Pomalý PC-možnost infekce

Zpráva

Mysterio · #16 Příspěvek od **Mysterio** » 22 lis 2015 19:43

Přikládám Addition log:

==================== Accounts: =============================

Administrator (S-1-5-21-2308158395-3062214226-4177495910-500 - Administrator - Disabled)
David (S-1-5-21-2308158395-3062214226-4177495910-1002 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-2308158395-3062214226-4177495910-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2308158395-3062214226-4177495910-1006 - Limited - Enabled)
UpdatusUser (S-1-5-21-2308158395-3062214226-4177495910-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus a Antispyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus a Antispyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Armored Warfare MyCom Beta (HKU\S-1-5-21-2308158395-3062214226-4177495910-1002\...\Armored Warfare MyCom Beta) (Version: 1.54 - My.com B.V.)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.36 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.203 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-2308158395-3062214226-4177495910-1002\...\MyComGames) (Version: 3.154 - My.com B.V.)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NHL® 08 (HKLM-x32\...\{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}) (Version: 2.0.1.0 - Electronic Arts)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.21 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2308158395-3062214226-4177495910-1002\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-2308158395-3062214226-4177495910-1002\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-2308158395-3062214226-4177495910-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

15-11-2015 14:39:33 Windows Update
19-11-2015 00:04:08 Windows Update
22-11-2015 18:34:20 Removed Skype Click to Call

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15FA0B18-81D7-4349-B0AE-39802382FF45} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {23C2D753-A059-4E4A-9BBE-5AF42C748964} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {2794CC38-C244-4EDC-A00A-6884E1D96A30} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {28BD419E-FC6B-4ECE-B45C-49B756C42226} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {333D738C-7B65-4F59-90D6-BCE506434411} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {387043D1-C813-48DC-B23F-99F83DA36A21} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-20] (Microsoft Corporation)
Task: {585EC883-F50D-4365-8BB2-421EA561C8F9} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {626437B9-686C-49DF-A121-6670B80C28FF} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {67224988-D9C8-445C-89B5-5448F54CBCD3} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {6E196D33-ABB4-45B0-9351-444AA85F05A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-19] (Google Inc.)
Task: {80FBE89A-35C5-42B1-956E-03B0BF52F96C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {9975D1BB-0049-42DE-BE3B-0A06A5F3DA7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-19] (Google Inc.)
Task: {F4818CB3-62B6-4C8F-ABCC-0AB15CB9CC92} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:36 - 2013-09-05 01:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-11-22 12:21 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2015-10-27 14:09 - 2015-10-27 14:09 - 00144896 _____ () C:\Users\David\AppData\Local\MyComGames\zlib1.dll
2015-10-27 14:09 - 2015-10-27 14:09 - 00062464 _____ () C:\Users\David\AppData\Local\MyComGames\pxd.dll
2015-10-27 14:09 - 2015-10-27 14:09 - 00179144 _____ () C:\Users\David\AppData\Local\MyComGames\LightUpdate.dll
2015-10-27 14:09 - 2015-11-06 13:07 - 02340296 _____ () C:\Users\David\AppData\Local\MyComGames\BigUp2.dll
2015-08-26 10:18 - 2015-08-26 10:18 - 50425344 _____ () C:\Users\David\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll
2015-11-01 12:09 - 2015-10-05 17:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-11-01 12:08 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-11-01 12:09 - 2015-11-10 03:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2015-11-01 12:08 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-11-01 12:08 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-11-01 12:08 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-01 12:08 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-01 12:08 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-01 12:08 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-01 12:08 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-01 12:08 - 2015-11-10 03:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-11-01 12:08 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-11-01 12:08 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-11-11 19:39 - 2015-11-07 05:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 19:39 - 2015-11-07 05:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2013-01-20 13:49 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-11-11 19:39 - 2015-11-07 05:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2308158395-3062214226-4177495910-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2308158395-3062214226-4177495910-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\acer01.jpg
DNS Servers: 62.240.178.250 - 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKU\S-1-5-21-2308158395-3062214226-4177495910-1002\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{45BF8016-78FA-4762-8EE2-BF324C74A251}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{F276465B-8EDC-4F72-851F-FAC81C8D9E7D}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{F26E8EF1-1A13-4095-A41A-90E035B23FB8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F76DF6AD-F513-4E82-A0BD-24BD8650106A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{8DBBF2F8-BF3F-4B9A-8F82-16720C504963}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{DD459E41-DCE6-4B77-8E4A-7663C384FD83}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{C590C406-263E-48A7-B8DF-FF4EDDAB36E5}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{A7EC08EA-9926-4D74-8D61-C772358486C3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{064F6EA6-1BB0-4A7A-8C53-A24F3E0D1395}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{ABC67254-AFF4-4B5F-AF3E-FA70857FE281}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{56BCD0E2-D406-41FF-BCCF-C6F9A0822B80}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{AB07F876-6A5A-4740-B223-824944DA58A9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{B70D1773-D03B-4884-B009-3F38787CCABA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{C01EBBC4-9765-4BA8-90ED-F8665922A362}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{A0E9FC8C-AB09-47F0-80E6-7FD7823B5F97}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{88888270-90FA-4125-9B60-7ADB28B41416}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{A324304B-E05C-4982-A98B-041038EAF917}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{701FF26B-7B08-4CD5-B427-9AFDB6FC1DD6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{B7503FE5-0C25-46DB-83C2-2FB7AFDF859A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BCDBF335-51EB-48FB-A9B7-EF097E1C9442}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{DDC7E40F-1333-444F-B1B6-E83D9E46BDD7}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{0765CE9F-2F1D-46EF-BA2D-8035F6F32525}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{787E5484-3AEB-4774-A241-823C0F3D7FC3}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{C38FAC8B-06D0-429C-A354-2029F24E57DC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{66BA7DAD-66FC-4AE0-A28D-09CE6F744884}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C1CB2DCE-1376-4777-8617-787EB184761D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F7A346F4-81D3-427C-871F-F34E64AD16F2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E021D02C-DFA7-49C2-94A1-D349F9930B6E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{77BB02E1-DDD4-42F7-A5BF-7E76BDB57F80}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1D23DF08-7751-494F-A093-612845E79B17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{C2F2560B-E886-4569-9AF2-10C52B425B27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{433F04CC-FC9D-4021-B391-A7AC6FD6C06F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2015 02:04:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LiveComm.exe verze 17.5.9600.20911 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 10d8

