Vir posílá data

[jiri.muzikar]

Asi Vir.
Dobrý den.
Pc posílá do sítě nepravidelně velké množství dat a tím je připojení zahlceno.
Antivir ClamWin našelW32 Virut.Gen.D-146
Když zastavím proces TCPSVCS.EXE tak k odesílání dat nedochází.
Pc se už také nerozjel a tak jsem musel obnovovat systém ze záložní kopie.


Zde jsou výsledky logu

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Administrator (administrator) on ENPED-SERVER on 26-01-2014 08:36:39
Running from C:\Users\Administrator\Desktop
Windows Server 2008 R2 Foundation Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\silsvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
() C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTMngr.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Administrator\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QLogicSaveSystemInfo] - C:\Windows\system32\qlco1006.dll [10752 2009-05-18] (QLogic Corporation)
HKLM-x32\...\Run: [NetLockMngr] - C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTMngr.exe [3076512 2012-09-30] ()
HKLM-x32\...\Run: [Cobian Backup 11 interface] - C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2012-12-05] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKCU\...\Run: [ClamWin] - C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2013-10-15] (alch)
MountPoints2: {0c3b1ea8-64b0-11e1-aab8-806e6f6e6963} - D:\autorun\automoney.exe
Lsa: [Notification Packages] scecli rassfm
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\..\Interfaces\{6B81293F-F8CF-4BA7-92E2-23955B5C8558}: [NameServer]213.211.43.161

==================== Services (Whitelisted) =================

R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian)
S2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2012-12-05] (Luis Cobian, CobianSoft)
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
R2 SWLckServer; C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTService.exe [1469856 2012-09-30] ()
R2 TermServLicensing; C:\Windows\System32\lserver.dll [694784 2010-11-21] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 bchtsw64; C:\Windows\system32\drivers\bchtsw64.sys [87264 2008-05-27] (Broadcom Corporation)
S3 be2iscsi; C:\Windows\system32\drivers\be2iscsi.sys [181256 2011-07-26] (Emulex )
S3 bfad; C:\Windows\system32\drivers\bfad.sys [1299056 2011-01-18] (Brocade Communications Systems, Inc.)
S3 bfadfcoe; C:\Windows\system32\drivers\bfadfcoe.sys [1299056 2011-01-18] (Brocade Communications Systems, Inc.)
R0 bfad_up; C:\Windows\System32\drivers\bfad_up.sys [14960 2011-01-18] (Brocade Communications Systems, Inc.)
S3 BXOIS; C:\Windows\system32\drivers\bxois.sys [533544 2011-05-24] (Broadcom Corporation)
S3 elxcna; C:\Windows\system32\drivers\elxcna.sys [658440 2011-08-12] (Emulex)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [53032 2011-08-05] (LSI Corporation)
S3 MegaSR1; C:\Windows\system32\drivers\MegaSR1.sys [519976 2011-05-13] (LSI Corporation, Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R0 msas2k3; C:\Windows\System32\drivers\msas2k3.sys [43520 2011-08-05] (LSI Corporation)
S3 pmcraid; C:\Windows\system32\drivers\pmcraid.sys [32584 2010-04-28] (PMC-Sierra)
S3 qlfcoe; C:\Windows\system32\drivers\qlfcoe.sys [937000 2009-05-18] (QLogic Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-01-26 08:36 - 2014-01-26 08:37 - 00007127 _____ C:\Users\Administrator\Desktop\FRST.txt
2014-01-26 08:36 - 2014-01-26 08:36 - 00000000 ____D C:\FRST
2014-01-26 08:34 - 2014-01-26 08:34 - 00112640 _____ (forum.viry.cz) C:\Users\Administrator\Desktop\FRSTLauncher.exe
2014-01-26 08:33 - 2014-01-26 08:34 - 02078208 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-01-26 08:28 - 2014-01-26 08:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2014-01-25 11:11 - 2014-01-25 11:11 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-25 11:11 - 2014-01-25 11:11 - 00004295 _____ C:\Users\Administrator\AppData\Local\Temp\java_install_reg.log
2014-01-25 11:11 - 2014-01-25 11:11 - 00000024 _____ C:\Users\Administrator\AppData\Local\Temp\RDFF16.tmp
2014-01-25 11:11 - 2014-01-25 11:11 - 00000000 _____ C:\Users\Administrator\AppData\Local\Temp\RD4B43.tmp
2014-01-25 11:11 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-25 11:11 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-25 11:11 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-25 11:11 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-25 11:10 - 2014-01-25 11:10 - 00002231 _____ C:\Users\Public\Desktop\S3 Kasa.lnk
2014-01-25 10:56 - 2014-01-25 10:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\CIGLER SOFTWARE
2014-01-25 10:50 - 2014-01-25 10:50 - 00000326 _____ C:\Windows\PFRO.log
2014-01-25 10:46 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-25 10:46 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-25 10:46 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-25 10:46 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-25 10:46 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-25 10:46 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-25 10:46 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-25 10:46 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-25 10:46 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\TeamViewer
2014-01-25 10:44 - 2014-01-25 10:44 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-25 10:44 - 2014-01-25 10:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-25 10:42 - 2014-01-25 10:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\{CB18546D-2FD6-47B2-A1F0-5E1875AF5356}
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-28 11:35 - 2014-01-25 10:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\2
2013-12-28 11:24 - 2014-01-25 10:46 - 00002062 _____ C:\Users\Administrator\AppData\Local\Temp\AdobeARM.log
2013-12-28 11:24 - 2013-12-28 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\WPDNSE
2013-12-28 11:19 - 2014-01-26 08:26 - 00000370 _____ C:\Windows\setupact.log
2013-12-28 11:19 - 2013-12-28 11:19 - 00000000 _____ C:\Windows\setuperr.log
2013-12-28 11:10 - 2014-01-25 11:11 - 00008991 _____ C:\Users\Administrator\AppData\Local\Temp\JavaDeployReg.log
2013-12-28 11:10 - 2014-01-25 11:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2013-12-28 11:10 - 2013-12-28 11:24 - 00001291 _____ C:\Users\Administrator\AppData\Local\Temp\jusched.log
2013-12-28 11:10 - 2013-12-28 11:10 - 00007962 _____ C:\Users\Administrator\Documents\cc_20131228_111015.reg

