Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim o kontrolu logu, PC je pravdepodobne zavireny.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
matushsk
Návštěvník
Návštěvník
Příspěvky: 27
Registrován: 18 črc 2013 07:44

Prosim o kontrolu logu, PC je pravdepodobne zavireny.

#1 Příspěvek od matushsk »

Dobry den, poprosim o kontrolu logu kde sa zda, ze PC je zavireny

Logfile of random's system information tool 1.10 (written by random/random)
Run by lifestudio at 2014-11-06 09:12:45
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 211 GB (70%) free of 300 GB
Total RAM: 3327 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:13:23, on 6. 11. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\KONICA MINOLTA\magicolor 1680MF\LinkMagic for magicolor 1680MF\lmmc1680.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\RSIT.exe
C:\Program Files\trend micro\lifestudio.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\AVG\AVG2015\avgcomdlgx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEWebHook - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\lifestudio\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\LIFEST~1\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NokiaInternetModem_AppStart.exe] "C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LinkMagic for magicolor 1680MF] C:\Program Files\KONICA MINOLTA\magicolor 1680MF\LinkMagic for magicolor 1680MF\lmmc1680.exe -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Microsoft.vbs] "C:\Users\LIFEST~1\AppData\Local\Temp\Microsoft.vbs"
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher (User 'Default user')
O4 - Startup: Microsoft.vbs
O4 - Startup: MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFB0FE3-8E3A-46A8-B7D5-288790AD4714}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FFB0FE3-8E3A-46A8-B7D5-288790AD4714}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FFB0FE3-8E3A-46A8-B7D5-288790AD4714}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Update neurowise - Unknown owner - C:\Program Files\neurowise\updateneurowise.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

--
End of file - 8103 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\lifestudio\AppData\Roaming\Mozilla\Firefox\Profiles\bnc822r2.default

prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9, @themediafinder.com:1.0.1, gencrawler@some.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Users\lifestudio\AppData\Roaming\Mozilla\Firefox\Profiles\bnc822r2.default\extensions\
kjdinh@euai-.co.uk

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
Plugin for Media Finder - C:\Users\lifestudio\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll [2011-12-07 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]
Help the General-Search Project - C:\Users\LIFEST~1\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL [2011-12-07 428544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-07-06 98304]
"NokiaInternetModem_AppStart.exe"=C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe [2011-12-02 142464]
"WD Drive Unlocker"=C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [2012-06-13 1688008]
"WD Quick View"=C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [2012-06-14 5235128]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 350072]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"AVG_UI"=C:\Program Files\AVG\AVG2015\avgui.exe [2014-10-16 3649040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"LinkMagic for magicolor 1680MF"=C:\Program Files\KONICA MINOLTA\magicolor 1680MF\LinkMagic for magicolor 1680MF\lmmc1680.exe [2008-08-26 5005312]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Microsoft.vbs"=C:\Users\LIFEST~1\AppData\Local\Temp\Microsoft.vbs []
"EEDSpeedLauncher"=C:\Windows\system32\eed_ec.dll [2014-01-23 2260992]

C:\Users\lifestudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft.vbs
MyPC Backup.lnk - C:\Program Files\MyPC Backup\MyPC Backup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.tscc"=tsccvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-06 09:12:46 ----D---- C:\Program Files\trend micro
2014-11-06 09:12:45 ----D---- C:\rsit
2014-11-06 09:11:51 ----A---- C:\RSIT.exe
2014-11-06 09:02:56 ----D---- C:\Users\lifestudio\AppData\Roaming\AVG2015
2014-11-06 09:02:19 ----D---- C:\Users\lifestudio\AppData\Roaming\TuneUp Software
2014-11-06 09:01:52 ----HD---- C:\$AVG
2014-11-06 09:01:52 ----D---- C:\ProgramData\AVG2015
2014-11-06 09:01:33 ----D---- C:\Program Files\AVG
2014-11-06 08:59:28 ----HD---- C:\ProgramData\Common Files
2014-11-06 08:59:28 ----D---- C:\ProgramData\MFAData
2014-11-06 08:58:57 ----A---- C:\avg_free_stb_eu_2015_5315.exe
2014-11-04 12:15:32 ----D---- C:\Program Files\MyPC Backup
2014-10-16 11:58:38 ----D---- C:\Program Files\Mozilla Firefox
2014-10-16 10:58:50 ----A---- C:\Windows\system32\win32k.sys
2014-10-16 10:58:44 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 10:58:43 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 10:58:43 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-16 10:58:43 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-16 10:58:42 ----A---- C:\Windows\system32\vbscript.dll
2014-10-16 10:58:42 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 10:58:42 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-16 10:58:42 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-16 10:58:42 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 10:58:42 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-16 10:58:41 ----A---- C:\Windows\system32\wininet.dll
2014-10-16 10:58:41 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-16 10:58:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-16 10:58:40 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-16 10:58:40 ----A---- C:\Windows\system32\ieui.dll
2014-10-16 10:58:39 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-16 10:58:39 ----A---- C:\Windows\system32\iertutil.dll
2014-10-16 10:58:38 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-16 10:58:38 ----A---- C:\Windows\system32\jscript9.dll
2014-10-16 10:58:36 ----A---- C:\Windows\system32\mshtml.dll
2014-10-16 10:58:35 ----A---- C:\Windows\system32\urlmon.dll
2014-10-16 10:58:35 ----A---- C:\Windows\system32\iernonce.dll
2014-10-16 10:58:35 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-16 10:58:34 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-16 10:58:33 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-16 10:58:33 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-16 10:58:32 ----A---- C:\Windows\system32\msrating.dll
2014-10-16 10:58:32 ----A---- C:\Windows\system32\iesetup.dll
2014-10-16 10:58:31 ----A---- C:\Windows\system32\ieframe.dll
2014-10-16 10:57:50 ----A---- C:\Windows\system32\mscories.dll
2014-10-16 10:57:50 ----A---- C:\Windows\system32\mscorier.dll
2014-10-16 10:57:50 ----A---- C:\Windows\system32\dfshim.dll
2014-10-16 10:57:43 ----A---- C:\Windows\system32\mstscax.dll
2014-10-16 10:57:42 ----A---- C:\Windows\system32\mstsc.exe
2014-10-16 10:57:41 ----A---- C:\Windows\system32\winsta.dll
2014-10-16 10:57:41 ----A---- C:\Windows\system32\winlogon.exe
2014-10-16 10:57:41 ----A---- C:\Windows\system32\termsrv.dll
2014-10-16 10:57:41 ----A---- C:\Windows\system32\rdpcorets.dll
2014-10-16 10:57:41 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-16 10:57:41 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-16 10:57:40 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-16 10:57:40 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-16 10:57:40 ----A---- C:\Windows\system32\credssp.dll
2014-10-16 10:57:40 ----A---- C:\Windows\system32\aaclient.dll
2014-10-16 10:57:27 ----A---- C:\Windows\system32\msi.dll
2014-10-16 10:57:24 ----A---- C:\Windows\system32\packager.dll
2014-10-10 15:13:58 ----A---- C:\Windows\system32\drivers\avgtdix.sys
2014-10-07 21:39:28 ----A---- C:\Windows\system32\drivers\avgidsdriverx.sys