Čas spuštění: 01d12525a22aa09c

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

ID hlášení: 95a56612-9119-11e5-be86-208984535803

Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/22/2015 01:39:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LiveComm.exe verze 17.5.9600.20911 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: eb8

Čas spuštění: 01d1252214c6d323

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

ID hlášení: 092eb82e-9116-11e5-be86-208984535803

Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/22/2015 11:41:25 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (11/21/2015 08:39:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/19/2015 03:07:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/18/2015 03:03:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/17/2015 02:22:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/16/2015 08:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: nhl2008.exe, verze: 0.0.0.0, časové razítko: 0x46c62099
Název chybujícího modulu: nhl2008.exe, verze: 0.0.0.0, časové razítko: 0x46c62099
Kód výjimky: 0xc0000005
Posun chyby: 0x003c69a0
ID chybujícího procesu: 0x15fc
Čas spuštění chybující aplikace: 0xnhl2008.exe0
Cesta k chybující aplikaci: nhl2008.exe1
Cesta k chybujícímu modulu: nhl2008.exe2
ID zprávy: nhl2008.exe3
Úplný název chybujícího balíčku: nhl2008.exe4
ID aplikace související s chybujícím balíčkem: nhl2008.exe5

Error: (11/16/2015 08:12:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program nhl2008.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1294

Čas spuštění: 01d120a07da52f2b

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\EA Sports\NHL08\nhl2008.exe

