Winnet32

Zpráva

Maikelele1991 · #1 Příspěvek od **Maikelele1991** » 19 lis 2015 14:55

Zdravím,

zjistil jsem, že mám na notebooku proces, který ho zatěžuje na 90 až 100 %, mohli byste mi prosím pomoci? Jedná se o Winnet32, mělo by jít o nějaký miner, díky moc.

#2 Příspěvek od **altrok** » 19 lis 2015 16:15

Zdravim,

sice jsem vesteckou kouli dostal do opatrovnictvi, ale na takove urovni s ni zachazet jeste neumim (navic ji nesmim pretezovat). Poprosim Vas tedy o log z FRST, at se na problem muzeme podivat konkretneji http://forum.viry.cz/viewtopic.php?f=13&t=133100

Maikelele1991 · #3 Příspěvek od **Maikelele1991** » 19 lis 2015 16:25

Pardon, čekal jsem na další instrukce. Tady je log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by Gabriel (administrator) on LENOVO (19-11-2015 16:19:59)
Running from C:\Users\Gabriel\Downloads
Loaded Profiles: Gabriel & UpdatusUser (Available Profiles: Gabriel & UpdatusUser)
Platform: Windows 8.1 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe
() C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Gabriel\AppData\Roaming\Microsoft\Networking\inet32upd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Gabriel\AppData\Roaming\Microsoft\Networking\winnet32b.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393480 2015-03-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-04-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-04-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2012-01-13] (Nero AG)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\MountPoints2: {69932d29-f2f8-11e4-825e-d07e353c9b3b} - "F:\Autorun.exe"
Startup: C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe [2015-05-18] ()
Startup: C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost64.exe [2015-05-18] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 147.251.4.33 147.251.6.10
Tcpip\..\Interfaces\{BA0A4E2B-C14F-4D4D-AF98-918FE004E2EB}: [DhcpNameServer] 147.251.4.33 147.251.6.10

