VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

preventivka

https://forum.viry.cz:443/viewtopic.php?t=141691

Stránka 1 z 1

preventivka

Napsal: 06 pro 2014 03:04
od mrr.killer
zdravim, poprosil by som kontrolu logu, vdaka..


Logfile of random's system information tool 1.10 (written by random/random)
Run by user at 2014-12-06 02:54:37
Microsoft Windows 8
System drive C: has 44 GB (44%) free of 102 GB
Total RAM: 3527 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:54:39, on 6.12.2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: WSIEChrome - (no CLSID) - (no file)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
O23 - Service: Settings Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 7546 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
"dwm.exe"
atieclxx
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
dashost.exe {d3ee0992-616b-4e8a-8061f9ebe84fe84a}
"C:\Program Files\Elantech\ETDService.exe"
"C:\Program Files\Samsung\Samsung Link\Samsung Link.exe"
"C:\Program Files\Samsung\Samsung Link\Samsung Link.exe" "Samsung Link Service" __i4j_restart
"C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe" /SERVICE
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\windows\system32\wbem\wmiprvse.exe
taskhostex.exe
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe"
"C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\servicing\TrustedInstaller.exe
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe -Embedding

C:\windows\System32\ThumbnailExtractionHost.exe -Embedding
"C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
"C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\user\Desktop\Cleaning stuff\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s8ukjtpku9hj.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\samsung.com/SamsungLinkPCPlugin]
"Description"=
"Path"=C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-10-14 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-04-24 66688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-10-14 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-10-14 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-10-14 1729752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BtPreLoad"=C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [2013-04-24 64128]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2013-03-25 2889072]
"Bitcasa"=C:\Program Files\Bitcasa\BitcasaBoot.exe [2013-06-06 284112]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16 499608]
"Samsung Link"=C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [2013-07-05 597576]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2014-10-01 5595336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-05-22 642816]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11 958576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll [2013-02-11 190312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll [2013-02-11 190312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-06 02:23:54 ----D---- C:\Users\user\AppData\Roaming\Mozilla
2014-12-06 02:23:44 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-06 00:57:44 ----D---- C:\Program Files\CCleaner
2014-12-06 00:51:28 ----A---- C:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-06 00:51:08 ----D---- C:\ProgramData\Malwarebytes
2014-12-06 00:51:08 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-06 00:51:08 ----A---- C:\windows\system32\drivers\mwac.sys
2014-12-06 00:51:08 ----A---- C:\windows\system32\drivers\mbamchameleon.sys
2014-12-06 00:51:08 ----A---- C:\windows\system32\drivers\mbam.sys
2014-12-05 23:05:29 ----D---- C:\Program Files\trend micro
2014-12-05 23:05:27 ----D---- C:\rsit
2014-12-05 22:59:57 ----D---- C:\ProgramData\ESET
2014-12-05 22:59:57 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 month======

2014-12-06 02:54:19 ----D---- C:\windows\Temp
2014-12-06 02:53:57 ----D---- C:\Windows
2014-12-06 02:53:21 ----RD---- C:\Program Files (x86)
2014-12-06 02:53:01 ----D---- C:\Program Files\Common Files
2014-12-06 02:52:47 ----RD---- C:\Program Files
2014-12-06 02:47:07 ----D---- C:\windows\Prefetch
2014-12-06 02:19:17 ----HD---- C:\ProgramData
2014-12-06 02:14:19 ----D---- C:\Users\user\AppData\Roaming\vlc
2014-12-06 02:02:54 ----D---- C:\windows\SoftwareDistribution
2014-12-06 02:00:00 ----D---- C:\windows\system32\sru
2014-12-06 01:35:00 ----D---- C:\Program Files (x86)\Common Files
2014-12-06 01:30:52 ----D---- C:\windows\System32
2014-12-06 01:30:52 ----D---- C:\windows\Inf
2014-12-06 01:30:52 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-12-06 01:29:51 ----D---- C:\ProgramData\WinClon
2014-12-06 01:26:24 ----D---- C:\windows\system32\Drivers
2014-12-06 01:26:24 ----D---- C:\windows\Microsoft.NET
2014-12-06 01:25:26 ----D---- C:\windows\Tasks
2014-12-06 01:25:26 ----D---- C:\windows\system32\Tasks
2014-12-06 01:05:33 ----D---- C:\windows\Panther
2014-12-06 01:05:32 ----D---- C:\windows\debug
2014-12-05 23:29:26 ----D---- C:\windows\system32\config
2014-12-05 23:28:46 ----D---- C:\windows\WinSxS
2014-12-05 23:01:24 ----SHD---- C:\windows\Installer
2014-12-05 23:01:05 ----D---- C:\windows\system32\DriverStore
2014-12-05 22:58:18 ----D---- C:\windows\system32\catroot2
2014-12-05 22:53:14 ----SHD---- C:\System Volume Information
2014-12-05 22:42:02 ----HD---- C:\Program Files\WindowsApps
2014-12-05 22:42:02 ----D---- C:\windows\AUInstallAgent
2014-11-30 20:31:35 ----RD---- C:\Users
2014-11-30 20:15:02 ----D---- C:\windows\rescache
2014-11-30 20:10:40 ----D---- C:\windows\SysWOW64
2014-11-22 15:53:33 ----D---- C:\Program Files\Windows Photo Viewer
2014-11-22 15:53:33 ----D---- C:\Program Files\Windows Media Player
2014-11-22 15:53:33 ----D---- C:\Program Files\Windows Mail
2014-11-22 15:53:33 ----D---- C:\Program Files\Windows Journal
2014-11-22 15:53:33 ----D---- C:\Program Files\Internet Explorer
2014-11-22 15:53:33 ----D---- C:\Program Files\Common Files\System
2014-11-22 15:53:32 ----D---- C:\windows\WinStore
2014-11-22 15:53:32 ----D---- C:\windows\SYSWOW64\oobe
2014-11-22 15:53:32 ----D---- C:\windows\SYSWOW64\migwiz
2014-11-22 15:53:32 ----D---- C:\windows\SYSWOW64\hr-HR
2014-11-22 15:53:32 ----D---- C:\windows\SYSWOW64\en-US
2014-11-22 15:53:32 ----D---- C:\windows\SYSWOW64\drivers
2014-11-22 15:53:32 ----D---- C:\windows\servicing
2014-11-22 15:53:32 ----D---- C:\Program Files\Windows Defender
2014-11-22 15:53:32 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2014-11-22 15:53:32 ----D---- C:\Program Files (x86)\Windows Media Player
2014-11-22 15:53:32 ----D---- C:\Program Files (x86)\Windows Mail
2014-11-22 15:53:32 ----D---- C:\Program Files (x86)\Windows Defender
2014-11-22 15:53:32 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-22 15:53:29 ----D---- C:\windows\SYSWOW64\WCN
2014-11-22 15:53:29 ----D---- C:\windows\SYSWOW64\wbem
2014-11-22 15:53:28 ----RD---- C:\windows\ImmersiveControlPanel
2014-11-22 15:53:28 ----D---- C:\windows\system32\Sysprep
2014-11-22 15:53:28 ----D---- C:\windows\system32\slmgr
2014-11-22 15:53:28 ----D---- C:\windows\system32\oobe
2014-11-22 15:53:28 ----D---- C:\windows\system32\migwiz
2014-11-22 15:53:28 ----D---- C:\windows\system32\en-US
2014-11-22 15:53:28 ----D---- C:\windows\PolicyDefinitions
2014-11-22 15:53:27 ----D---- C:\windows\system32\hr-HR
2014-11-22 15:53:21 ----D---- C:\windows\system32\WCN
2014-11-22 15:53:21 ----D---- C:\windows\system32\wbem
2014-11-22 15:53:19 ----D---- C:\windows\system32\SystemResetPlatform
2014-11-22 15:53:04 ----D---- C:\windows\SYSWOW64\migration
2014-11-22 15:53:04 ----D---- C:\windows\SYSWOW64\cs-CZ
2014-11-22 15:53:02 ----D---- C:\windows\SYSWOW64\MUI
2014-11-22 15:53:02 ----D---- C:\windows\SYSWOW64\Dism
2014-11-22 15:53:02 ----D---- C:\windows\SYSWOW64\Com
2014-11-22 15:53:01 ----D---- C:\windows\system32\winrm
2014-11-22 15:53:01 ----D---- C:\windows\system32\migration
2014-11-22 15:53:01 ----D---- C:\windows\system32\cs-CZ
2014-11-22 15:53:01 ----D---- C:\windows\system32\Boot
2014-11-22 15:52:44 ----D---- C:\windows\system32\MUI
2014-11-22 15:52:44 ----D---- C:\windows\system32\drivers\UMDF
2014-11-22 15:52:44 ----D---- C:\windows\system32\Dism
2014-11-22 15:52:39 ----D---- C:\windows\system32\Printing_Admin_Scripts
2014-11-22 15:52:37 ----D---- C:\windows\system32\Com
2014-11-22 15:52:37 ----D---- C:\windows\apppatch
2014-11-22 11:48:33 ----RD---- C:\windows\assembly
2014-11-21 18:07:27 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-11-21 18:06:09 ----D---- C:\Program Files\Microsoft Office 15

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\windows\System32\drivers\amd_sata.sys [2012-11-30 80552]
R0 amd_xata;amd_xata; C:\windows\System32\drivers\amd_xata.sys [2012-11-30 26280]
R0 edevmon;edevmon; C:\windows\system32\DRIVERS\edevmon.sys [2014-10-10 241368]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2012-08-09 56336]
R1 cbfs3;cbfs3; \??\C:\windows\system32\drivers\cbfs3.sys [2013-02-11 352448]
R1 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2014-10-10 243440]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2014-10-10 169280]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 APXACC;@oem6.inf,%APPEX_ACC_SERVICE_NAME%;AppEx Networks Accelerator LWF; C:\windows\system32\DRIVERS\appexDrv.sys [2013-04-17 219360]
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2014-10-10 158968]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2013-05-22 11686400]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2013-05-22 581632]
R3 AthBTPort;@oem12.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2013-04-24 89800]
R3 athr;@oem3.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athw8x.sys [2013-04-15 3786752]
R3 AtiHDAudioService;@oem7.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\windows\system32\drivers\AtihdW86.sys [2013-02-13 94208]
R3 BTATH_A2DP;@oem11.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2013-04-24 347336]
R3 btath_avdt;@oem11.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2013-04-24 115912]
R3 BTATH_BUS;@oem8.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\windows\System32\drivers\btath_bus.sys [2013-04-24 34384]
R3 BTATH_HCRP;@oem14.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\windows\System32\drivers\btath_hcrp.sys [2013-04-24 179432]
R3 BTATH_HID;@oem15.inf,%BTATH_HID%;Bluetooth HID Device; C:\windows\system32\DRIVERS\btath_hid.sys [2013-04-24 223432]
R3 BTATH_LWFLT;@oem16.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2013-04-24 77464]
R3 BTATH_RCP;@oem18.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\windows\System32\drivers\btath_rcp.sys [2013-04-24 136784]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2013-04-24 586440]
R3 BthEnum;@tdibth.inf,%BthEnum.DisplayName%;Bluetooth Enumerator Service; C:\windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
R3 ETD;@oem13.inf,%SamsungDeviceDesc%;Samsung PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2013-03-25 358768]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2013-06-04 3441992]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2014-11-21 25816]
R3 RadioHIDMini;@oem23.inf,%RadioHIDMini%;Radio HID Mini-driver; C:\windows\System32\drivers\RadioHIDMini.sys [2012-07-27 23408]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2012-07-26 156672]
R3 RSUSBVSTOR;@oem22.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2012-11-23 317584]
R3 RTL8168;@oem2.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2012-12-12 756960]
R3 usbfilter;AMD USB Filter Driver; C:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 58536]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2012-09-20 210304]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2013-01-09 1175040]
S3 ETDSMBus;ETDSMBus; C:\windows\system32\DRIVERS\ETDSMBus.sys [2013-03-25 21840]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2014-11-21 64216]
S3 nvlddmkm;nvlddmkm; C:\windows\system32\DRIVERS\nvlddmkm.sys [2012-06-28 13546344]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2012-07-26 57344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2013-05-22 241152]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-04-24 310400]
R2 ClickToRunSvc;Služba Klikni a spusti balíka Microsoft Office; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-10-30 2443960]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-10-01 1349576]
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2013-03-25 99184]
R2 Samsung Link Service;Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2013-07-05 605768]
R2 Settings Launcher;Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [2013-06-14 1594928]
R2 SWUpdateService;SW Update Service; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2013-06-18 3014704]
S2 AllShare Framework DMS;AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe [2013-06-18 404360]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-02-01 150600]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [2013-06-23 22016]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [2013-06-23 10923520]
S4 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2013-01-26 172104]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

-----------------EOF-----------------

Re: preventivka

Napsal: 06 pro 2014 09:43
od Márty84
Zdravim :)

:???: Je s pc nejaky problem? Nebo jde ciste jen o prevenci?

:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

:arrow: Vidim tam MBAM. Nasel neco? Pokud jste to neudelal, nastavte test podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce.

Re: preventivka

Napsal: 06 pro 2014 14:00
od mrr.killer
v pc nebola takmer ziadna ochrana a bolo zahltene malwarom.. pc som precistil a doinstaloval potrebnu ochranu, nejake vazne hrozby som nenansiel v podstate islo len o adware.. o kontrolu logu som poziadal aby som sa uistil ze pc je skutocne uz ciste resp aby som odstranil este to co mi uniklo

adwCleaner log:

# AdwCleaner v4.104 - Report created 06/12/2014 at 11:50:48
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 8 (64 bits)
# Username : user - USER-SAMS
# Running from : C:\Users\user\Desktop\adwcleaner_4.104.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GlobalUpdate

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v32.0.3 (x86 sk)


*************************

AdwCleaner[R0].txt - [5597 octets] - [06/12/2014 11:45:11]
AdwCleaner[S0].txt - [5467 octets] - [06/12/2014 11:50:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5527 octets] ##########


mbam log:

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 6.12.2014
Čas skenování: 11:57:01
Protokol: mbam_log.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2014.12.06.05
Databáze rootkitů: v2014.12.03.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto

OS: Windows 8
CPU: x64
Souborový systém: NTFS
Uživatel: user

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 500418
Uplynulý čas: 1 hod, 35 min, 51 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 0
(Žádné zákerné zjištěny položek)

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 0
(Žádné zákerné zjištěny položek)

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

Re: preventivka

Napsal: 06 pro 2014 14:34
od Márty84
:arrow: MBAM odinstalujte, at se nepere Esetem (doufam, ze legalnim).

:arrow: Dejte log podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=30&t=133101

Re: preventivka

Napsal: 06 pro 2014 17:49
od mrr.killer
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 02
Ran by user (administrator) on USER-SAMS on 06-12-2014 17:28:42
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Platform: Windows 8 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkDMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64128 2013-04-24] ()
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3965904 2013-06-06] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-07-05] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-2986935235-185983532-1441993291-1001\...\MountPoints2: {dc8d334b-a82b-11e3-be77-1449e0258852} - "D:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2986935235-185983532-1441993291-1001\...\MountPoints2: {f2ac5ef6-f9db-11e3-be78-1867b0b5523b} - "D:\HTC_Sync_Manager_PC.exe"
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {2C852B47-318D-4B70-9850-D90C87EB172F} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {2C852B47-318D-4B70-9850-D90C87EB172F} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2986935235-185983532-1441993291-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2986935235-185983532-1441993291-1001 -> DefaultScope {040EB30D-180E-4DDF-BE0A-0E3BF34BE1DE} URL =
SearchScopes: HKU\S-1-5-21-2986935235-185983532-1441993291-1001 -> {040EB30D-180E-4DDF-BE0A-0E3BF34BE1DE} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSIEChrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s8ukjtpj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s8ukjtpj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-06]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe [404360 2013-06-18] (Samsung) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99184 2013-03-25] (ELAN Microelectronics Corp.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-07-05] (Copyright 2013 SAMSUNG)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1594928 2013-06-14] (Samsung Electronics CO., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3014704 2013-06-18] (Samsung Electronics CO., LTD.)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [22016 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [10923520 2013-06-23] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-04-24] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-17] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-13] (Advanced Micro Devices)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-04-24] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
S3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [21840 2013-03-25] (ELAN Microelectronic Corp.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 17:28 - 2014-12-06 17:29 - 00013811 _____ () C:\Users\user\Desktop\FRST.txt
2014-12-06 17:28 - 2014-12-06 17:28 - 00000000 ____D () C:\FRST
2014-12-06 17:26 - 2014-12-06 17:26 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2014-12-06 17:19 - 2014-12-06 17:19 - 02119168 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-12-06 17:18 - 2014-12-06 17:18 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-06 11:44 - 2014-12-06 11:50 - 00000000 ____D () C:\AdwCleaner
2014-12-06 11:44 - 2014-12-06 11:45 - 00000110 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:53 - 2014-12-06 11:51 - 00000894 _____ () C:\windows\PFRO.log
2014-12-06 02:23 - 2014-12-06 02:29 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-06 02:23 - 2014-12-06 02:29 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-06 02:23 - 2014-12-06 02:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-06 02:23 - 2014-12-06 02:24 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-12-06 02:23 - 2014-12-06 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2014-12-06 02:02 - 2014-12-06 12:54 - 00139075 _____ () C:\windows\WindowsUpdate.log
2014-12-06 01:27 - 2014-12-06 17:17 - 00000000 ____D () C:\Users\user\Desktop\Cleaning stuff
2014-12-06 01:06 - 2014-12-06 01:06 - 00081420 _____ () C:\Users\user\Documents\cc_20141206_010614.reg
2014-12-06 00:57 - 2014-12-06 01:10 - 00002782 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-12-06 00:57 - 2014-12-06 00:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-06 00:51 - 2014-12-06 00:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 23:05 - 2014-12-06 02:54 - 00000000 ____D () C:\Program Files\trend micro
2014-12-05 23:05 - 2014-12-05 23:05 - 00000000 ____D () C:\rsit
2014-12-05 22:59 - 2014-12-05 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-12-05 22:59 - 2014-12-05 22:59 - 00000000 ____D () C:\ProgramData\ESET
2014-12-05 22:59 - 2014-12-05 22:59 - 00000000 ____D () C:\Program Files\ESET
2014-11-22 15:46 - 2014-11-22 15:46 - 00003222 _____ () C:\windows\System32\Tasks\{8E5213A6-B34F-4D34-B216-B881B65D07B2}
2014-11-22 15:18 - 2014-11-30 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-11-22 15:16 - 2014-11-22 15:18 - 00000000 ____D () C:\Users\Public\Documents\Wondershare

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 17:18 - 2013-07-10 20:51 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-06 14:04 - 2013-07-10 20:36 - 00065536 _____ () C:\windows\system32\spu_storage.bin
2014-12-06 14:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-06 13:32 - 2014-02-12 03:28 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2986935235-185983532-1441993291-1001
2014-12-06 11:55 - 2012-07-26 08:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-06 11:51 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-06 02:14 - 2014-02-12 03:45 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-12-06 01:36 - 2014-02-04 11:41 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-12-06 01:05 - 2014-02-04 11:44 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-12-06 01:05 - 2012-08-05 23:07 - 00000000 ____D () C:\windows\Panther
2014-12-05 22:42 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-04 21:30 - 2014-05-01 17:14 - 00000000 ____D () C:\Users\user\Desktop\Triednické veci
2014-12-04 21:29 - 2014-02-04 11:41 - 00000000 ____D () C:\Users\user\AppData\Local\Packages
2014-11-30 20:33 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-11-30 20:15 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-11-30 20:09 - 2014-02-04 11:41 - 00001430 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-30 16:53 - 2014-05-01 17:13 - 00000000 ____D () C:\Users\user\Desktop\II.atestácia
2014-11-22 16:05 - 2014-02-12 03:45 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\WinStore
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\SysWOW64\hr-HR
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\SysWOW64\Com
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\SystemResetPlatform
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\hr-HR
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-22 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-22 15:53 - 2012-07-26 08:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-22 15:53 - 2012-07-26 08:51 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-11-22 15:53 - 2012-07-26 08:51 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-11-22 15:53 - 2012-07-26 08:51 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-11-22 15:53 - 2012-07-26 08:51 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-11-22 15:53 - 2012-07-26 08:51 - 00000000 ____D () C:\windows\system32\winrm
2014-11-22 15:53 - 2012-07-26 08:51 - 00000000 ____D () C:\windows\system32\WCN
2014-11-22 15:53 - 2012-07-26 08:51 - 00000000 ____D () C:\windows\system32\slmgr
2014-11-22 15:53 - 2012-07-26 06:38 - 00000000 ____D () C:\windows\SysWOW64\oobe
2014-11-22 15:53 - 2012-07-26 06:38 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-11-22 15:53 - 2012-07-26 06:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-11-22 15:53 - 2012-07-26 06:38 - 00000000 ____D () C:\windows\system32\oobe
2014-11-22 15:53 - 2012-07-26 06:37 - 00000000 ____D () C:\windows\servicing
2014-11-22 15:52 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\MUI
2014-11-22 15:52 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\Com
2014-11-22 15:52 - 2012-07-26 08:51 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-11-22 15:52 - 2012-07-26 06:38 - 00000000 ____D () C:\windows\system32\Dism
2014-11-22 12:35 - 2014-08-19 18:16 - 00000000 ____D () C:\Users\user\Desktop\deny-atestacka
2014-11-21 18:06 - 2014-02-12 03:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\InstHelper.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\user\Desktop" je 20959 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: preventivka

Napsal: 06 pro 2014 19:28
od Márty84
mrr.killer píše:***** Velikost "Plochy" *****

Velikost slozky "C:\Users\user\Desktop" je 20959 MB.
:arrow: Velikost plochy by nemela preshovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku :D



:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

C:\ProgramData\Malwarebytes

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Re: preventivka

Napsal: 07 pro 2014 01:29
od mrr.killer
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2014 02
Ran by user at 2014-12-07 01:23:36 Run:1
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

C:\ProgramData\Malwarebytes

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
C:\ProgramData\Malwarebytes => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 69.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Re: preventivka

Napsal: 07 pro 2014 08:51
od Márty84
:!: Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

:arrow:
vyosek píše: :arrow: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

:arrow: Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak je na tom pc.

Re: preventivka

Napsal: 07 pro 2014 11:29
od mrr.killer
t-cleaner som nechal zbehnut

ccleaner uz nenasiel nic k vyhodeniu ci oprave (uz som ho pouzil totiz predtym nez sme zacali spolu komunikovat)

v pc je len SSD disk


co sa tyka stavu pc.. nic obtazujuceho nevidim, rychlost je v poriadku

Re: preventivka

Napsal: 07 pro 2014 14:11
od Márty84
mrr.killer píše:nic obtazujuceho nevidim, rychlost je v poriadku
V tom pripade myslim, ze neni potreba dalsich skenu a mame hotovo :)

Re: preventivka

Napsal: 07 pro 2014 14:29
od mrr.killer
tak snad to je bezpecne uz vsetko :)

dakujem mockrat za pomoc :)

Re: preventivka

Napsal: 07 pro 2014 14:46
od Márty84
Nemate zac :)

Kdyby neco, staci se ozvat.

Mejte se a treba zase nekdy :bye:

:closed:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz