Počítačová síť je zdrojem neobvyklého provozu - co s tím?

Zpráva

Larys2008 · #1 Příspěvek od **Larys2008** » 15 pro 2016 16:34

Ahoj, již několikátý den po sobě se mi při brouzdání na netu objevuje tato hláška: "Naše systémy zjistily, že vaše počítačová síť je zdrojem neobvyklého provozu." Sice pracuji z domova přes net, ale určitě bych neřekla že síť nějak neobvyke přetěžuji

takže předpokládám, že by se mohlo jednat o nějakou tu škodlivou havěť. Mám v nt placený Avast, ten ale samozřejmě nic nenašel. Stáhla jsem si AdwCleaner, ten našel 21 hrozeb, ale nevím co z toho můžu smazat a co ne. Poradil by mi někdo prosím? Nejsem zrovna ajťák. Díky

#2 Příspěvek od **Rudy** » 15 pro 2016 18:23

Zdravím!
Problém je v tom, že se jedná o vaši počítačovou síť. V praxi to znamená, že problém může způsobovat kterýkoli PC, do této sítě připojený (jedná se o síť vašeho poskytovatele internetu). Váš PC mohu vyčistit, ty ostatní ale nikoliv. Chcete-li dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Larys2008 · #3 Příspěvek od **Larys2008** » 15 pro 2016 21:08

Jasně, chápu. Chtěla bych mít ale v pořádku alespoň svůj PC pže ho moc moc potřebuji ke své práci. Mrknu na návod a pošlu log. Díky moc.

Tady to je:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Hell (administrator) on HELL-PC (15-12-2016 21:22:42)
Running from C:\Users\Hell\Desktop
Loaded Profiles: Hell (Available Profiles: Hell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINYE.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Users\Hell\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Hell\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
(Facebook) C:\Users\Hell\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTA331.tmp
(The CefSharp Authors) C:\Users\Hell\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF-XChange 6\pdfSaver6.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
() C:\Users\Hell\AppData\Local\Temp\adwcleaner\seznamSoftware.exe
(forum.viry.cz) C:\Users\Hell\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2452879547-3120754130-1047977325-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Hell\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2452879547-3120754130-1047977325-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Hell\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2452879547-3120754130-1047977325-1000\...\Run: [EPLTarget\P0000000000000003] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINYE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-09-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-10-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Hell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-12-02]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Hell\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0CFF688A-C067-47BD-A8F8-6E22D5181848}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D8A213AC-CAC6-4DCA-8942-420C8CBEE361}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2452879547-3120754130-1047977325-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
BHO-x32: PDF-XChange V6 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 6\PXCIEAddin6.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Toolbar: HKLM-x32 - PDF-XChange V6 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 6\PXCIEAddin6.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)

