Prosím o kontrolu logu pomalý ntb Vyřešeno

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\Windows\SysNative\acovcnt.exe
*****************************************************************************************************************************************
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O20:64bit: - Winlogon\Notify\avldr: DllName - Reg Error: Key error. - File not found
O33 - MountPoints2\{fb34bc07-02d9-11df-a6b7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb34bc07-02d9-11df-a6b7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008.10.13 19:44:59 | 000,136,448 | R--- | M] (Sports Interactive)
@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV

:Files
C:\Windows\*.tmp
C:\Windows\SysNative\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\tasks\SA.DAT
C:\Users\Rabak\AppData\Local\d3d9caps64.dat
C:\Windows\System32\*.tmp
C:\Program Files (x86)\NSS

:Reg

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[Reklama]

[Radinoo]

Soubor najít nemohu.
zobrazit skryté a systémové soubory to myslíš na ploše pravím myšítkem? Tam to není

[Damned]

Zkus skopírovat do okýnka na stránce cestu.

Kód: Vybrat vše

C:\Windows\SysNative\acovcnt.exe

[Radinoo]

Mám to v tom logu otl

[Damned]

Kde?

[Radinoo]

Testoval jsem
otl
a-squared 4.5.0.50 2010.03.06 -
AhnLab-V3 5.0.0.2 2010.03.06 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.06 -
Avast5 5.0.332.0 2010.03.06 -
AVG 9.0.0.787 2010.03.06 -
BitDefender 7.2 2010.03.06 -
CAT-QuickHeal 10.00 2010.03.06 (Suspicious) - DNAScan
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.06 -
eSafe 7.0.17.0 2010.03.04 Suspicious File
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.06 -
Fortinet 4.0.14.0 2010.03.06 -
GData 19 2010.03.06 -
Ikarus T3.1.1.80.0 2010.03.06 -
Jiangmin 13.0.900 2010.03.06 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.06 Heuristic.LooksLike.Win32.Suspicious.J!83
Microsoft 1.5502 2010.03.06 -
NOD32 4921 2010.03.06 -
Norman 6.04.08 2010.03.06 -
nProtect 2009.1.8.0 2010.03.06 -
Panda 10.0.2.2 2010.03.06 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.05.03 2010.03.06 -
Sophos 4.51.0 2010.03.06 -
Sunbelt 5774 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 Suspicious.Insight
TheHacker 6.5.1.9.223 2010.03.06 -
TrendMicro 9.120.0.1004 2010.03.06 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Rozšiřující informace
File size: 553984 bytes
MD5...: a41278e25ec91734df7fb6bfca05f625
SHA1..: e32ccfb57d82bea147dbffad2388d08a66779dc6
SHA256: febbfac439dd63cc30d8a40c9ff9d91a9e29bae784fb131765fe66b1608daa43
ssdeep: 12288:f+6HuwXwS+luohZboWRBZhbhO9yMM2/BlWWaaL6n69QFO1az9:W6HuGqsW
RHhbor7/BQWaaM+Q

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x214000 0x84200 8.00 bb16677becf6ceed4530e9a7fbd8c66e
.rsrc 0x215000 0x3000 0x2e00 5.30 d6b41707a6d0fdd7a404a94ec1664d41

( 1 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 EXE PECompact compressed (v2.x) (48.0%)
Win32 EXE PECompact compressed (generic) (33.8%)
Win32 Executable Generic (6.9%)
Win32 Dynamic Link Library (generic) (6.1%)
Win16/32 Executable Delphi generic (1.6%)
packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact
sigcheck:
publisher....: OldTimer Tools
copyright....:
product......: OTL
description..:
original name: OTL.exe
internal name: OTL.exe
file version.: 3.1.34.0
comments.....: Public Release
signers......: -
signing date.: -
verified.....: Unsigned

packers (F-Prot): PecBundle, PECompact



.........................................................................






All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb34bc07-02d9-11df-a6b7-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb34bc07-02d9-11df-a6b7-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb34bc07-02d9-11df-a6b7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb34bc07-02d9-11df-a6b7-806e6f6e6963}\ not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
ADS C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV deleted successfully.
========== FILES ==========
File\Folder C:\Windows\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
C:\Windows\tasks\SA.DAT moved successfully.
C:\Users\Rabak\AppData\Local\d3d9caps64.dat moved successfully.
File\Folder C:\Windows\System32\*.tmp not found.
C:\Program Files (x86)\NSS\Help\img folder moved successfully.
C:\Program Files (x86)\NSS\Help folder moved successfully.
C:\Program Files (x86)\NSS\fls1sup folder moved successfully.
C:\Program Files (x86)\NSS\Flash folder moved successfully.
C:\Program Files (x86)\NSS\Dct4Plus folder moved successfully.
C:\Program Files (x86)\NSS\Backup\temp folder moved successfully.
C:\Program Files (x86)\NSS\Backup\rpl folder moved successfully.
C:\Program Files (x86)\NSS\Backup\pm folder moved successfully.
C:\Program Files (x86)\NSS\Backup\locks folder moved successfully.
C:\Program Files (x86)\NSS\Backup\ask folder moved successfully.
C:\Program Files (x86)\NSS\Backup folder moved successfully.
C:\Program Files (x86)\NSS folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rabak
->Temp folder emptied: 8016037 bytes
->Temporary Internet Files folder emptied: 106713101 bytes
->Java cache emptied: 39446127 bytes
->Flash cache emptied: 46737 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 527266 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 148,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rabak
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.1.34.0 log created on 03072010_002828

Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.
C:\Users\Rabak\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Damned]

Ano, OTL ho našel. Cca v poměru 3:4, tento soubor je malware. Proto ho chci vidět ve virustotalu, nebudu ti mazat přeci zdravej soubor.
To znamená, že v daném umístění je (C:\Windows\SysNative\acovcnt.exe). Já potřebuji vidět jestli je zdravej nebo má chřipku.
Protože v PC je (OTL ho našel), zkontroluj mi ho na VT. Pokud ho fyzicky nemůžeš najít, vlož do okýnka na stránce virustotal.com cestu: C:\Windows\SysNative\acovcnt.exe , a VT už si ho natáhne.

[Radinoo]

C:\Windows\SysNative\acovcnt.exe
Ten soubor tam nemohu vůbec najít

[Damned]

Tak uvidíme:

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\Windows\SysNative\acovcnt.exe
C:\Windows\SysNative\*.tmp

:Reg

:Commands
[purity]
[emptytemp]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[Radinoo]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
File move failed. C:\Windows\SysNative\acovcnt.exe scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\*.tmp not found.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rabak
->Temp folder emptied: 33397 bytes
->Temporary Internet Files folder emptied: 7092514 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 75 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb


OTL by OldTimer - Version 3.1.34.0 log created on 03072010_005102

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\acovcnt.exe scheduled to be moved on reboot.
C:\Users\Rabak\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Damned]

Šak vidíš že tam byl:

File move failed. C:\Windows\SysNative\acovcnt.exe scheduled to be moved on reboot.

Volně: Selhal přesun.................... plánuji, že ho přesunu při restartu...

Smaž složku C:\_OTL

Stáhni si ToolsCleaner2 (by de A.Rothstein & Dj Quiou) na Plochu a spusť ho.

Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění) a odstraň nalezené.
Zavři a smaž program.


A jestli chceš mít ntb ještě rychlejší, tak ho nech chvíli bez dozoru v Chánově, to zmizí rychlostí blesku

Kdyby se něco zase objevilo, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.

[Radinoo]

Ten cleaner uložím .Všechny akce jdou, ale přiakci Recherche se to zasekne asik 10 min a pak mi to dá hlášku že to neodpovídá...