 14:51 - 06503984 _____ (Microsoft Corporation) C:\Users\preshing\Desktop\vcredist_x86(2).exe
2014-12-31 14:51 - 2014-12-31 14:51 - 01420840 _____ (Microsoft Corporation) C:\Users\preshing\Desktop\vcredist_arm(1).exe
2014-12-31 14:50 - 2014-12-31 14:50 - 07186992 _____ (Microsoft Corporation) C:\Users\preshing\Desktop\vcredist_x64.exe
2014-12-31 14:50 - 2014-12-31 14:50 - 06554576 _____ (Microsoft Corporation) C:\Users\preshing\Desktop\vcredist_x86(1).exe
2014-12-31 14:50 - 2014-12-31 14:50 - 01453976 _____ (Microsoft Corporation) C:\Users\preshing\Desktop\vcredist_arm.exe
2014-12-31 14:49 - 2014-12-31 14:49 - 04995416 _____ (Microsoft Corporation) C:\Users\preshing\Desktop\vcredist_x86.exe
2014-12-31 14:21 - 2014-12-31 14:49 - 338282190 _____ () C:\Users\preshing\Desktop\Framework_35-45.exe
2014-12-31 13:54 - 2014-12-31 14:17 - 275422061 _____ () C:\Users\preshing\Desktop\DX_patch.exe
2014-12-31 10:59 - 2014-12-31 11:42 - 530723544 _____ () C:\Users\preshing\Desktop\Sim4-update3-DLC-CrashFIX.exe
2014-12-31 10:17 - 2014-12-31 10:33 - 00000000 ____D () C:\Users\preshing\Desktop\The Sims 4 (Origin) PC full game + DLC ^^nosTEAM^^
2014-12-31 10:12 - 2014-12-31 10:12 - 00000000 ____D () C:\ProgramData\11606907315732743215
2014-12-30 09:40 - 2015-01-09 15:23 - 00000000 ____D () C:\ProgramData\ReguluarDeeaels
2014-12-30 09:40 - 2015-01-09 15:23 - 00000000 ____D () C:\ProgramData\NewSaver
2014-12-28 23:55 - 2014-12-28 23:57 - 702219560 _____ () C:\Users\preshing\Downloads\Proklety ostrov - 2010 cz.avi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 21:36 - 2014-10-03 13:20 - 01582506 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 21:33 - 2014-11-04 23:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-27 21:33 - 2010-11-21 04:47 - 00161018 _____ () C:\Windows\PFRO.log
2015-01-27 21:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 21:33 - 2009-07-14 05:51 - 00027327 _____ () C:\Windows\setupact.log
2015-01-27 21:31 - 2014-11-07 10:28 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2015-01-27 20:44 - 2014-11-18 06:40 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 20:36 - 2009-07-14 05:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 20:36 - 2009-07-14 05:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 20:34 - 2011-04-12 09:34 - 00668866 _____ () C:\Windows\system32\perfh005.dat
2015-01-27 20:34 - 2011-04-12 09:34 - 00141526 _____ () C:\Windows\system32\perfc005.dat
2015-01-27 20:34 - 2009-07-14 06:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 22:57 - 2014-11-07 10:26 - 00000000 ____D () C:\ProgramData\a11404b52722042f
2015-01-26 22:41 - 2014-11-02 19:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 21:44 - 2014-11-18 06:40 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 21:44 - 2014-10-06 22:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 21:44 - 2014-10-06 22:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 20:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-25 01:48 - 2014-12-03 17:40 - 00000000 ____D () C:\Users\preshing\Desktop\Kešky-foto
2015-01-23 08:11 - 2014-10-03 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-21 13:11 - 2014-12-08 19:25 - 00000000 ____D () C:\Users\preshing\Desktop\nocni NFC cache
2015-01-21 12:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-20 12:20 - 2014-11-07 10:26 - 00000000 ____D () C:\Users\preshing\AppData\Local\Google
2015-01-14 17:07 - 2014-10-06 19:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:04 - 2014-10-06 19:01 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 10:07 - 2014-10-08 20:12 - 00000000 ____D () C:\Users\preshing\AppData\Roaming\ESTsoft
2015-01-13 05:15 - 2014-11-04 23:43 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-01-10 09:07 - 2014-11-04 23:43 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 09:07 - 2014-11-04 23:43 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 09:07 - 2014-11-04 23:43 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 09:07 - 2014-11-04 23:43 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-10 09:07 - 2014-10-03 13:44 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-01-10 09:07 - 2014-10-03 13:44 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-01-10 00:30 - 2014-11-04 23:45 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-10 00:30 - 2014-11-04 23:45 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-10 00:29 - 2014-11-04 23:45 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-10 00:29 - 2014-11-04 23:45 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-10 00:29 - 2014-11-04 23:45 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-10 00:29 - 2014-11-04 23:45 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-09 20:47 - 2014-11-04 23:45 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-04 16:28 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\preshing\AppData\Local\Adobe
2015-01-02 03:04 - 2014-10-06 17:58 - 01559268 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-31 15:22 - 2014-11-28 09:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-31 15:06 - 2014-10-06 18:16 - 00156289 _____ () C:\Windows\DirectX.log
2014-12-31 14:59 - 2014-10-06 18:15 - 00000000 ____D () C:\Games
2014-12-31 14:20 - 2014-10-08 16:41 - 00000000 ____D () C:\Users\preshing\AppData\Roaming\uTorrent
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\preshing\AppData\Roaming\QTGHKH
2014-11-16 23:28 - 2014-11-16 23:57 - 0000154 _____ () C:\Users\preshing\AppData\Roaming\Rim.Desktop.Exception.log
2014-11-16 23:27 - 2014-11-16 23:27 - 0001153 _____ () C:\Users\preshing\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-11-16 23:28 - 2014-11-16 23:57 - 0000154 _____ () C:\Users\preshing\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\preshing\AppData\Roaming\VPSI

Some content of TEMP:
====================
C:\Users\preshing\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\preshing\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\preshing\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\preshing\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\preshing\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\preshing\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\preshing\AppData\Local\Temp\nvStInst.exe
C:\Users\preshing\AppData\Local\Temp\siinst.exe
C:\Users\preshing\AppData\Local\Temp\strings.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 21:44




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:121 GB) NTFS

Available physical RAM: 4439.55 MB
Total physical RAM: 6143.12 MB
Percentage of memory in use: 27%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FA47FA47)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\preshing\Desktop" je 185028 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: VIRTOOL:WIN32/obfuscator.xz

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-1601116588-1914785365-4272034699-1000\...\MountPoints2: {681f940d-a146-11e4-b096-00235435603b} - J:\SISetup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
C:\ProgramData\e4c649400004eb3
C:\ProgramData\11606907315732743215
C:\ProgramData\a11404b52722042f
C:\Users\preshing\AppData\Roaming\QTGHKH
C:\Users\preshing\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Šnajdr
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 27 led 2015 20:46

Re: VIRTOOL:WIN32/obfuscator.xz

#7 Příspěvek od Šnajdr »

Překračuje to limit okna a v příloze není podporován formát txt??
Nahoru
Šnajdr
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 27 led 2015 20:46

Re: VIRTOOL:WIN32/obfuscator.xz

#8 Příspěvek od Šnajdr »

fixlog
Přílohy
Fixlog.zip
(8.16 KiB) Staženo 109 x
Nahoru
Šnajdr
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 27 led 2015 20:46

Re: VIRTOOL:WIN32/obfuscator.xz

#9 Příspěvek od Šnajdr »

Mohl by se mi někdo prosím podívat na ten log co jsem poslal? Děkuji
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: VIRTOOL:WIN32/obfuscator.xz

#10 Příspěvek od Rudy »

Samozřejmě se kouknu, nezapoměl jsem na vás, jen se mohu fóru věnovat mimo svou prac. dobu. Vše bylo smazáno. Nastala nějaká změna?

Pokud ne, použijte AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Šnajdr
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 27 led 2015 20:46

Re: VIRTOOL:WIN32/obfuscator.xz

#11 Příspěvek od Šnajdr »

dfěkuji za odpověd. Prominte netušil jsem že mě máte přímo Vy nastarosti. Bohužel zlepšení se nekoná...Microsoft Security dále hlásí hrozbu a počítač je zpomalený. Neudrží se ani v režimu spánku..vypne se a při startu mi hodí výběrovou tabulku s nozovým režimem. Podívám se na to co posíláte...Děkuji
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: VIRTOOL:WIN32/obfuscator.xz

#12 Příspěvek od Rudy »

Pak se ozvěte. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Šnajdr
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 27 led 2015 20:46

Re: VIRTOOL:WIN32/obfuscator.xz

#13 Příspěvek od Šnajdr »

Chtěl jsem zaslat log z AVPTool ale nemůžu ho sem dostat, když ho zkopíruji a pak se ho sem snažím vložit a odeslat...text zmizí a v okně nic není. A když jsem ho zkoušel poslat v příloze tak mi vyskočila hláška že soubor může mít velikost max 2MB, ale ten log má zazipovaný 4,5Mb. Jak Vám ho mám tedy odeslat? Děkuji
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: VIRTOOL:WIN32/obfuscator.xz

#14 Příspěvek od motji »

Pošlete ho třeba na www.leteckaposta.cz.
Co počítač?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Šnajdr
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 27 led 2015 20:46

Re: VIRTOOL:WIN32/obfuscator.xz

#15 Příspěvek od Šnajdr »

Děkuji za info...log je tady: http://leteckaposta.cz/940278345
Počítač jsem ted zapl, ale první dojem..je mu mnohem lépe...web načetl v pohodě..dokonce bez kolapsu firefoxu. Budu dále testovat...
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“