FireFox:
========
FF DefaultProfile: x2xycamr.default
FF ProfilePath: C:\Users\Hell\AppData\Roaming\Mozilla\Firefox\Profiles\x2xycamr.default [2016-12-15]
FF user.js: detected! => C:\Users\Hell\AppData\Roaming\Mozilla\Firefox\Profiles\x2xycamr.default\user.js [2016-06-20]
FF Extension: (Adblock Plus) - C:\Users\Hell\AppData\Roaming\Mozilla\Firefox\Profiles\x2xycamr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2452879547-3120754130-1047977325-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={9BD5FABA-4AB9-443C-A7C6-E11F983D36AF}&mid=081e7f502e1447d0b2f84ef1be8758df-e7eb8ce851c3488f33e9e26cc9339a073105437c&lang=&ds=&pr=&d=&v=15.3.0.11&pid=avg&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxp://www.google.com/","www.google.com"
CHR Profile: C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Prezentace Google) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-06]
CHR Extension: (Dokumenty Google) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-06]
CHR Extension: (Disk Google) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-06]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-20]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-12-11]
CHR Extension: (YouTube) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-06]
CHR Extension: (Avast SafePrice) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-20]
CHR Extension: (Tabulky Google) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-08]
CHR Extension: (Avast Online Security) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-06]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-12-11]
CHR Extension: (Gmail) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0152301481397399mcinstcleanup; C:\Windows\TEMP\015230~1.EXE [922152 2016-03-02] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [990656 2016-10-28] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-10-28] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-10-28] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-15 21:22 - 2016-12-15 21:23 - 00016649 _____ C:\Users\Hell\Desktop\FRST.txt
2016-12-15 21:21 - 2016-12-15 21:22 - 00000000 ____D C:\FRST
2016-12-15 21:17 - 2016-12-15 21:19 - 00112640 _____ (forum.viry.cz) C:\Users\Hell\Desktop\FRSTLauncher.exe
2016-12-15 21:10 - 2016-12-15 21:10 - 02420224 _____ (Farbar) C:\Users\Hell\Desktop\FRST64.exe
2016-12-14 09:32 - 2016-12-14 09:38 - 00000000 ____D C:\AdwCleaner
2016-12-14 09:22 - 2016-12-14 09:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hell\Downloads\hijackthis.exe
2016-12-14 09:21 - 2016-12-14 09:21 - 12341928 _____ C:\Users\Hell\Downloads\adwcleaner_6.030.exe
2016-12-09 17:50 - 2016-12-09 17:50 - 00015690 _____ C:\Users\Hell\Downloads\VŘ_Jihočeský k..odt
2016-12-09 17:41 - 2016-12-09 17:41 - 00018204 _____ C:\Users\Hell\Downloads\zápis z jednání komise koordinator Zlínský Kraj.odt
2016-12-09 17:41 - 2016-12-09 17:41 - 00018197 _____ C:\Users\Hell\Downloads\zápis z jednání komise_SčK.odt
2016-12-07 23:15 - 2016-12-07 23:18 - 00000000 ____D C:\Users\Hell\Downloads\VŘ
2016-12-07 15:54 - 2016-12-07 15:58 - 733999104 _____ C:\Users\Hell\Downloads\Kristian.avi
2016-12-07 12:23 - 2016-12-07 23:46 - 00000000 ____D C:\Users\Hell\Downloads\hodnocení komise_VŘ koordinátoři
2016-12-06 23:53 - 2016-12-06 23:54 - 00017328 _____ C:\Users\Hell\Desktop\zápis z jednání komise_šablona.odt
2016-11-29 22:30 - 2016-11-29 22:31 - 00021582 _____ C:\Users\Hell\Desktop\hodnocení.odt
2016-11-28 19:00 - 2016-11-28 19:00 - 00044390 _____ C:\Users\Hell\Downloads\Pirati.docx_1479553808110.pdf
2016-11-28 17:51 - 2016-11-28 17:51 - 10445850 _____ C:\Users\Hell\Downloads\Pirati.pdf
2016-11-27 21:21 - 2016-11-27 21:21 - 00116084 _____ C:\Users\Hell\Downloads\Gilmore.Girls.2016.S01E01.Winter.720p.WEBRip.x264-TheRival.srt
2016-11-27 21:21 - 2016-11-27 21:21 - 00000537 _____ C:\Users\Hell\Downloads\[CzT]Gilmore_Girls_A_Year_in_the_Life_S08E01_Winter_CZ_titulky.torrent
2016-11-27 20:34 - 2016-11-27 20:35 - 00000000 ____D C:\Users\Hell\Downloads\Gilmore.Girls.A.Year.In.The.Life.2016.COMPLETE.720p.WEBRip.x264-TheRival
2016-11-27 20:33 - 2016-11-27 20:34 - 00017079 _____ C:\Users\Hell\Downloads\[CzT]Gilmore_Girls_A_Year_in_the_Life_8_serie_WebRip_720p_.torrent
2016-11-23 19:21 - 2016-11-23 19:22 - 00313169 _____ C:\Users\Hell\Downloads\A4_piratsky_koordinator_TISK(1).pdf
2016-11-22 14:21 - 2016-11-22 14:24 - 289103134 _____ C:\Users\Hell\Downloads\takeout-20161122T115543Z.zip
2016-11-21 00:07 - 2016-12-13 16:40 - 00000000 ____D C:\Users\Hell\AppData\LocalLow\Mozilla
2016-11-20 13:17 - 2016-11-20 13:17 - 00313169 _____ C:\Users\Hell\Downloads\A4_piratsky_koordinator_TISK.pdf
2016-11-18 06:48 - 2016-12-07 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-16 00:37 - 2016-11-16 00:50 - 00013428 _____ C:\Users\Hell\Desktop\výkaz hodin_Hradečná_říjen 2016.ods
2016-11-16 00:32 - 2016-11-26 12:28 - 00021187 _____ C:\Users\Hell\Desktop\kraje.ods