======List of files/folders modified in the last 1 month======

2014-11-06 09:13:00 ----D---- C:\Windows\Prefetch
2014-11-06 09:12:46 ----RD---- C:\Program Files
2014-11-06 09:12:24 ----D---- C:\Windows\Temp
2014-11-06 09:10:07 ----D---- C:\Windows\system32\drivers
2014-11-06 09:08:25 ----D---- C:\Windows\system32\config
2014-11-06 09:05:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-11-06 09:02:48 ----SHD---- C:\Windows\Installer
2014-11-06 09:01:52 ----HD---- C:\ProgramData
2014-11-06 09:01:39 ----SHD---- C:\System Volume Information
2014-11-06 09:01:23 ----D---- C:\Windows\System32
2014-11-06 08:58:01 ----D---- C:\Windows\system32\DriverStore
2014-11-06 08:58:01 ----D---- C:\Windows\system32\catroot
2014-11-06 08:58:01 ----D---- C:\Windows\inf
2014-11-06 08:34:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-05 11:16:48 ----D---- C:\Program Files\Internet Explorer
2014-11-05 11:16:03 ----D---- C:\Program Files\DynamicPhotoHDR5
2014-11-05 11:14:36 ----D---- C:\Dg Foto Art Gold
2014-11-05 08:38:09 ----AD---- C:\Windows
2014-11-04 12:35:16 ----D---- C:\Users\lifestudio\AppData\Roaming\Media Player Classic
2014-11-04 12:24:07 ----D---- C:\Zmluvy-nevymazovať
2014-11-04 12:15:55 ----D---- C:\Windows\system32\Tasks
2014-10-28 06:35:00 ----N---- C:\Windows\system32\MpSigStub.exe
2014-10-18 11:09:51 ----D---- C:\Windows\rescache
2014-10-17 16:14:33 ----D---- C:\Windows\Microsoft.NET
2014-10-17 16:14:10 ----RSD---- C:\Windows\assembly
2014-10-17 15:42:19 ----D---- C:\Windows\winsxs
2014-10-17 15:40:08 ----D---- C:\Windows\system32\en-US
2014-10-17 15:40:07 ----D---- C:\Windows\system32\sk-SK
2014-10-17 14:16:36 ----D---- C:\TEMP
2014-10-17 10:46:51 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-10-16 10:57:14 ----D---- C:\Windows\system32\catroot2
2014-10-13 14:39:37 ----D---- C:\stiahnute subory
2014-10-13 11:01:06 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2014-06-18 147736]
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2014-10-05 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2014-10-07 213272]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-05-04 6656]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2013-04-10 5120]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 108560]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-07-13 47104]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 13216]
R3 nokia_usb_modem_cdc_acm;Nokia USB Modem CDC-ACM driver; C:\Windows\system32\DRIVERS\nokia_usb_modem_cdc_acm.sys [2011-06-22 67968]
R3 nokia_usb_modem_cdc_ecm;nokia_usb_modem_cdc_ecm; C:\Windows\system32\DRIVERS\nokia_usb_modem_cdc_ecm.sys [2011-06-22 52224]
R3 nokia_usb_modem_ecm_enum;Nokia USB Modem DC Enumerator; C:\Windows\system32\DRIVERS\nokia_usb_modem_ecm_enum.sys [2011-06-22 47488]
R3 nokia_usb_modem_ecm_enum_filter;nokia_usb_modem_ecm_enum_filter; C:\Windows\system32\DRIVERS\nokia_usb_modem_ecm_enum_filter.sys [2011-06-22 47488]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2010-11-02 10368]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
R4 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R4 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 nokia_usb_modem_cpo;Nokia USB Modem Mass Storage Device; C:\Windows\system32\DRIVERS\nokia_usb_modem_cpo.sys [2011-06-22 9984]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2012-06-13 11520]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-07-07 176128]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [2014-10-16 3487248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [2014-10-16 298080]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WDBackup;WD Backup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
R2 WDDriveService;WD Drive Manager; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [2012-06-13 248248]
R2 WDRulesService;WD Rules; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S2 Update neurowise;Update neurowise; C:\Program Files\neurowise\updateneurowise.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-11-02 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-16 114288]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-03 1343400]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15729
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosim o kontrolu logu, PC je pravdepodobne zavireny.

#2 Příspěvek od JaRon »

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft.vbs"=-

Driver::
Update neurowise

Folder::
C:\Program Files\neurowise



uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:

Obrázek

po aplikacii by mal vzniknut dalsi log, ten vloz sem :)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

matushsk
Návštěvník
Návštěvník
Příspěvky: 27
Registrován: 18 črc 2013 07:44

Re: Prosim o kontrolu logu, PC je pravdepodobne zavireny.

#3 Příspěvek od matushsk »

Ospravedlnujem sa za omeskanie, posielam log

ComboFix 14-11-15.01 - lifestudio . 11. 2014 15:17:34.2.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1051.18.3327.2124 [GMT 1:00]
Running from: c:\users\lifestudio\Desktop\ComboFix.exe
Command switches used :: c:\users\lifestudio\Desktop\CFScript.txt
AV: AVG Internet Security 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2015 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\lifestudio\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl
c:\users\lifestudio\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\background.html
c:\users\lifestudio\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\content.js
c:\users\lifestudio\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\koZS.js
c:\users\lifestudio\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\lsdb.js
c:\users\lifestudio\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\manifest.json
c:\users\lifestudio\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\xs7.js
c:\users\lifestudio\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\zi1dfHI3b.js
c:\users\lifestudio\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl
c:\users\lifestudio\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\background.html
c:\users\lifestudio\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\content.js
c:\users\lifestudio\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\koZS.js
c:\users\lifestudio\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\lsdb.js
c:\users\lifestudio\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\manifest.json
c:\users\lifestudio\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\xs7.js
c:\users\lifestudio\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\zi1dfHI3b.js
c:\users\lifestudio\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\lifestudio\AppData\Local\Chromatic Browser\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl
c:\users\lifestudio\AppData\Local\Chromatic Browser\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\background.html
c:\users\lifestudio\AppData\Local\Chromatic Browser\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\content.js
c:\users\lifestudio\AppData\Local\Chromatic Browser\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\koZS.js
c:\users\lifestudio\AppData\Local\Chromatic Browser\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\lsdb.js
c:\users\lifestudio\AppData\Local\Chromatic Browser\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\manifest.json
c:\users\lifestudio\AppData\Local\Chromatic Browser\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\xs7.js
c:\users\lifestudio\AppData\Local\Chromatic Browser\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\zi1dfHI3b.js
c:\users\lifestudio\AppData\Local\Torch\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl
c:\users\lifestudio\AppData\Local\Torch\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\background.html
c:\users\lifestudio\AppData\Local\Torch\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\content.js
c:\users\lifestudio\AppData\Local\Torch\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\koZS.js
c:\users\lifestudio\AppData\Local\Torch\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\lsdb.js
c:\users\lifestudio\AppData\Local\Torch\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\manifest.json
c:\users\lifestudio\AppData\Local\Torch\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\xs7.js
c:\users\lifestudio\AppData\Local\Torch\User Data\Default\Extensions\knpjdcdifppjfbdjbdkcejjogfeollcl\3.9\zi1dfHI3b.js
c:\users\lifestudio\AppData\Roaming\Media Finder\Extensions\IEPLugin32.dll
c:\users\lifestudio\AppData\Roaming\Mozilla\Firefox\Profiles\bnc822r2.default\extensions\kjdinh@euai-.co.uk
c:\users\lifestudio\AppData\Roaming\Mozilla\Firefox\Profiles\bnc822r2.default\extensions\kjdinh@euai-.co.uk\bootstrap.js
c:\users\lifestudio\AppData\Roaming\Mozilla\Firefox\Profiles\bnc822r2.default\extensions\kjdinh@euai-.co.uk\content\bg.js
c:\users\lifestudio\AppData\Roaming\Mozilla\Firefox\Profiles\bnc822r2.default\extensions\kjdinh@euai-.co.uk\content\wuP5mP7Nk.js
c:\users\lifestudio\AppData\Roaming\Mozilla\Firefox\Profiles\bnc822r2.default\extensions\kjdinh@euai-.co.uk\chrome.manifest
c:\users\lifestudio\AppData\Roaming\Mozilla\Firefox\Profiles\bnc822r2.default\extensions\kjdinh@euai-.co.uk\install.rdf
c:\windows\security\Database\tmp.edb
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2014-10-17 to 2014-11-17 )))))))))))))))))))))))))))))))
.
.
2014-11-17 14:25 . 2014-11-17 14:25 -------- d-----w- c:\users\FS\AppData\Local\temp
2014-11-17 14:25 . 2014-11-17 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-17 14:21 . 2014-11-17 14:21 -------- d-sh--w- c:\users\lifestudio\AppData\Local\EmieBrowserModeList
2014-11-14 13:36 . 2014-11-14 13:36 -------- d-----w- c:\users\lifestudio\AppData\Roaming\YCanPDF
2014-11-14 09:36 . 2014-11-14 09:36 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2014-11-06 08:20 . 2014-11-06 08:21 -------- d-----w- c:\program files\Google
2014-11-06 08:12 . 2014-11-06 08:13 -------- d-----w- c:\program files\trend micro
2014-11-06 08:12 . 2014-11-06 08:13 -------- d-----w- C:\rsit
2014-11-06 08:02 . 2014-11-06 08:02 -------- d-----w- c:\users\lifestudio\AppData\Roaming\AVG2015
2014-11-06 08:02 . 2014-11-06 08:02 -------- d-----w- c:\users\lifestudio\AppData\Roaming\TuneUp Software
2014-11-06 08:01 . 2014-11-06 08:09 -------- d-----w- c:\programdata\AVG2015
2014-11-06 08:01 . 2014-11-06 08:01 -------- d-----w- C:\$AVG
2014-11-06 08:01 . 2014-11-06 08:01 -------- d-----w- c:\program files\AVG
2014-11-06 07:59 . 2014-11-17 14:06 -------- d-----w- c:\programdata\MFAData
2014-11-06 07:59 . 2014-11-06 08:06 -------- d-----w- c:\users\lifestudio\AppData\Local\Avg2015
2014-11-06 07:59 . 2014-11-06 07:59 -------- d--h--w- c:\programdata\Common Files
2014-11-06 07:59 . 2014-11-06 07:59 -------- d-----w- c:\users\lifestudio\AppData\Local\MFAData
2014-11-06 07:35 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29B978FA-FAC9-48E3-8134-A656360B6C41}\mpengine.dll
2014-10-29 20:34 . 2014-10-29 20:34 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 16:40 . 2013-01-18 14:01 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-13 16:40 . 2013-01-18 14:01 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-28 05:35 . 2010-11-02 15:49 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-10 14:13 . 2014-10-10 14:13 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-05 20:42 . 2014-10-05 20:42 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-09-25 01:40 . 2014-10-03 14:20 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-09-24 11:24 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04 . 2014-10-16 09:58 372736 ----a-w- c:\windows\system32\rastls.dll
2014-08-28 20:43 . 2014-08-28 20:43 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-08-23 01:46 . 2014-08-28 14:01 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"LinkMagic for magicolor 1680MF"="c:\program files\KONICA MINOLTA\magicolor 1680MF\LinkMagic for magicolor 1680MF\lmmc1680.exe" [2008-08-26 5005312]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"EEDSpeedLauncher"="c:\windows\system32\eed_ec.dll" [2014-01-23 2260992]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-29 4826904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"NokiaInternetModem_AppStart.exe"="c:\program files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" [2011-12-02 142464]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-13 1688008]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 350072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-09 3653136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EEDSpeedLauncher"="c:\windows\system32\eed_ec.dll" [2014-01-23 2260992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-11-09 3488784]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 nokia_usb_modem_cpo;Nokia USB Modem Mass Storage Device;c:\windows\system32\DRIVERS\nokia_usb_modem_cpo.sys [2011-06-22 9984]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-03 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2012-06-13 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-18 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-10-29 213784]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2015\avgfws.exe [2014-11-09 1486664]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-11-09 298080]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2013-04-10 5120]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
S2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2012-06-13 248248]
S2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
S3 nokia_usb_modem_cdc_acm;Nokia USB Modem CDC-ACM driver;c:\windows\system32\DRIVERS\nokia_usb_modem_cdc_acm.sys [2011-06-22 67968]
S3 nokia_usb_modem_cdc_ecm;nokia_usb_modem_cdc_ecm;c:\windows\system32\DRIVERS\nokia_usb_modem_cdc_ecm.sys [2011-06-22 52224]
S3 nokia_usb_modem_ecm_enum;Nokia USB Modem DC Enumerator;c:\windows\system32\DRIVERS\nokia_usb_modem_ecm_enum.sys [2011-06-22 47488]
S3 nokia_usb_modem_ecm_enum_filter;nokia_usb_modem_ecm_enum_filter;c:\windows\system32\DRIVERS\nokia_usb_modem_ecm_enum_filter.sys [2011-06-22 47488]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-06 08:21 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 16:40]
.
2014-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-06 08:20]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-06 08:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
TCP: Interfaces\{4FFB0FE3-8E3A-46A8-B7D5-288790AD4714}: NameServer = 160.218.161.60 194.228.211.33
FF - ProfilePath - c:\users\lifestudio\AppData\Roaming\Mozilla\Firefox\Profiles\bnc822r2.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - fc0d653d00000000000020cf301d633c
FF - user.js: extensions.BabylonToolbar_i.hardId - fc0d653d00000000000020cf301d633c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15329
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\lifestudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-17 15:30:51
ComboFix-quarantined-files.txt 2014-11-17 14:30
.
Pre-Run: 217 869 795 328 bytes free
Post-Run: 217 490 202 624 bytes free
.
- - End Of File - - 0D6DE7EB67C8682BB86E2C031F04F946
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15729
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosim o kontrolu logu, PC je pravdepodobne zavireny.

#4 Příspěvek od JaRon »

teraz vycisti PC s ADWCleanerom a napis ci je to lepsie :???:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Odpovědět