Prosím o kontrolu logu

Zpráva

marihani · #1 Příspěvek od **marihani** » 02 úno 2015 18:15

Logfile of random's system information tool 1.10 (written by random/random)
Run by ACER-PC at 2015-02-02 18:14:19
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 55 GB (19%) free of 290 GB
Total RAM: 3070 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:14:22, on 2.2.2015
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\ACER-PC\Downloads\RSIT.exe
C:\Program Files\trend micro\ACER-PC.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Fergo Screenshot] C:\Users\ACER-PC\AppData\Local\Temp\Rar$EX03.860\Fergo Screenshot.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 4713 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\ACER-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kcvbmug4.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
nppdf32.dll
ShockwavePlugin.class

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-04-01 217088]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-04-01 483428]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-12-22 3810304]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-07 178712]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-05 128232]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-01-09 405639]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"Steam"=C:\Program Files\Steam\Steam.exe [2015-01-23 1942720]
"Fergo Screenshot"=C:\Users\ACER-PC\AppData\Local\Temp\Rar$EX03.860\Fergo Screenshot.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-02-02 18:06:05 ----D---- C:\rsit
2015-01-29 19:06:13 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2015-02-02 18:14:20 ----D---- C:\Program Files\trend micro
2015-02-02 18:14:17 ----D---- C:\Windows\temp
2015-02-02 18:06:17 ----D---- C:\Windows\Prefetch
2015-02-02 17:56:59 ----D---- C:\Windows\System32
2015-02-02 17:56:59 ----D---- C:\Windows\inf
2015-02-02 17:56:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-02-02 17:52:45 ----D---- C:\Program Files\Steam
2015-02-02 17:52:22 ----D---- C:\Program Files\Common Files\Steam
2015-02-01 13:17:58 ----SHD---- C:\System Volume Information
2015-02-01 12:09:14 ----D---- C:\Windows\system32\WDI
2015-01-31 15:13:23 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-01-30 18:45:40 ----RD---- C:\Program Files
2015-01-30 18:43:46 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-01-29 20:55:00 ----D---- C:\Windows\system32\MRT
2015-01-29 20:51:23 ----A---- C:\Windows\system32\mrt.exe
2015-01-09 18:13:05 ----D---- C:\Windows\system32\catroot2
2015-01-08 09:55:52 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2008-09-01 317976]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-11-14 43840]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-04-01 192048]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-01-21 4172288]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-12-22 18424]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-12-17 1331192]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA009Ufd.sys [2008-09-03 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver; C:\Windows\system32\DRIVERS\OA009Vid.sys [2008-09-03 269216]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-01 62976]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-04-01 398336]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-09-01 304128]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2009-06-22 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-01-21 4172288]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-06-22 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-01 81920]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-01-21 724992]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [2009-04-01 254042]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-12-22 26112]
R2 yksvc;Marvell Yukon Service; ykx32coinst,serviceStartProc []
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30 267440]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-29 114800]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2015-01-23 834752]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 02 úno 2015 18:34

Zdravim

Proc nemate aktualizovany system? Chybi Service Pack 2

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

marihani · #3 Příspěvek od **marihani** » 02 úno 2015 19:30

Ok, tady je:

# AdwCleaner v4.109 - Report created 02/02/2015 at 19:27:26
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : ACER-PC - ACER-PC-PC
# Running from : C:\Users\ACER-PC\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\ACER-PC\AppData\Local\PackageAware

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\SweetIM
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

-\\ Mozilla Firefox v35.0.1 (x86 cs)

*************************

AdwCleaner[R0].txt - [1002 octets] - [02/02/2015 19:24:50]
AdwCleaner[S0].txt - [933 octets] - [02/02/2015 19:27:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [992 octets] ##########

#4 Příspěvek od **Márty84** » 02 úno 2015 20:13

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

marihani · #5 Příspěvek od **marihani** » 03 úno 2015 00:41

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2.2.2015
Scan Time: 23:22:05
Logfile: log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.02.05
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: ACER-PC

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 459760
Time Elapsed: 1 hr, 14 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Freemium.A, C:\Users\ACER-PC\Downloads\wordview_cs-cz_2007 - CHIP Downloader.exe, , [9f0eda3f018923135019c18bac55d12f],

Physical Sectors: 0
(No malicious items detected)

(end)

#6 Příspěvek od **Márty84** » 03 úno 2015 09:39

Nalez hodte do karanteny, pak muzete MBAM odinstalovat.