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-15 20:54 - 2016-06-20 11:15 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-15 20:49 - 2016-07-19 12:49 - 00000240 _____ C:\Windows\Tasks\Booking_helper.job
2016-12-15 20:40 - 2016-08-06 14:28 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-15 20:37 - 2016-09-19 19:37 - 00000911 _____ C:\Windows\Tasks\EPSON L365 Series Update {F39DC1E4-4A1A-4CFC-95CB-58F9E0D02534}.job
2016-12-15 15:40 - 2016-08-06 14:28 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-14 22:44 - 2016-08-06 14:29 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 09:33 - 2016-08-10 14:37 - 00000000 ____D C:\Users\Hell\AppData\Roaming\Seznam.cz
2016-12-14 09:22 - 2016-06-18 00:35 - 00000000 ____D C:\Users\Hell\AppData\Local\VirtualStore
2016-12-13 22:54 - 2016-06-20 11:15 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 22:54 - 2016-06-20 11:15 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 22:54 - 2016-06-20 11:15 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 22:54 - 2016-06-20 11:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 22:54 - 2016-06-20 11:15 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-11 20:03 - 2016-06-20 14:53 - 00000000 ____D C:\Users\Hell\AppData\Local\Google
2016-12-10 20:18 - 2016-10-24 20:39 - 00000000 ____D C:\Program Files\TrueKey
2016-12-10 20:17 - 2016-10-24 20:49 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-12-10 20:16 - 2016-08-10 14:54 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-09 11:11 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-09 11:11 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-08 21:29 - 2016-09-14 08:35 - 00000000 ____D C:\Users\Hell\AppData\Roaming\Mumble
2016-12-07 20:07 - 2016-06-20 11:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-07 20:07 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-07 15:58 - 2016-06-21 21:04 - 00000000 ____D C:\Users\Hell\AppData\Roaming\uTorrent
2016-12-04 12:33 - 2016-06-20 11:12 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-02 23:06 - 2016-10-25 16:48 - 00001127 _____ C:\Users\Hell\Desktop\Facebook Gameroom.lnk
2016-12-02 23:06 - 2016-10-25 16:48 - 00000000 ____D C:\Users\Hell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2016-11-30 23:49 - 2016-07-19 12:49 - 00000000 ____D C:\Program Files (x86)\Booking.com
2016-11-28 16:39 - 2016-06-20 15:28 - 00000000 ____D C:\Users\Hell\AppData\Roaming\vlc
2016-11-27 01:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-23 02:17 - 2016-06-18 00:35 - 00000000 ____D C:\Users\Hell
2016-11-22 22:57 - 2016-06-20 15:29 - 00000000 ____D C:\Users\Hell\AppData\Roaming\Skype
2016-11-22 22:54 - 2016-06-20 15:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-22 22:53 - 2016-06-20 15:29 - 00000000 ____D C:\ProgramData\Skype
2016-11-20 23:00 - 2016-09-21 00:12 - 00024702 _____ C:\Users\Hell\Desktop\Piráti.odt
2016-11-16 14:50 - 2016-10-24 20:49 - 00000000 ____D C:\Users\Hell\AppData\Local\tkdata

==================== Files in the root of some directories =======

2016-10-03 15:27 - 2016-10-03 15:27 - 0003349 _____ () C:\Users\Hell\AppData\Local\recently-used.xbel
2016-10-25 18:19 - 2016-10-25 18:19 - 0007618 _____ () C:\Users\Hell\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Booking_helper.job => C:\PROGRA~2\Booking.com\BOOKIN~2.EXE
Task: C:\Windows\Tasks\EPSON L365 Series Update {F39DC1E4-4A1A-4CFC-95CB-58F9E0D02534}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNYE.EXE:/EXE:{F39DC1E4-4A1A-4CFC-95CB-58F9E0D02534} /F:Update
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Hell\Desktop" je 77 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#4 Příspěvek od **Rudy** » 15 pro 2016 21:20

Larys2008 · #5 Příspěvek od **Larys2008** » 15 pro 2016 21:46

Log vložen do upraveného příspěvku výše.

#6 Příspěvek od **Rudy** » 15 pro 2016 22:22

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Larys2008 · #7 Příspěvek od **Larys2008** » 15 pro 2016 23:06

# AdwCleaner v6.030 - Log soubor vytvořen 15/12/2016 na 22:59:47
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-12-15.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Hell - HELL-PC
# Beží od : C:\Users\Hell\AppData\Local\Temp\adwcleaner\setup.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Adresáře ] *****

[-] Adresář smazán:C:\Users\Hell\AppData\Roaming\GoldenGate
[-] Adresář smazán:C:\Users\Hell\AppData\Roaming\Booking_helper
[-] Adresář smazán:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com
[#] Adresář nelze smazat:C:\Program Files (x86)\Booking.com

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupce ] *****

***** [ Plánovač úloh ] *****

***** [ Registry ] *****

[-] Klíč smazán:HKU\S-1-5-21-2452879547-3120754130-1047977325-1000\Software\GoldenGate
[-] Klíč smazán:HKU\S-1-5-21-2452879547-3120754130-1047977325-1000\Software\PRODUCTSETUP
[-] Klíč smazán:HKU\S-1-5-21-2452879547-3120754130-1047977325-1000\Software\Booking.com
[-] Klíč smazán:HKU\S-1-5-21-2452879547-3120754130-1047977325-1000\Software\csastats
[#] Klíč smazán po restartování:HKCU\Software\GoldenGate
[#] Klíč smazán po restartování:HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartování:HKCU\Software\Booking.com
[#] Klíč smazán po restartování:HKCU\Software\csastats
[#] Klíč smazán po restartování:[x64] HKCU\Software\GoldenGate
[#] Klíč smazán po restartování:[x64] HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartování:[x64] HKCU\Software\Booking.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\csastats

***** [ Prohlížeče ] *****

[-] [C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazání:websearch.ask.com
[-] [C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazání:slunecnice.cz
[-] [C:\Users\Hell\AppData\Local\Google\Chrome\User Data\Default] [homepage] Smazání:hxxp://isearch.avg.com/?cid={9BD5FABA-4AB9-443C-A7C6-E11F983D36AF}&mid=081e7f502e1447d0b2f84ef1be8758df-e7eb8ce851c3488f33e9e26cc9339a073105437c&lang=&ds=&pr=&d=&v=15.3.0.11&pid=avg&sg=0&sap=hp

*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2507 Bajtů] - [15/12/2016 22:59:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [2710 Bajtů] - [14/12/2016 09:38:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [2784 Bajtů] - [15/12/2016 22:57:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2729 Bajtů] ##########

#8 Příspěvek od **Rudy** » 16 pro 2016 17:05

Dejte nový log FRST.

VIRY.CZ

Počítačová síť je zdrojem neobvyklého provozu - co s tím?

Počítačová síť je zdrojem neobvyklého provozu - co s tím?

Re: Počítačová síť je zdrojem neobvyklého provozu - co s tím

Re: Počítačová síť je zdrojem neobvyklého provozu - co s tím

Re: Počítačová síť je zdrojem neobvyklého provozu - co s tím

Re: Počítačová síť je zdrojem neobvyklého provozu - co s tím

Re: Počítačová síť je zdrojem neobvyklého provozu - co s tím

Re: Počítačová síť je zdrojem neobvyklého provozu - co s tím

Re: Počítačová síť je zdrojem neobvyklého provozu - co s tím