Internet Explorer:
==================
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
URLSearchHook: [S-1-5-21-1021880928-3963076237-4100701708-1002] ATTENTION => Default URLSearchHook is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-05-14] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR Profile: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-19]
CHR Extension: (Google Docs) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-19]
CHR Extension: (Google Drive) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (YouTube) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Sheets) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-19]
CHR Extension: (Google Docs Offline) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]
CHR Extension: (Gmail) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419576 2013-12-10] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-18] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [163536 2014-03-06] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 16:19 - 2015-11-19 16:20 - 00017035 _____ C:\Users\Gabriel\Downloads\FRST.txt
2015-11-19 16:19 - 2015-11-19 16:19 - 02008576 _____ (Farbar) C:\Users\Gabriel\Downloads\FRST64.exe
2015-11-19 16:19 - 2015-11-19 16:19 - 00000000 ____D C:\FRST
2015-11-19 16:15 - 2015-11-19 16:15 - 00001203 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2015-11-19 16:15 - 2015-11-19 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2015-11-19 16:15 - 2015-11-19 16:15 - 00000000 ____D C:\ProgramData\IObit
2015-11-19 16:15 - 2015-11-19 16:15 - 00000000 ____D C:\Program Files (x86)\IObit
2015-11-19 16:14 - 2015-11-19 16:14 - 01520152 _____ (IObit ) C:\Users\Gabriel\Downloads\iobit-unlocker-setup-beta.exe
2015-11-19 15:25 - 2015-11-19 15:25 - 01222144 _____ C:\Users\Gabriel\Downloads\RSITx64.exe
2015-11-19 15:25 - 2015-11-19 15:25 - 00000000 ____D C:\rsit
2015-11-19 15:25 - 2015-11-19 15:25 - 00000000 ____D C:\Program Files\trend micro
2015-11-19 12:33 - 2015-11-19 12:33 - 00029349 _____ C:\Users\Gabriel\Desktop\Stanislaw Baranczak.pptx
2015-11-11 13:17 - 2015-11-11 13:17 - 00765537 _____ C:\Users\Gabriel\Downloads\Versologie_a_basnicka_pojmenovani.pptx
2015-11-07 14:54 - 2015-11-07 14:54 - 00000000 ____D C:\Users\Gabriel\AppData\Local\CEF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 16:21 - 2015-04-29 19:02 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1021880928-3963076237-4100701708-1001
2015-11-19 16:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-19 15:53 - 2015-05-04 10:49 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-19 15:53 - 2015-04-30 20:36 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Skype
2015-11-19 15:52 - 2015-04-30 22:29 - 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 15:26 - 2015-04-29 21:28 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\ClassicShell
2015-11-19 15:26 - 2015-04-29 19:27 - 00971614 _____ C:\Users\Public\CAFADEBUG.log
2015-11-19 14:46 - 2015-04-30 22:29 - 00000974 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 11:21 - 2015-05-01 14:28 - 01560962 _____ C:\Windows\WindowsUpdate.log
2015-11-19 11:00 - 2015-04-30 21:18 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Adobe
2015-11-12 15:24 - 2015-10-01 13:44 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Battle.net
2015-11-12 15:01 - 2015-10-01 13:45 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-12 14:57 - 2015-10-01 13:43 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-12 11:02 - 2015-04-29 21:27 - 00000000 ____D C:\ProgramData\KMSAutoS
2015-11-11 16:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-05 14:47 - 2015-04-30 21:29 - 00000000 ____D C:\Users\Gabriel\Documents\TrackMania
2015-10-31 19:57 - 2015-05-05 08:29 - 00002948 _____ C:\Windows\AutoKMS.log
2015-10-31 19:57 - 2015-04-30 19:14 - 00078848 _____ C:\Windows\KMSEmulator.exe
2015-10-31 19:57 - 2015-04-30 19:12 - 00002742 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2015-10-31 19:57 - 2015-04-30 19:12 - 00000224 _____ C:\Windows\Tasks\AutoKMSDaily.job
2015-10-31 18:06 - 2015-10-08 13:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 18:04 - 2015-04-30 21:19 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-04-30 19:40 - 2015-04-30 19:40 - 0049738 _____ () C:\Users\Gabriel\AppData\Roaming\SLOVA.WAV
2015-04-30 19:40 - 2015-04-30 19:40 - 0049338 _____ () C:\Users\Gabriel\AppData\Roaming\TMP.WAV
2015-04-29 19:27 - 2015-04-29 19:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Gabriel\AppData\Local\Temp\drm_dyndata_7380014.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-31 18:30

==================== End of FRST.txt ============================

#4 Příspěvek od **altrok** » 19 lis 2015 16:28

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Maikelele1991 · #5 Příspěvek od **Maikelele1991** » 19 lis 2015 16:43

Mockrát díky za pomoc!

# AdwCleaner v5.021 - Logfile created 19/11/2015 at 16:38:56
# Updated 14/11/2015 by Xplode
# Database : 2015-11-17.2 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Gabriel - LENOVO
# Running from : C:\Users\Gabriel\Downloads\adwcleaner_5.021.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Gabriel\AppData\Roaming\RHEng

***** [ Files ] *****

[-] File Deleted : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.plyrics.com_0.localstorage
[-] File Deleted : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.plyrics.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Uniblue

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1454 bytes] ##########

#6 Příspěvek od **altrok** » 19 lis 2015 16:49

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\MountPoints2: {69932d29-f2f8-11e4-825e-d07e353c9b3b} - "F:\Autorun.exe"
Startup: C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe [2015-05-18] ()
Startup: C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost64.exe [2015-05-18] ()
C:\Users\Gabriel\AppData\Roaming\Microsoft\Networking
URLSearchHook: [S-1-5-21-1021880928-3963076237-4100701708-1002] ATTENTION => Default URLSearchHook is missing
2015-11-19 16:19 - 2015-11-19 16:20 - 00017035 _____ C:\Users\Gabriel\Downloads\FRST.txt
2015-11-19 15:25 - 2015-11-19 15:25 - 01222144 _____ C:\Users\Gabriel\Downloads\RSITx64.exe
2015-11-19 15:25 - 2015-11-19 15:25 - 00000000 ____D C:\rsit
2015-11-19 15:25 - 2015-11-19 15:25 - 00000000 ____D C:\Program Files\trend micro
2015-10-31 19:57 - 2015-04-30 19:14 - 00078848 _____ C:\Windows\KMSEmulator.exe
2015-10-31 19:57 - 2015-04-30 19:12 - 00002742 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2015-10-31 19:57 - 2015-04-30 19:12 - 00000224 _____ C:\Windows\Tasks\AutoKMSDaily.job
Hosts:
EmptyTemp:
End

Maikelele1991 · #7 Příspěvek od **Maikelele1991** » 19 lis 2015 17:01

Fix result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by Gabriel (2015-11-19 16:56:50) Run:1
Running from C:\Users\Gabriel\Desktop
Loaded Profiles: Gabriel & UpdatusUser (Available Profiles: Gabriel & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\...\MountPoints2: {69932d29-f2f8-11e4-825e-d07e353c9b3b} - "F:\Autorun.exe"
Startup: C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe [2015-05-18] ()
Startup: C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost64.exe [2015-05-18] ()
C:\Users\Gabriel\AppData\Roaming\Microsoft\Networking
URLSearchHook: [S-1-5-21-1021880928-3963076237-4100701708-1002] ATTENTION => Default URLSearchHook is missing
2015-11-19 16:19 - 2015-11-19 16:20 - 00017035 _____ C:\Users\Gabriel\Downloads\FRST.txt
2015-11-19 15:25 - 2015-11-19 15:25 - 01222144 _____ C:\Users\Gabriel\Downloads\RSITx64.exe
2015-11-19 15:25 - 2015-11-19 15:25 - 00000000 ____D C:\rsit
2015-11-19 15:25 - 2015-11-19 15:25 - 00000000 ____D C:\Program Files\trend micro
2015-10-31 19:57 - 2015-04-30 19:14 - 00078848 _____ C:\Windows\KMSEmulator.exe
2015-10-31 19:57 - 2015-04-30 19:12 - 00002742 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2015-10-31 19:57 - 2015-04-30 19:12 - 00000224 _____ C:\Windows\Tasks\AutoKMSDaily.job
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nvtmru => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-1021880928-3963076237-4100701708-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69932d29-f2f8-11e4-825e-d07e353c9b3b}" => key removed successfully
HKCR\CLSID\{69932d29-f2f8-11e4-825e-d07e353c9b3b} => key not found.
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe => moved successfully
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost64.exe => moved successfully
C:\Users\Gabriel\AppData\Roaming\Microsoft\Networking => moved successfully
Could not restore Default URLSearchHook.
C:\Users\Gabriel\Downloads\FRST.txt => moved successfully
C:\Users\Gabriel\Downloads\RSITx64.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Windows\KMSEmulator.exe => moved successfully
C:\Windows\System32\Tasks\AutoKMSDaily => moved successfully
C:\Windows\Tasks\AutoKMSDaily.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 2.9 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:58:27 ====

#8 Příspěvek od **altrok** » 19 lis 2015 17:07

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Maikelele1991 · #9 Příspěvek od **Maikelele1991** » 19 lis 2015 17:11

Super, pomohlo to. Ještě jednou mockrát díky, mějte se.

#10 Příspěvek od **altrok** » 19 lis 2015 17:17

Nemate zac, rad jsem pomohl

Mejte se krasne a treba zase nekdy

VIRY.CZ

Winnet32

Winnet32

Re: Winnet32

Re: Winnet32

Re: Winnet32

Re: Winnet32

Re: Winnet32

Re: Winnet32

Re: Winnet32

Re: Winnet32

Re: Winnet32