ID hlášení: 038153dc-8c96-11e5-be85-208984535803

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (11/15/2015 06:34:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.3.9600.17667, časové razítko: 0x54c6f7c2
Název chybujícího modulu: AltTab.dll, verze: 6.3.9600.17415, časové razítko: 0x54503a70
Kód výjimky: 0xc0000094
Posun chyby: 0x000000000000aa74
ID chybujícího procesu: 0x19fc
Čas spuštění chybující aplikace: 0xExplorer.EXE0
Cesta k chybující aplikaci: Explorer.EXE1
Cesta k chybujícímu modulu: Explorer.EXE2
ID zprávy: Explorer.EXE3
Úplný název chybujícího balíčku: Explorer.EXE4
ID aplikace související s chybujícím balíčkem: Explorer.EXE5

System errors:
=============
Error: (11/22/2015 06:43:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Superfetch byla ukončena s následující chybou:
%%1062

Error: (11/22/2015 06:43:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/22/2015 06:43:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ePower Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/22/2015 06:43:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Management and Security Application User Notification Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/22/2015 06:43:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/22/2015 06:43:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/22/2015 06:42:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Dritek RF Button Command Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 3000 milisekund: Restartovat službu.

Error: (11/22/2015 06:42:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NTI IScheduleSvc byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/22/2015 06:42:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba McAfee SiteAdvisor Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/22/2015 06:42:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 3909.28 MB
Available physical RAM: 1682.8 MB
Total Virtual: 6725.28 MB
Available Virtual: 4409.43 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:445.75 GB) (Free:232.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1EE7B2B9)

Partition: GPT.

==================== End of Addition.txt ============================

Mysterio · #17 Příspěvek od **Mysterio** » 22 lis 2015 19:46

* Dovětek k addition logu, omylem jsem ho nezkopíroval

:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by David (2015-11-22 19:33:58)
Running from C:\Users\David\Downloads
Windows 8.1 (X64) (2015-10-23 21:51:47)
Boot Mode: Normal
==========================================================

#18 Příspěvek od **altrok** » 22 lis 2015 19:47

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868

Upozorneni: tento sken zabere od 30 minut po nekolik hodin

Mysterio · #19 Příspěvek od **Mysterio** » 23 lis 2015 19:26

Zdravím Mbam nic nenašel, přesto přikládám log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 23. 11. 2015
Čas skenování: 14:53
Protokol: test mbam home.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.11.23.03
Databáze rootkitů: v2015.11.22.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: David

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 555429
Uplynulý čas: 4 hod, 3 min, 46 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#20 Příspěvek od **altrok** » 23 lis 2015 23:56

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte do C:\Users\David\Downloads jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude v C:\Users\David\Downloads ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\David\Downloads\dpz10yfq.exe
HKLM-x32\...\Run: [LManager] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\S-1-5-21-2308158395-3062214226-4177495910-1002 -> DefaultScope {B58E1245-90CB-4CA7-9FB4-B8862A9545B3} URL =
SearchScopes: HKU\S-1-5-21-2308158395-3062214226-4177495910-1002 -> {B58E1245-90CB-4CA7-9FB4-B8862A9545B3} URL = 
S3 MFE_RR; \??\C:\Users\David\AppData\Local\Temp\mfe_rr.sys [X]
2015-11-22 18:56 - 2015-11-22 19:09 - 00000307 _____ C:\Users\David\Desktop\DiskInfo.ini
2015-11-22 18:56 - 2015-11-22 18:56 - 00000000 ____D C:\Users\David\Desktop\Smart
2015-11-22 18:56 - 2014-12-05 22:41 - 02385016 _____ (Crystal Dew World) C:\Users\David\Desktop\DiskInfo.exe
2015-11-22 18:56 - 2014-12-05 10:23 - 00000000 ____D C:\Users\David\Desktop\CdiResource
2015-11-22 18:56 - 2014-01-27 21:18 - 00000000 ____D C:\Users\David\Desktop\License
2015-11-22 18:55 - 2015-11-22 19:00 - 02822204 _____ C:\Users\David\Downloads\CrystalDiskInfo6_2_2.zip
2015-11-22 18:41 - 2015-11-22 18:43 - 00000000 ____D C:\AdwCleaner
2015-11-22 18:38 - 2015-11-22 18:38 - 01732096 _____ C:\Users\David\Desktop\adwcleaner_5.021.exe
2015-11-22 14:22 - 2015-11-22 14:22 - 00000000 ____D C:\Users\David\Downloads\FRST-OlderVersion
2015-11-22 12:08 - 2015-11-22 12:09 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-sem-2.1.6.1022 (1).exe
2015-11-22 12:01 - 2015-11-22 12:01 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\David\Downloads\SpyHunter-Installer.exe
2015-10-24 14:43 - 2015-10-24 14:43 - 01187896 _____ (Piriform Ltd) C:\Users\David\Downloads\ccleaner.exe
2015-10-24 14:41 - 2015-10-24 14:41 - 01945832 _____ C:\Users\David\Downloads\wrar521cz (1).exe
2015-10-23 16:48 - 2015-10-23 16:48 - 12961620 _____ C:\Users\David\Downloads\mbar-1.01.0.1009 (1).zip
2015-10-23 16:47 - 2015-10-23 16:47 - 01945832 _____ C:\Users\David\Downloads\wrar521cz.exe
2015-10-23 16:45 - 2015-10-23 16:46 - 12961620 _____ C:\Users\David\Downloads\mbar-1.01.0.1009.zip
2015-10-23 16:54 - 2015-10-23 16:54 - 00783640 _____ (McAfee, Inc.) C:\Users\David\Downloads\rootkitremover (1).exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End

Mysterio · #21 Příspěvek od **Mysterio** » 24 lis 2015 13:59

Přikládám fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by David (2015-11-24 13:27:32) Run:1
Running from C:\Users\David\Downloads
Loaded Profiles: UpdatusUser & David (Available Profiles: UpdatusUser & David)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\David\Downloads\dpz10yfq.exe
HKLM-x32\...\Run: [LManager] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\S-1-5-21-2308158395-3062214226-4177495910-1002 -> DefaultScope {B58E1245-90CB-4CA7-9FB4-B8862A9545B3} URL =
SearchScopes: HKU\S-1-5-21-2308158395-3062214226-4177495910-1002 -> {B58E1245-90CB-4CA7-9FB4-B8862A9545B3} URL =
S3 MFE_RR; \??\C:\Users\David\AppData\Local\Temp\mfe_rr.sys [X]
2015-11-22 18:56 - 2015-11-22 19:09 - 00000307 _____ C:\Users\David\Desktop\DiskInfo.ini
2015-11-22 18:56 - 2015-11-22 18:56 - 00000000 ____D C:\Users\David\Desktop\Smart
2015-11-22 18:56 - 2014-12-05 22:41 - 02385016 _____ (Crystal Dew World) C:\Users\David\Desktop\DiskInfo.exe
2015-11-22 18:56 - 2014-12-05 10:23 - 00000000 ____D C:\Users\David\Desktop\CdiResource
2015-11-22 18:56 - 2014-01-27 21:18 - 00000000 ____D C:\Users\David\Desktop\License
2015-11-22 18:55 - 2015-11-22 19:00 - 02822204 _____ C:\Users\David\Downloads\CrystalDiskInfo6_2_2.zip
2015-11-22 18:41 - 2015-11-22 18:43 - 00000000 ____D C:\AdwCleaner
2015-11-22 18:38 - 2015-11-22 18:38 - 01732096 _____ C:\Users\David\Desktop\adwcleaner_5.021.exe
2015-11-22 14:22 - 2015-11-22 14:22 - 00000000 ____D C:\Users\David\Downloads\FRST-OlderVersion
2015-11-22 12:08 - 2015-11-22 12:09 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-sem-2.1.6.1022 (1).exe
2015-11-22 12:01 - 2015-11-22 12:01 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\David\Downloads\SpyHunter-Installer.exe
2015-10-24 14:43 - 2015-10-24 14:43 - 01187896 _____ (Piriform Ltd) C:\Users\David\Downloads\ccleaner.exe
2015-10-24 14:41 - 2015-10-24 14:41 - 01945832 _____ C:\Users\David\Downloads\wrar521cz (1).exe
2015-10-23 16:48 - 2015-10-23 16:48 - 12961620 _____ C:\Users\David\Downloads\mbar-1.01.0.1009 (1).zip
2015-10-23 16:47 - 2015-10-23 16:47 - 01945832 _____ C:\Users\David\Downloads\wrar521cz.exe
2015-10-23 16:45 - 2015-10-23 16:46 - 12961620 _____ C:\Users\David\Downloads\mbar-1.01.0.1009.zip
2015-10-23 16:54 - 2015-10-23 16:54 - 00783640 _____ (McAfee, Inc.) C:\Users\David\Downloads\rootkitremover (1).exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Users\David\Downloads\dpz10yfq.exe ========================

File not signed
MD5: 9A8336796A7C71E9F33DE848B8320ED3
Creation and modification date: 2015-10-24 14:51 - 2015-10-24 14:51
Size: 0380416
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 2, 1, 19357
Product Version:
Copyright:

====== End of File: ======

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-2308158395-3062214226-4177495910-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2308158395-3062214226-4177495910-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B58E1245-90CB-4CA7-9FB4-B8862A9545B3}" => key removed successfully
HKCR\CLSID\{B58E1245-90CB-4CA7-9FB4-B8862A9545B3} => key not found.
MFE_RR => service removed successfully
"C:\Users\David\Desktop\DiskInfo.ini" => moved successfully
"C:\Users\David\Desktop\Smart" => moved successfully
"C:\Users\David\Desktop\DiskInfo.exe" => moved successfully
"C:\Users\David\Desktop\CdiResource" => moved successfully
"C:\Users\David\Desktop\License" => moved succesfully
C:\Users\David\Downloads\CrystalDiskInfo6_2_2.zip => moved successfully
C:\AdwCleaner => moved successfully
"C:\Users\David\Desktop\adwcleaner_5.021.exe" => moved successfully
C:\Users\David\Downloads\FRST-OlderVersion => moved successfully
C:\Users\David\Downloads\mbam-setup-sem-2.1.6.1022 (1).exe => moved successfully
C:\Users\David\Downloads\SpyHunter-Installer.exe => moved successfully
C:\Users\David\Downloads\ccleaner.exe => moved successfully
C:\Users\David\Downloads\wrar521cz (1).exe => moved successfully
C:\Users\David\Downloads\mbar-1.01.0.1009 (1).zip => moved successfully
C:\Users\David\Downloads\wrar521cz.exe => moved successfully
C:\Users\David\Downloads\mbar-1.01.0.1009.zip => moved successfully
C:\Users\David\Downloads\rootkitremover (1).exe => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 817.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 13:28:40 ====

#22 Příspěvek od **altrok** » 24 lis 2015 14:08

Malware v logach nevidim, takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Mysterio · #23 Příspěvek od **Mysterio** » 24 lis 2015 14:14

Děkuji moc za pomoc přeji hezký zbytek dne a hodně štěstí

#24 Příspěvek od **altrok** » 24 lis 2015 14:18

Stesti bude s priblizujicimi se zapocty potreba, dekuji. Hezky zbytek dne i Vam

Mejte se krasne a treba zase nekdy

VIRY.CZ

Pomalý PC-možnost infekce

Re: Pomalý PC-možnost infekce

Re: Pomalý PC-možnost infekce

Re: Pomalý PC-možnost infekce

Re: Pomalý PC-možnost infekce

Re: Pomalý PC-možnost infekce

Re: Pomalý PC-možnost infekce

Re: Pomalý PC-možnost infekce

Re: Pomalý PC-možnost infekce

Re: Pomalý PC-možnost infekce