==================== One Month Modified Files and Folders =======

2014-01-26 08:37 - 2014-01-26 08:36 - 00007127 _____ C:\Users\Administrator\Desktop\FRST.txt
2014-01-26 08:37 - 2014-01-26 08:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2014-01-26 08:36 - 2014-01-26 08:36 - 00000000 ____D C:\FRST
2014-01-26 08:34 - 2014-01-26 08:34 - 00112640 _____ (forum.viry.cz) C:\Users\Administrator\Desktop\FRSTLauncher.exe
2014-01-26 08:34 - 2014-01-26 08:33 - 02078208 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-01-26 08:32 - 2009-07-14 05:49 - 00021328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 08:32 - 2009-07-14 05:49 - 00021328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 08:31 - 2012-03-02 22:41 - 01141849 _____ C:\Windows\WindowsUpdate.log
2014-01-26 08:28 - 2013-02-06 12:49 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-26 08:27 - 2012-03-02 23:10 - 00000000 ____D C:\Windows\system32\lserver
2014-01-26 08:26 - 2013-12-28 11:19 - 00000370 _____ C:\Windows\setupact.log
2014-01-26 08:26 - 2009-07-14 06:06 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 13:25 - 2013-02-06 12:49 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 13:25 - 2012-03-05 18:28 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-464615954-2510813803-3062766883-500UA.job
2014-01-25 11:12 - 2013-10-25 09:22 - 00000000 ____D C:\ProgramData\Oracle
2014-01-25 11:11 - 2014-01-25 11:11 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-25 11:11 - 2014-01-25 11:11 - 00004295 _____ C:\Users\Administrator\AppData\Local\Temp\java_install_reg.log
2014-01-25 11:11 - 2014-01-25 11:11 - 00000024 _____ C:\Users\Administrator\AppData\Local\Temp\RDFF16.tmp
2014-01-25 11:11 - 2014-01-25 11:11 - 00000000 _____ C:\Users\Administrator\AppData\Local\Temp\RD4B43.tmp
2014-01-25 11:11 - 2013-12-28 11:10 - 00008991 _____ C:\Users\Administrator\AppData\Local\Temp\JavaDeployReg.log
2014-01-25 11:11 - 2013-12-28 11:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2014-01-25 11:11 - 2013-10-25 09:22 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-25 11:10 - 2014-01-25 11:10 - 00002231 _____ C:\Users\Public\Desktop\S3 Kasa.lnk
2014-01-25 11:10 - 2012-03-05 17:11 - 00002226 _____ C:\Users\Public\Desktop\Money S3.lnk
2014-01-25 10:56 - 2014-01-25 10:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\CIGLER SOFTWARE
2014-01-25 10:51 - 2009-07-14 05:49 - 00295592 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-25 10:50 - 2014-01-25 10:50 - 00000326 _____ C:\Windows\PFRO.log
2014-01-25 10:48 - 2013-07-11 07:39 - 00000000 ____D C:\Windows\system32\MRT
2014-01-25 10:47 - 2012-03-02 23:23 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-25 10:46 - 2013-12-28 11:24 - 00002062 _____ C:\Users\Administrator\AppData\Local\Temp\AdobeARM.log
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\TeamViewer
2014-01-25 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Msdtc
2014-01-25 10:44 - 2014-01-25 10:44 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-25 10:44 - 2014-01-25 10:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-25 10:43 - 2014-01-25 10:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\{CB18546D-2FD6-47B2-A1F0-5E1875AF5356}
2014-01-25 10:43 - 2012-03-02 22:44 - 00000000 ____D C:\Users\Administrator
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-25 10:42 - 2013-12-13 09:46 - 00000000 ____D C:\ProgramData\LogMeIn
2014-01-25 10:41 - 2013-12-28 11:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\2
2014-01-25 10:37 - 2012-03-02 22:44 - 00000000 __SHD C:\Recovery
2013-12-28 11:24 - 2013-12-28 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\WPDNSE
2013-12-28 11:24 - 2013-12-28 11:10 - 00001291 _____ C:\Users\Administrator\AppData\Local\Temp\jusched.log
2013-12-28 11:24 - 2012-04-01 09:30 - 00000606 _____ C:\Users\Administrator\AppData\Local\Temp\ClamWin1.log
2013-12-28 11:19 - 2013-12-28 11:19 - 00000000 _____ C:\Windows\setuperr.log
2013-12-28 11:10 - 2013-12-28 11:10 - 00007962 _____ C:\Users\Administrator\Documents\cc_20131228_111015.reg
2013-12-28 11:09 - 2010-11-21 06:43 - 00704450 _____ C:\Windows\system32\perfh005.dat
2013-12-28 11:09 - 2010-11-21 06:43 - 00157052 _____ C:\Windows\system32\perfc005.dat
2013-12-28 11:09 - 2009-07-14 06:10 - 01683586 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-28 11:08 - 2012-04-01 09:30 - 00001661 _____ C:\Users\Administrator\AppData\Local\Temp\ClamWin2.log
2013-12-28 11:08 - 2012-03-03 07:36 - 00000000 ____D C:\Windows\Panther
2013-12-28 11:07 - 2012-04-26 19:34 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-28 11:07 - 2012-04-26 19:34 - 00000000 ____D C:\Program Files\CCleaner
2013-12-28 11:00 - 2012-04-01 09:30 - 00000560 _____ C:\Users\Administrator\AppData\Local\Temp\ClamWin4.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-25 11:43




