Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Samovolná instalace programů - virů

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
kubavodkarek
Návštěvník
Návštěvník
Příspěvky: 1
Registrován: 29 pro 2015 15:13

Samovolná instalace programů - virů

#1 Příspěvek od kubavodkarek »

V příloze posílám logy, nepomohl ani reinstal WIN...Jediná spása jste Vy! :)))

Děkuju


-edit
raději i textově

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-12-2015
Ran by matysek (administrator) on MATYSEK-PC (29-12-2015 15:15:36)
Running from C:\Users\matysek\Desktop
Loaded Profiles: matysek (Available Profiles: matysek)
Platform: Microsoft Windows 7 Ultimate (X86) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(forum.viry.cz) C:\Users\matysek\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2331427836-2417478860-479278199-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.101.1 10.10.10.10
Tcpip\..\Interfaces\{63AE2B93-B8B1-4FA1-8C26-4EB8EC553A7E}: [DhcpNameServer] 192.168.101.1 10.10.10.10

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2015-12-29] (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2015-12-29] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2015-12-29] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2015-12-29] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-29]
CHR Extension: (Dokumenty Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-29]
CHR Extension: (Disk Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-29]
CHR Extension: (Poper Blocker) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-12-29]
CHR Extension: (YouTube) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-29]
CHR Extension: (Vyhledávání Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-29]
CHR Extension: (Tabulky Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-29]
CHR Extension: (AdBlock) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-29]
CHR Extension: (Gmail) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-29]
CHR Profile: C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Prezentace Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-29]
CHR Extension: (Dokumenty Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-29]
CHR Extension: (Disk Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-29]
CHR Extension: (YouTube) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-29]
CHR Extension: (Vyhledávání Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-29]
CHR Extension: (Tabulky Google) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-29]
CHR Extension: (Gmail) - C:\Users\matysek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 15:15 - 2015-12-29 15:15 - 00009910 _____ C:\Users\matysek\Desktop\FRST.txt
2015-12-29 15:07 - 2015-12-29 15:07 - 01721856 _____ (Farbar) C:\Users\matysek\Downloads\FRST (1).exe
2015-12-29 15:06 - 2015-12-29 15:06 - 00028588 _____ C:\Users\matysek\Downloads\FRST.txt
2015-12-29 15:06 - 2015-12-29 15:06 - 00012082 _____ C:\Users\matysek\Downloads\Addition.txt
2015-12-29 15:05 - 2015-12-29 15:15 - 00000000 ____D C:\FRST
2015-12-29 15:04 - 2015-12-29 15:04 - 00112640 _____ (forum.viry.cz) C:\Users\matysek\Desktop\FRSTLauncher.exe
2015-12-29 15:03 - 2015-12-29 15:03 - 01721856 _____ (Farbar) C:\Users\matysek\Desktop\FRST.exe
2015-12-29 14:56 - 2015-12-29 15:11 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-29 14:55 - 2015-12-29 14:55 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-29 14:55 - 2015-12-29 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-29 14:55 - 2015-12-29 14:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-29 14:55 - 2015-12-29 14:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-29 14:55 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-29 14:55 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-29 14:55 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-29 14:54 - 2015-12-29 14:55 - 22908888 _____ (Malwarebytes ) C:\Users\matysek\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-29 14:54 - 2015-12-02 13:25 - 00247976 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-29 14:51 - 2015-12-29 14:45 - 00002213 _____ C:\Users\matysek\Desktop\Osoba 1 - Chrome.lnk
2015-12-29 14:49 - 2015-12-29 14:49 - 00000000 ____D C:\Users\matysek\AppData\Roaming\dlg
2015-12-29 14:47 - 2015-12-29 14:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-29 14:47 - 2015-12-29 14:48 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-12-29 14:47 - 2015-12-29 14:47 - 00002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-12-29 14:47 - 2015-12-29 14:47 - 00002119 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-12-29 14:47 - 2015-12-29 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-12-29 14:47 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-12-29 14:46 - 2015-12-29 14:46 - 00000000 ____D C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2015-12-29 14:45 - 2015-12-29 14:45 - 00000000 ____D C:\Users\matysek\AppData\Roaming\Mozilla
2015-12-29 14:45 - 2015-12-29 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-29 14:45 - 2015-12-29 14:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-29 14:44 - 2015-12-29 14:45 - 00000000 ____D C:\Program Files\Opera
2015-12-29 14:44 - 2015-12-29 14:44 - 00000000 ____D C:\Users\matysek\AppData\Roaming\Opera Software
2015-12-29 14:44 - 2015-12-29 14:44 - 00000000 ____D C:\Users\matysek\AppData\Local\Opera Software
2015-12-29 14:42 - 2015-12-29 14:42 - 00000000 ____D C:\Users\matysek\AppData\Roaming\vlc
2015-12-29 14:41 - 2015-12-29 14:41 - 00001024 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-12-29 14:41 - 2015-12-29 14:41 - 00000000 ____D C:\Users\matysek\AppData\Local\Steam
2015-12-29 14:41 - 2015-12-29 14:41 - 00000000 ____D C:\Users\matysek\AppData\Local\CEF
2015-12-29 14:41 - 2015-12-29 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-29 14:41 - 2015-12-29 14:41 - 00000000 ____D C:\Program Files\VideoLAN
2015-12-29 14:39 - 2015-12-29 15:12 - 00000000 ____D C:\Program Files\Steam
2015-12-29 14:39 - 2015-12-29 15:11 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-12-29 14:39 - 2015-12-29 14:42 - 01445734 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-29 14:39 - 2015-12-29 14:40 - 28849904 _____ C:\Users\matysek\Downloads\vlc-2.2.1-win32.exe
2015-12-29 14:39 - 2015-12-29 14:39 - 01380712 _____ C:\Users\matysek\Downloads\SteamSetup.exe
2015-12-29 14:39 - 2015-12-29 14:39 - 00000921 _____ C:\Users\Public\Desktop\Steam.lnk
2015-12-29 14:39 - 2015-12-29 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-29 14:38 - 2015-12-29 14:45 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-29 14:38 - 2015-12-29 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-29 14:37 - 2015-12-29 15:11 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-29 14:37 - 2015-12-29 14:42 - 00000942 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-29 14:37 - 2015-12-29 14:38 - 00000000 ____D C:\Users\matysek\AppData\Local\Google
2015-12-29 14:37 - 2015-12-29 14:38 - 00000000 ____D C:\Program Files\Google
2015-12-29 14:37 - 2015-12-29 14:37 - 00000000 ____D C:\Users\matysek\AppData\Local\Deployment
2015-12-29 14:37 - 2015-12-29 14:37 - 00000000 ____D C:\Users\matysek\AppData\Local\Apps\2.0
2015-12-29 14:37 - 2015-12-29 14:37 - 00000000 ____D C:\ProgramData\Sun
2015-12-29 14:37 - 2015-12-29 14:37 - 00000000 ____D C:\Program Files\Common Files\Java
2015-12-29 14:36 - 2015-12-29 14:36 - 00477616 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll
2015-12-29 14:36 - 2015-12-29 14:36 - 00473520 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2015-12-29 14:36 - 2015-12-29 14:36 - 00162224 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2015-12-29 14:36 - 2015-12-29 14:36 - 00149936 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2015-12-29 14:36 - 2015-12-29 14:36 - 00149936 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2015-12-29 14:36 - 2015-12-29 14:36 - 00057560 _____ C:\Users\matysek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-29 14:36 - 2015-12-29 14:36 - 00000000 ____D C:\Users\matysek\AppData\Roaming\ATI
2015-12-29 14:36 - 2015-12-29 14:36 - 00000000 ____D C:\Users\matysek\AppData\LocalLow\Sun
2015-12-29 14:36 - 2015-12-29 14:36 - 00000000 ____D C:\Users\matysek\AppData\Local\ATI
2015-12-29 14:36 - 2015-12-29 14:36 - 00000000 ____D C:\ProgramData\ATI
2015-12-29 14:36 - 2015-12-29 14:36 - 00000000 ____D C:\Program Files\Java
2015-12-29 14:35 - 2015-12-29 14:35 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-12-29 14:34 - 2015-12-29 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-12-29 14:34 - 2015-12-29 14:34 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-12-29 14:34 - 2015-12-29 14:34 - 00000000 ____D C:\Program Files\AMD APP
2015-12-29 14:33 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-29 14:33 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-29 14:33 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-29 14:33 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-29 14:33 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-29 14:33 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-29 14:33 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-29 14:32 - 2015-12-29 14:34 - 00000000 ____D C:\Program Files\ATI Technologies
2015-12-29 14:32 - 2015-12-29 14:32 - 00000000 ____D C:\Program Files\ATI
2015-12-29 14:31 - 2015-12-29 14:31 - 00000000 ____D C:\AMD
2015-12-29 14:30 - 2015-12-29 14:45 - 00001425 _____ C:\Users\matysek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-29 14:29 - 2015-12-29 14:29 - 00000000 ____D C:\Users\matysek\AppData\Local\VirtualStore
2015-12-29 14:28 - 2015-12-29 14:30 - 00000000 ____D C:\Users\matysek
2015-12-29 14:28 - 2015-12-29 14:28 - 00000020 ___SH C:\Users\matysek\ntuser.ini
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Šablony
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Soubory cookie
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Poslední
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Okolní tiskárny
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Okolní síť
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Nabídka Start
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Dokumenty
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Documents\Obrázky
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Documents\Hudba
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Documents\Filmy
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\Data aplikací
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 _SHDL C:\Users\matysek\AppData\Local\Data aplikací
2015-12-29 14:28 - 2015-12-29 14:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-12-29 14:28 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-29 14:28 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-29 14:28 - 2009-07-14 10:20 - 00000000 ____D C:\Users\matysek\AppData\Roaming\Media Center Programs
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Public\Documents\Obrázky
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Public\Documents\Hudba
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Public\Documents\Filmy
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Šablony
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Soubory cookie
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Poslední
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Okolní tiskárny
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Okolní síť
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Nabídka Start
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Dokumenty
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Documents\Obrázky
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Documents\Hudba
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Documents\Filmy
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\Data aplikací
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default User\Documents\Obrázky
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default User\Documents\Hudba
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default User\Documents\Filmy
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\ProgramData\Šablony
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\ProgramData\Plocha
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\ProgramData\Oblíbené položky
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\ProgramData\Nabídka Start
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\ProgramData\Dokumenty
2015-12-29 14:27 - 2015-12-29 14:27 - 00000000 _SHDL C:\ProgramData\Data aplikací
2015-12-29 14:24 - 2015-12-29 14:24 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-12-29 14:24 - 2015-12-29 14:24 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-12-29 14:20 - 2015-12-29 14:28 - 00000000 ____D C:\Windows\Panther

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 15:11 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-29 15:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2015-12-29 15:09 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-29 15:09 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-29 14:42 - 2009-07-14 09:44 - 00622422 _____ C:\Windows\system32\perfh005.dat
2015-12-29 14:42 - 2009-07-14 09:44 - 00118604 _____ C:\Windows\system32\perfc005.dat
2015-12-29 14:42 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2015-12-29 14:32 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-29 14:27 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-12-29 14:27 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Windows NT
2015-12-29 14:24 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-29 14:24 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\sysprep
2015-12-29 14:22 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\CSC
2015-12-29 14:21 - 2009-07-14 05:33 - 00265880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-29 14:20 - 2009-07-14 05:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-12-29 14:20 - 2009-07-14 05:34 - 00000000 ____D C:\Windows\Setup

==================== Files in the root of some directories =======


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-29 14:21

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:453.91 GB) NTFS

Available physical RAM: 1070.32 MB
Total physical RAM: 2046.49 MB
Percentage of memory in use: 47%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 13E613E5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\matysek\Desktop" je 1 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
logy.zip
(9.78 KiB) Staženo 53 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Samovolná instalace programů - virů

#2 Příspěvek od Rudy »

Zdravím!
Jak je na tom váš oper. systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“