Prosím o preventivku

[rarach]

Zdravím,
Zonealarm mi vyhodil nějakou hlášku, prosím o preventivku.

Děkuji

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Rarach (administrator) on RARACH-PC on 01-04-2015 17:20:50
Running from C:\Users\Rarach\Desktop
Loaded Profiles: Rarach (Available profiles: Rarach)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
(TODO: <Company name>) D:\DisWhql64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Rarach\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKU\S-1-5-21-665565659-1009398663-1675433860-1000\...\MountPoints2: {01ef824a-3b0e-11e4-ba9b-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-665565659-1009398663-1675433860-1000\...\MountPoints2: {1232710a-30cf-11e4-9e45-e75f19c3dafa} - G:\AutoRun.exe
HKU\S-1-5-21-665565659-1009398663-1675433860-1000\...\MountPoints2: {2f286a08-2f45-11e4-b93a-f0b4fbbd3c75} - G:\AutoRun.exe
HKU\S-1-5-21-665565659-1009398663-1675433860-1000\...\MountPoints2: {2f286a1b-2f45-11e4-b93a-f0b4fbbd3c75} - H:\AutoRun.exe
HKU\S-1-5-21-665565659-1009398663-1675433860-1000\...\MountPoints2: {5661a04e-2f90-11e4-b8e4-c41ce9b0057d} - I:\Autorun.exe
HKU\S-1-5-21-665565659-1009398663-1675433860-1000\...\MountPoints2: {ba8fb61d-2f43-11e4-9974-806e6f6e6963} - D:\Run.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-665565659-1009398663-1675433860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\bh\zonealarm.dll [2013-11-20] (Check Point Software Technologies LTD)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-10-30] ()
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmTlbr.dll [2013-11-20] (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-10-30] ()
Toolbar: HKU\S-1-5-21-665565659-1009398663-1675433860-1000 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-10-30] ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-09-05] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-09-05] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-05]

Chrome:
=======
CHR Profile: C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-31]
CHR Extension: (Google Docs) - C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (YouTube) - C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Google Sheets) - C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-31]
CHR Extension: (RealDownloader) - C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Gmail) - C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-02] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489568 2013-10-09] (Kaspersky Lab ZAO)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-08-29] () [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
U3 amqhy08k; C:\Windows\System32\Drivers\amqhy08k.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
R3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 17:20 - 2015-04-01 17:20 - 00011619 _____ () C:\Users\Rarach\Desktop\FRST.txt
2015-04-01 17:20 - 2015-04-01 17:20 - 00000000 ____D () C:\FRST
2015-04-01 17:19 - 2015-04-01 17:19 - 02095616 _____ (Farbar) C:\Users\Rarach\Desktop\FRST64.exe
2015-04-01 17:18 - 2015-04-01 17:19 - 00000180 _____ () C:\csb.log
2015-04-01 17:18 - 2015-04-01 17:18 - 00112640 _____ (forum.viry.cz) C:\Users\Rarach\Desktop\FRSTLauncher.exe
2015-04-01 17:18 - 2015-04-01 17:18 - 00000000 ____D () C:\Windows\LastGood
2015-04-01 17:18 - 2015-04-01 17:18 - 00000000 ____D () C:\Program Files\GIGABYTE
2015-04-01 17:18 - 2015-04-01 17:18 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2015-04-01 17:18 - 2015-04-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Etron Technology
2015-04-01 17:18 - 2012-10-25 09:01 - 00022680 _____ () C:\Windows\system32\Drivers\AppleCharger.sys
2015-04-01 17:18 - 2012-08-07 09:09 - 00088832 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronXHCI.sys
2015-04-01 17:18 - 2012-08-07 09:09 - 00065152 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronHub3.sys
2015-04-01 17:18 - 2010-04-06 16:30 - 00031272 _____ () C:\Windows\system32\AppleChargerSrv.exe
2015-04-01 17:16 - 2015-04-01 17:16 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2015-04-01 17:16 - 2015-04-01 17:16 - 00001162 _____ () C:\Users\Public\Desktop\HD VDeck.lnk
2015-04-01 17:16 - 2015-04-01 17:16 - 00000000 ____D () C:\Program Files (x86)\VIA
2015-04-01 17:16 - 2012-08-03 07:28 - 00070800 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2015-04-01 17:16 - 2012-08-03 07:27 - 02993296 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2015-04-01 17:16 - 2012-08-03 07:27 - 02206352 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2015-04-01 17:16 - 2012-08-03 07:27 - 01161360 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2015-04-01 17:16 - 2012-08-03 07:27 - 01119376 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2015-04-01 17:16 - 2012-08-03 07:27 - 00681104 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2015-04-01 17:16 - 2012-08-03 07:27 - 00248976 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2015-04-01 17:16 - 2012-08-03 07:27 - 00123536 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2015-04-01 17:16 - 2012-08-03 07:27 - 00095376 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2015-04-01 17:16 - 2012-08-03 07:27 - 00092304 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2015-04-01 17:16 - 2012-08-03 07:27 - 00027792 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2015-04-01 17:16 - 2012-06-28 10:54 - 00086016 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2015-04-01 17:16 - 2011-06-08 12:19 - 00083968 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2015-04-01 17:16 - 2007-04-11 09:35 - 00414632 ____N (Microsoft Corporation) C:\Windows\difxapi.dll
2015-03-06 20:27 - 2015-03-06 20:27 - 00000336 _____ () C:\Windows\PFRO.log
2015-03-06 14:19 - 2015-03-27 11:05 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-03-04 11:25 - 2015-03-04 11:25 - 00000986 _____ () C:\Users\Public\Desktop\CBR Reader.lnk
2015-03-04 11:25 - 2015-03-04 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CBR Reader
2015-03-04 11:25 - 2015-03-04 11:25 - 00000000 ____D () C:\Program Files (x86)\CBR Reader
2015-03-04 08:27 - 2015-03-04 08:27 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2015-03-02 11:48 - 2015-03-30 19:30 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-02 11:48 - 2015-03-30 19:30 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-02 11:48 - 2015-03-18 20:34 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-02 11:48 - 2015-03-02 12:01 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-02 11:48 - 2015-03-02 11:48 - 00000000 ____D () C:\Users\Rarach\AppData\Local\PunkBuster
2015-03-02 10:29 - 2015-03-02 10:29 - 00000000 ____D () C:\Users\Rarach\AppData\Local\Blue_entertainment
2015-03-02 10:28 - 2015-03-02 10:28 - 00001109 _____ () C:\Users\Public\Desktop\Battlelog.co Launcher.lnk
2015-03-02 10:28 - 2015-03-02 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlelog.co Launcher

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 17:18 - 2014-09-08 19:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-01 17:17 - 2014-08-31 07:54 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 17:17 - 2014-08-31 07:54 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 17:16 - 2015-02-10 19:22 - 00005694 _____ () C:\Windows\setupact.log
2015-04-01 17:14 - 2014-09-08 19:26 - 00000010 _____ () C:\Windows\GSetup.ini
2015-04-01 17:10 - 2015-01-01 16:27 - 00000000 ____D () C:\Torrent
2015-04-01 17:10 - 2014-12-21 10:29 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 14:16 - 2014-12-23 09:16 - 00000000 ____D () C:\Users\Rarach\AppData\Roaming\vlc
2015-04-01 07:27 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 07:27 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 07:24 - 2011-04-12 10:34 - 00665706 _____ () C:\Windows\system32\perfh005.dat
2015-04-01 07:24 - 2011-04-12 10:34 - 00139402 _____ () C:\Windows\system32\perfc005.dat
2015-04-01 07:24 - 2009-07-14 07:13 - 01575230 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 07:23 - 2014-08-29 08:19 - 01057595 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 07:20 - 2014-09-05 10:39 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-665565659-1009398663-1675433860-1000
2015-04-01 07:20 - 2014-09-05 10:39 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-665565659-1009398663-1675433860-1000
2015-04-01 07:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 16:13 - 2015-01-08 20:56 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2015-03-30 20:11 - 2015-01-01 12:52 - 00000931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-03-30 20:11 - 2015-01-01 12:52 - 00000919 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-30 20:11 - 2015-01-01 12:52 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-21 12:37 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-14 13:26 - 2015-02-19 20:56 - 00000000 ____D () C:\Users\Rarach\Documents\Battlefield 2
2015-03-13 22:22 - 2014-12-05 10:45 - 00000000 ____D () C:\Users\Rarach\AppData\Roaming\streamWriter
2015-03-06 14:24 - 2015-02-19 20:57 - 00025587 _____ () C:\Windows\DirectX.log
2015-03-05 08:24 - 2014-08-29 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-04 08:27 - 2014-08-29 17:20 - 00000000 ____D () C:\Users\Rarach\AppData\Roaming\DAEMON Tools Lite
2015-03-02 10:42 - 2014-12-20 17:51 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-02 10:13 - 2014-12-05 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\streamWriter
2015-03-02 10:13 - 2014-12-05 10:44 - 00000000 ____D () C:\Program Files (x86)\streamWriter

==================== Files in the root of some directories =======

2014-09-29 18:08 - 2014-09-29 18:08 - 0000000 _____ () C:\Users\Rarach\AppData\Local\{70DF937A-665E-44A1-8D3A-5D8AE26AD4D8}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Rarach\Desktop" je 2 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

Zdravim

Co hlasil?

Visi tam drivery Kasperskeho. Pouzivate neco od Kaspersky?

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[rarach]

Hola,
Hlášku jsem si nestihl přečíst, jinak bych napsal, co to bylo

Kaspersky - nejsem si ničeho vědom

# AdwCleaner v4.200 - Log vytvooen 02/04/2015 v 19:18:28
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Rarach - RARACH-PC
# Spuštino z : C:\Users\Rarach\Desktop\adwcleaner_4.200.exe
# Nastavení : Eištiní

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Program Files (x86)\DAEMON Tools Toolbar
Složka Smazáno : C:\Program Files (x86)\Check Point Software Technologies LTD
Složka Smazáno : C:\Users\Rarach\AppData\LocalLow\Check Point Software Technologies LTD
Soubor Smazáno : C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\Rarach\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Smazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Smazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Smazáno : HKLM\SOFTWARE\Classes\S
Klíe Smazáno : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Klíe Smazáno : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Hodnota Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Klíe Smazáno : HKCU\Software\dt soft\daemon tools toolbar
Klíe Smazáno : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar

***** [ Prohlížeee ] *****

-\\ Internet Explorer v8.0.7601.17514

Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [6820 bytu] - [02/04/2015 19:13:05]
AdwCleaner[S0].txt - [6464 bytu] - [02/04/2015 19:18:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6522 bytu] ##########

[Márty84]

Kasperskeho tedy pak odpalim skriptrem, muze to delat problemy.


Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[rarach]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 8.4.2015
Čas skenování: 12:12:46
Protokol: scan.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.08.02
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Rarach

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 488903
Uplynulý čas: 46 min, 14 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Sken hloubkových rootkitů: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

[Márty84]

Dejte novy log z FRST http://forum.viry.cz/viewtopic.php?f=30&t=133101



1.5. pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975