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.56 GB) (Free:205.26 GB) NTFS

Available physical RAM: 1054.67 MB
Total physical RAM: 2036.28 MB
Percentage of memory in use: 48%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 233 GB) (Disk ID: 0BC5A7BD)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-464615954-2510813803-3062766883-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-464615954-2510813803-3062766883-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Administrator\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x1
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x1
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****



==================== End Of Log ==============================

[vyosek]

Zdravim

Mala technicka, jedna se o domaci PC nebo nejake pracovni\firemni??

[jiri.muzikar]

Pracovní i firemní

[vyosek]

A predpokladam, ze jste jeho spravce, ci to mate na starosti, nebo je na to nekdo urcen a ma se starat a bere za to i plat ze...

[jiri.muzikar]

Žádného ajťáka nemáme. Dělám to já víceméně při práci. Většinou vše zvládám - ale tohle se mně nedaří.

[vyosek]

Bohuzel nase pravidla fora hovori jasne. ve firme musi byt nekdo urcen na zpravu PC...my to nebudem delat za nej a dale nebudem riskovat pripadne ztratu dat

6. Fórum viry.cz se nezabývá odvirováním firemních PC - na toto jsou ve firmách placení (a někdy až hodně nadstandardně) IT technici, případně si je firma může najmout. My jsme tu zdarma a ve svém volném čase, nehodláme dělat práci za někoho jiného, kdo si pak jen slízne smetánku a plat. Taktéž ani neposkytujeme poradenství v oblasti zabezpečení firemních sítí či nastavení firemních sítí. Zkrátka a jednoduše, naše fórum poskytuje podporu pouze domácím uživatelům.

Jen tak ale na okraj, psal jste, ze mate detekovat virut

Virut je konkrétním typem viru - tzv. fileinfector.Virut je polymorfní souborový virus,který napadá exe soubory atd, takže je téměř min. šance na vyléčení.Připojuje se k IRC síti.Je možné jej na dálku ovladát.Virut hledá spustitelné soubory exe,src.Spustitelné soubory virut infikuje připojením svého kódu k poslední sekci. Hostitelský soubor modifikuje tak, že před během původního kódu se spusti virus.Dokáže se aktualizovat anebo spustit libovolný soubor.

[jiri.muzikar]

Když má firma 3 lidi, ajťáka si asi dovolit nemůže. Žijte blaze.

[vyosek]

Objednam servis a dam jej do nakladu...

Mejte se