Je s pc nejaky konkretni problem, nebo jde ciste jen o prevenci?

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

marihani · #7 Příspěvek od **marihani** » 03 úno 2015 15:09

Žádný problém není, jde jen o prevenci

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by ACER-PC (administrator) on ACER-PC-PC on 03-02-2015 15:04:21
Running from C:\Users\ACER-PC\Desktop
Loaded Profiles: ACER-PC (Available profiles: ACER-PC)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\ACER-PC\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-04-01] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-05] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2009-08-17] (ALWIL Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483428 2009-04-01] (IDT, Inc.)
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\...\Run: [Fergo Screenshot] => C:\Users\ACER-PC\AppData\Local\Temp\Rar$EX03.860\Fergo Screenshot.exe <===== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\ACER-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kcvbmug4.default
FF NewTab: about:home
FF DefaultSearchUrl:
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\ACER-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kcvbmug4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-10-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-04-01] (Andrea Electronics Corporation)
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-08-17] (ALWIL Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-08-17] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-08-17] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-08-17] (ALWIL Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-04-01] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.) [File not signed]
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2009-08-17] (ALWIL Software)
R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [53328 2009-08-17] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23152 2009-08-17] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [114768 2009-08-17] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [51376 2009-08-17] (ALWIL Software)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-11] (Společnost Microsoft)
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [144672 2008-09-03] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [269216 2008-09-03] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 15:04 - 2015-02-03 15:04 - 00009435 _____ () C:\Users\ACER-PC\Desktop\FRST.txt
2015-02-03 15:03 - 2015-02-03 15:04 - 00000000 ____D () C:\FRST
2015-02-03 15:00 - 2015-02-03 15:00 - 00112640 _____ (forum.viry.cz) C:\Users\ACER-PC\Desktop\FRSTLauncher.exe
2015-02-03 14:58 - 2015-02-03 14:58 - 01122304 _____ (Farbar) C:\Users\ACER-PC\Desktop\FRST.exe
2015-02-02 19:24 - 2015-02-02 19:27 - 00000000 ____D () C:\AdwCleaner
2015-02-02 19:23 - 2015-02-02 19:23 - 02194432 _____ () C:\Users\ACER-PC\Desktop\adwcleaner_4.109.exe
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Windows\system32\vi-VN
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Windows\system32\eu-ES
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Windows\system32\ca-ES
2015-02-02 18:06 - 2015-02-02 18:06 - 00000000 ____D () C:\rsit
2015-02-02 18:05 - 2015-02-02 18:05 - 01107968 _____ () C:\Users\ACER-PC\Downloads\RSIT.exe
2015-01-29 19:06 - 2015-01-29 19:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 14:55 - 2008-01-21 07:14 - 01418230 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 14:53 - 2009-06-22 00:12 - 01805424 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 14:51 - 2010-12-31 19:02 - 00000000 ____D () C:\Program Files\Steam
2015-02-03 14:49 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 14:49 - 2006-11-02 13:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 14:49 - 2006-11-02 13:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 14:48 - 2014-08-24 16:43 - 00004692 _____ () C:\Windows\PFRO.log
2015-02-03 14:48 - 2006-11-02 13:58 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-03 14:48 - 2006-11-02 13:35 - 00000000 ____D () C:\Windows\twain_32
2015-02-03 14:09 - 2014-12-12 19:12 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-02 23:18 - 2013-03-02 11:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 19:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2015-02-02 19:19 - 2009-07-20 12:46 - 00000917 _____ () C:\Users\ACER-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-02-02 19:14 - 2006-11-02 13:44 - 01574432 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 19:11 - 2008-01-21 07:12 - 00000000 ____D () C:\Windows\system32\cs
2015-02-02 19:11 - 2006-11-02 13:35 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-02-02 19:11 - 2006-11-02 13:35 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-02-02 19:11 - 2006-11-02 13:35 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2015-02-02 19:11 - 2006-11-02 13:35 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-02 19:11 - 2006-11-02 13:35 - 00000000 ____D () C:\Program Files\Windows Collaboration
2015-02-02 19:11 - 2006-11-02 13:35 - 00000000 ____D () C:\Program Files\Windows Calendar
2015-02-02 19:11 - 2006-11-02 13:35 - 00000000 ____D () C:\Program Files\Movie Maker
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\th-TH
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\SLUI
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\it-IT
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\he-IL
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\et-EE
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\el-GR
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\IME
2015-02-02 19:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-02 19:10 - 2013-05-25 12:35 - 00014160 _____ () C:\Windows\setupact.log
2015-02-02 18:14 - 2013-02-27 19:17 - 00000000 ____D () C:\Program Files\trend micro
2015-02-02 17:52 - 2010-12-31 19:02 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-01-31 15:13 - 2012-10-28 19:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-31 15:13 - 2009-11-13 21:07 - 00006836 _____ () C:\Users\ACER-PC\AppData\Local\d3d9caps.dat
2015-01-30 18:43 - 2012-10-19 14:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-30 18:43 - 2012-10-19 14:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-29 20:55 - 2013-08-14 23:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-29 20:51 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-08 09:55 - 2009-10-05 15:40 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2009-11-13 21:07 - 2015-01-31 15:13 - 0006836 _____ () C:\Users\ACER-PC\AppData\Local\d3d9caps.dat
2009-09-13 10:24 - 2014-08-24 14:37 - 0032768 _____ () C:\Users\ACER-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-24 13:02 - 2014-08-24 13:02 - 0000058 _____ () C:\Users\ACER-PC\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

Some content of TEMP:
====================
C:\Users\ACER-PC\AppData\Local\temp\drm_dialogs.dll
C:\Users\ACER-PC\AppData\Local\temp\drm_dyndata_7330004.dll
C:\Users\ACER-PC\AppData\Local\temp\drm_dyndata_7360007.dll
C:\Users\ACER-PC\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\ACER-PC\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ACER-PC\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\ACER-PC\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ACER-PC\AppData\Local\temp\Quarantine.exe
C:\Users\ACER-PC\AppData\Local\temp\SkypeSetup.exe
C:\Users\ACER-PC\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\ACER-PC\Downloads\Star-Trek-Voyager---1x09---Emanations.avi:TOC.WMV

==================== Security Center ==================

AV: avast! antivirus (Disabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! antivirus (Disabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ACER-PC\Desktop" je 30 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

V příloze je druhý log.

#8 Příspěvek od **Márty84** » 03 úno 2015 19:56

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-05] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\...\Run: [Fergo Screenshot] => C:\Users\ACER-PC\AppData\Local\Temp\Rar$EX03.860\Fergo Screenshot.exe <===== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

marihani · #9 Příspěvek od **marihani** » 03 úno 2015 20:40

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2015
Ran by ACER-PC at 2015-02-03 20:30:36 Run:1
Running from C:\Users\ACER-PC\Desktop
Loaded Profiles: ACER-PC (Available profiles: ACER-PC)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-05] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\...\Run: [Fergo Screenshot] => C:\Users\ACER-PC\AppData\Local\Temp\Rar$EX03.860\Fergo Screenshot.exe <===== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PDVDDXSrv => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value deleted successfully.
HKU\S-1-5-21-2887609027-2585564384-433067684-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Fergo Screenshot => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2887609027-2585564384-433067684-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog 20:33:58 ====

#10 Příspěvek od **Márty84** » 04 úno 2015 09:46

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remote disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

marihani · #11 Příspěvek od **marihani** » 05 úno 2015 12:27

PC zdá se v pohodě

Díky moc.
Co tomu bylo?

#12 Příspěvek od **Márty84** » 05 úno 2015 17:56

Nic vazneho, jen par zbytecnosti a brzd

Nemate zac!

Mejte se a treba zase nekdy

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu