Preventivní kontrola

Zpráva

Joker93 · #1 Příspěvek od **Joker93** » 25 bře 2016 15:06

Dobrý den, prosím o preventivku. Kromě toho se začalo opět objevovat hučení PC při spuštěné mozille, stejně jako v tomto mém starším příspěvku http://forum.viry.cz/viewtopic.php?f=30&t=148050

Mám použít stejný postup? Předem děkuji za odpověď.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-03-25 15:04:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 29 GB (49%) free of 60 GB
Total RAM: 3325 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:04:54, on 25.3.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Antivirus\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\Antivirus\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\Antivirus\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Antivirus\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3914 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@cuminas.jp/DjVuPlugin]
"Description"=Document Express DjVu Plug-in
"Path"=C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\npNxGameEU.dll

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default\extensions\
abs@avira.com

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default\searchplugins\
heurekacz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-05 98304]
"avgnt"=C:\Program Files\Avira\Antivirus\avgnt.exe [2015-12-03 803200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-04-06 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Games\World_of_Tanks\WoTLauncher.exe"="C:\Games\World_of_Tanks\WoTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Combat Arms EU\CombatArms.exe"="C:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms EU\Engine.exe"="C:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2016-03-25 15:04:37 ----D---- C:\rsit
2016-03-19 17:04:42 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2016-03-25 15:04:54 ----D---- C:\Program Files\trend micro
2016-03-25 15:04:45 ----D---- C:\WINDOWS\Prefetch
2016-03-25 15:04:43 ----D---- C:\WINDOWS\temp
2016-03-25 12:08:46 ----D---- C:\WINDOWS\system32
2016-03-25 12:08:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-25 12:05:13 ----D---- C:\WINDOWS
2016-03-25 11:49:07 ----RD---- C:\Program Files
2016-03-24 23:10:02 ----N---- C:\WINDOWS\SchedLgU.Txt
2016-03-18 20:11:10 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-13 10:50:55 ----D---- C:\Documents and Settings\Admin\Data aplikací\XnView
2016-03-06 00:57:47 ----D---- C:\WINDOWS\system32\CatRoot2
2016-03-04 15:31:01 ----HD---- C:\WINDOWS\inf
2016-03-04 15:13:19 ----A---- C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2016-03-04 15:13:19 ----A---- C:\WINDOWS\system32\WdfCoInstaller01009.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-09-03 115680]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2015-12-03 136272]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2015-12-03 37896]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2015-12-03 31848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2015-02-08 281760]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2015-12-03 106968]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2015-02-08 25888]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2013-08-25 13120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-04-06 7746048]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2012-04-25 82032]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2011-12-02 4125352]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 ProcessMonitor;ProcessMonitor; \??\C:\Program Files\Safetica Free\ProcessMonitorDriver.sys []
S3 Safetica;Safetica; \??\C:\Program Files\Safetica Free\safetica.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;ASUS Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\Antivirus\avguard.exe [2015-12-03 466408]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\Antivirus\sched.exe [2015-12-03 466408]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-04-06 647168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\Antivirus\avmailc.exe [2015-12-03 930944]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [2015-12-03 1222952]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **cernohous13** » 25 bře 2016 17:21

Zdravím,

nejprve bych doporučil vypnout aktualizace (pro WinXP už stejně žádné nejsou)
Start -> Ovládací panely -> Automatické aktualizace

Stáhni AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Ulož nejlépe na plochu -> ukonči všechny programy -> spusť AdwCleaner -> klikni na Scan po dokončení na Cleaning
bude provedena oprava, restartuje se - (případně restartuj) a vypadne log C:\AdwCleaner\AdwCleaner[C?].txt , jeho obsah vložíš sem

pravděpodobně budeš nucen vypnout na tu chvíli antivir - je to čisté, prověřeno

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Spustit a do okna vlozte skript nize
Kód: Vybrat vše
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script

PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
Log bude zde C:\zoek-results.log

Joker93 · #3 Příspěvek od **Joker93** » 25 bře 2016 17:52

Zdravím, aktualizace už mám vypnuté delší dobu, myslím že mi to bylo doporučené zrovna zde na foru. U zoek mi hned vyskočila hláška DaS_21.exe Chyba inicializace .NET Framework, ale program poté pracoval dál. Jinak hučení PC (zvuk jako když PC na něčem pracuje nebo se aktualizuje nějaký program) nepřestalo, skončí jen asi po 10 až 15 minutách a nebo hned při zavření prohlížeče.

Upraveno: Po novém otevření prohlížeče už PC reaguje normálně, takže snad to tak bude i nadále.

# AdwCleaner v5.105 - Logfile created 25/03/2016 at 17:25:20
# Updated 21/03/2016 by Xplode
# Database : 2016-03-24.4 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Admin - ADMIN
# Running from : C:\Documents and Settings\Admin\Plocha\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Secure

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [759 bytes] - [25/03/2016 17:25:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [814 bytes] - [25/03/2016 17:24:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [903 bytes] ##########

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Admin on p 25.03.2016 at 17:29:10,00.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Admin\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.3.2016 17:31:56 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Program Files\WindowsUpdate deleted
C:\Documents and Settings\Admin\.android deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=4 2760 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Admin\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on p 25.03.2016 at 17:45:23,78 ======================

#4 Příspěvek od **cernohous13** » 25 bře 2016 18:17

Tak tam ještě proženeme MBAM

Stáhni a nainstaluj MBAM zde http://www.bleepingcomputer.com/downloa ... re/dl/241/ verzi 1.75
Při instalaci ti jako první nabídne instalaci nové verze (případně i při spuštění) - dáš Storno - bude aktualizována jen databáze
Po instalaci Spustit -> na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program nezavírej, jen minimalizuj

Joker93 · #5 Příspěvek od **Joker93** » 25 bře 2016 18:33

Při aktualizaci databáze vyskočí chybová hláška Program_error_updating (0,0, Host not found). Zkoušel jsem odinstalovat, restartovat PC a opět nainstalovat, ale chyba se opakuje.

#6 Příspěvek od **cernohous13** » 25 bře 2016 20:05

Proveď odinstalaci http://www.malwarebytes.org/mbam-clean.exe
a zkus to znovu podle předchozího návodu

pokud by se nezdařilo dej mi nový log RSIT - ráno na to kouknu

Joker93 · #7 Příspěvek od **Joker93** » 26 bře 2016 09:10

Opět nefunguje

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-03-26 09:09:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (41%) free of 60 GB
Total RAM: 3325 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:09:41, on 26.3.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Antivirus\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\Antivirus\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\Antivirus\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Antivirus\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3991 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@cuminas.jp/DjVuPlugin]
"Description"=Document Express DjVu Plug-in
"Path"=C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\npNxGameEU.dll

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default\extensions\
abs@avira.com

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default\searchplugins\
heurekacz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-05 98304]
"avgnt"=C:\Program Files\Avira\Antivirus\avgnt.exe [2015-12-03 803200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-04-06 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Games\World_of_Tanks\WoTLauncher.exe"="C:\Games\World_of_Tanks\WoTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"
"C:\WarThunder\launcher.exe"="C:\WarThunder\launcher.exe:*:Enabled:War Thunder launcher"
"C:\WarThunder\bpreport.exe"="C:\WarThunder\bpreport.exe:*:Enabled:War Thunder Crash Reporter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Combat Arms EU\CombatArms.exe"="C:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms EU\Engine.exe"="C:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2016-03-26 09:06:56 ----D---- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2016-03-26 09:06:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-03-26 09:06:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2016-03-26 09:06:49 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2016-03-25 21:10:33 ----SHD---- C:\RECYCLER
2016-03-25 19:02:17 ----D---- C:\WarThunder
2016-03-25 17:42:05 ----D---- C:\WINDOWS\Temp
2016-03-25 17:42:05 ----A---- C:\WINDOWS\zoek-delete.exe
2016-03-25 17:29:01 ----D---- C:\zoek_backup
2016-03-25 17:24:29 ----D---- C:\AdwCleaner
2016-03-25 15:04:37 ----D---- C:\rsit
2016-03-19 17:04:42 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2016-03-26 09:09:38 ----D---- C:\Program Files\trend micro
2016-03-26 09:08:06 ----D---- C:\WINDOWS\system32
2016-03-26 09:08:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-26 09:07:46 ----D---- C:\WINDOWS
2016-03-26 09:07:42 ----D---- C:\WINDOWS\Prefetch
2016-03-26 09:07:22 ----D---- C:\WINDOWS\system32\drivers
2016-03-26 09:06:49 ----RD---- C:\Program Files
2016-03-26 01:31:09 ----N---- C:\WINDOWS\SchedLgU.Txt
2016-03-26 01:31:08 ----D---- C:\WINDOWS\system32\CatRoot2
2016-03-25 17:40:51 ----D---- C:\WINDOWS\system32\GroupPolicy
2016-03-25 17:37:14 ----D---- C:\WINDOWS\system32\drivers\etc
2016-03-18 20:11:10 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-13 10:50:55 ----D---- C:\Documents and Settings\Admin\Data aplikací\XnView
2016-03-04 15:31:01 ----HD---- C:\WINDOWS\inf
2016-03-04 15:13:19 ----A---- C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2016-03-04 15:13:19 ----A---- C:\WINDOWS\system32\WdfCoInstaller01009.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-09-03 115680]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2015-12-03 136272]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2015-12-03 37896]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2015-12-03 31848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2015-02-08 281760]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2015-12-03 106968]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2015-02-08 25888]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2013-08-25 13120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-04-06 7746048]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2012-04-25 82032]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2011-12-02 4125352]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 ProcessMonitor;ProcessMonitor; \??\C:\Program Files\Safetica Free\ProcessMonitorDriver.sys []
S3 Safetica;Safetica; \??\C:\Program Files\Safetica Free\safetica.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;ASUS Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\Antivirus\avguard.exe [2015-12-03 466408]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\Antivirus\sched.exe [2015-12-03 466408]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-04-06 647168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\Antivirus\avmailc.exe [2015-12-03 930944]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [2015-12-03 1222952]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#8 Příspěvek od **cernohous13** » 26 bře 2016 16:52

Já tam nic nebezpečného nevidím

máš ještě nějaké problémy?

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „MoveIt!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dej mi ho sem na kontrolu

Script OTM

Kód: Vybrat vše

:Commands
[resethosts]
[emptytemp]
[emptyflash]
[emptyjava]
[clearallrestorepoints]

:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Program Files\Malwarebytes' Anti-Malware
C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
C:\Program Files\Malwarebytes' Anti-Malware
C:\WINDOWS\system32\drivers\mbam.sys

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=-

:Services

DelFix https://toolslib.net/downloads/finish/2/

Stáhni a spusť
Ponech zatržítkou pouze u volby "Remote disinfection tools"
Klikni na "Run" - uklidí po použitých čističích

Joker93 · #9 Příspěvek od **Joker93** » 27 bře 2016 08:44

Tak při spuštění prohlížeče PC už nehučí a dále byl problém pouze s MBAM. Při spuštění OTM mi poprvé vyskočila chybová hláška týkající se složky ve windows, myslím že to bylo system32/Hosts a tento proces se objevil poté v zeleném okně vpravo, ale PC se seklo a já ho restartoval, takže tento log je až z druhéjo pokusu.

All processes killed
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 709378 bytes
->Temporary Internet Files folder emptied: 4720350 bytes
->FireFox cache emptied: 283882483 bytes
->Flash cache emptied: 523 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 32913 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 208703 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 276,00 mb

[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: Admin

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTM Restore Point
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP186.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP45.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7FA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8D5.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9DD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD9F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDC9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF86.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI83.tmp moved successfully.
C:\WINDOWS\Installer\MSID6.tmp moved successfully.
C:\WINDOWS\system32\CatRoot\TMP2.tmp moved successfully.
C:\WINDOWS\system32\CatRoot\TMP94.tmp moved successfully.
C:\Program Files\Malwarebytes' Anti-Malware\Languages folder moved successfully.
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon folder moved successfully.
C:\Program Files\Malwarebytes' Anti-Malware folder moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Malwarebytes folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes folder moved successfully.
File/Folder C:\Program Files\Malwarebytes' Anti-Malware not found.
C:\WINDOWS\system32\drivers\mbam.sys moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware not found.
========== SERVICES/DRIVERS ==========

OTM by OldTimer - Version 3.1.21.0 log created on 03272016_093159

Files moved on Reboot...

Registry entries deleted on Reboot...

#10 Příspěvek od **cernohous13** » 27 bře 2016 14:54

Spusť opět OTM -> CleanUp! - odinstaluje a vyčistí po sobě.

ještě nějaký problém? já už tam nic zlého nevidím

Joker93 · #11 Příspěvek od **Joker93** » 27 bře 2016 17:39

Akorát nešla aktualizovat datábáze MBAM, ale teď už jsem program znovu nezkopušel stahovat. Problém s hučením ale zmizel a to je hlavní. Děkuji za pomoc

Jen se zeptám jestli z logů víte co to zahlcené PC způsobovalo?

#12 Příspěvek od **cernohous13** » 28 bře 2016 06:48

Ani v jednom z logů nevidím možnou příčinu

pokud by se "hučení" opakovalo zjisti vytížení
procesoru ve Správci úloh (Ctrl+Alt+Delete)

Nechám téma ještě chvíli otevřené

Joker93 · #13 Příspěvek od **Joker93** » 31 bře 2016 20:27

Dobrý večer, zahlcení PC při prohlížeči se sice nevrátilo, ale dnes mi Avira při scanu našla nějaký virus TR/Agent.T.116 ve složce C/System Volume Information. Můžu dát log z RSIT sem nebo mám založit vlákno zvlášť?

#14 Příspěvek od **cernohous13** » 01 dub 2016 04:33

To je v pohodě, v některém bodu obnovení systému byl záznam
o škůdci, který byl již zřejmě odstraněn - vyčistíme

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.filehippo.com/download_ccleaner
Při instalaci vyhodit fajfku u instalace různých toolbarů

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"
spustit "Nástroje" > "Start" - tady můžeš zkusit deaktivovat procesy, které při spuštění nepotřebuješ (pokud by ti potom něco nechodilo, stejným způsobem je povolíš)
Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Joker93 · #15 Příspěvek od **Joker93** » 01 dub 2016 17:40

Vše jsem provedl a ještě zkusil 2 testy Aviry a už nic nenašla. Mám sem dávat ještě nějaký log nebo to můžem uzavřít?

VIRY.CZ

Preventivní kontrola

Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola