Dobrý večer,
po dlouhé době provádím preventivku ntb prarodičů, jede pomalu, po vyčištění jede rychleji, ale všiml jsem si jedné věci v logu, která mne vyděsila, protože může znamenat botnet a to:
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
Proto přikládám komplet FRST log a prosím o kompletní kontrolu. Adwcleaner i Malwarebytes jsem spustil už dávno předtím (logy obvykle pro sebe neukládám, takže je nemám), ale vím, že nic moc nenašli... Předem díky!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Uživatel (administrator) on VAIO on 20-12-2014 22:31:25
Running from C:\Users\Uživatel\Desktop
Loaded Profile: Uživatel (Available profiles: Uživatel & Administrátor)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\32788R22FWJFW\cmd.3XE
(NirSoft) C:\32788R22FWJFW\NirCmd.3XE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1670460788-1476655692-3562900708-1003\...\Run: [Sidebar] => %ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1670460788-1476655692-3562900708-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-22] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1670460788-1476655692-3562900708-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1670460788-1476655692-3562900708-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{96C92D93-2A36-486A-A6A7-2ABC625902C3}: [NameServer] 156.154.70.22,156.154.71.22
FireFox:
========
FF ProfilePath: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\fovat271.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: HTTPS-Everywhere - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\fovat271.default\Extensions\https-everywhere@eff.org [2014-11-22]
FF Extension: NoScript - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\fovat271.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-22]
FF Extension: Adblock Plus - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\fovat271.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 yksvc; C:\Windows\System32\yk62x64.dll [382976 2009-07-31] (Marvell)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7345632 2009-08-04] (Intel Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [25120 2009-05-28] (Sony Corporation)
S3 WinRing0_1_2_0; C:\Users\Uživatel\Desktop\ThrottleStop_600\WinRing0x64.sys [14544 2014-12-20] (OpenLibSys.org)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 22:31 - 2014-12-20 22:31 - 00007595 _____ () C:\Users\Uživatel\Desktop\FRST.txt
2014-12-20 22:31 - 2014-12-20 22:31 - 00000000 ____D () C:\FRST
2014-12-20 22:30 - 2014-12-20 22:30 - 02122240 _____ (Farbar) C:\Users\Uživatel\Desktop\FRST64.exe
2014-12-20 22:04 - 2014-12-20 22:04 - 00000000 ____D () C:\Qoobox
2014-12-20 22:03 - 2014-12-20 22:04 - 00000000 ___SD () C:\32788R22FWJFW
2014-12-20 22:03 - 2014-12-20 22:03 - 00000000 ____D () C:\Windows\erdnt
2014-12-20 21:58 - 2014-12-20 21:59 - 05601641 ____R (Swearware) C:\Users\Uživatel\Desktop\ComboFix.exe
2014-12-20 20:18 - 2014-12-20 20:18 - 17930928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-20 20:08 - 2014-12-20 20:08 - 00124448 _____ () C:\Users\Administrátor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-20 20:07 - 2014-12-20 20:07 - 00001397 _____ () C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-20 20:07 - 2014-12-20 20:07 - 00000000 ____D () C:\Users\Administrátor\AppData\Local\VirtualStore
2014-12-20 20:04 - 2014-12-20 19:51 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-20 19:52 - 2014-12-20 20:10 - 00007769 _____ () C:\zoek-results.log
2014-12-20 19:51 - 2014-12-20 20:02 - 00000000 ____D () C:\zoek_backup
2014-12-20 19:48 - 2014-12-20 22:16 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 19:48 - 2014-12-20 20:18 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-20 19:15 - 2014-12-20 19:15 - 01295360 _____ () C:\Users\Uživatel\Downloads\zoek.exe
2014-12-20 19:07 - 2014-12-20 19:07 - 00633831 _____ () C:\Users\Uživatel\Downloads\ThrottleStop_600.zip
2014-12-20 19:07 - 2014-12-20 19:07 - 00000000 ____D () C:\Users\Uživatel\Desktop\ThrottleStop_600
2014-12-20 19:00 - 2014-12-20 19:00 - 00000000 __SHD () C:\Users\Administrátor\AppData\Local\EmieUserList
2014-12-20 19:00 - 2014-12-20 19:00 - 00000000 __SHD () C:\Users\Administrátor\AppData\Local\EmieSiteList
2014-12-20 19:00 - 2014-12-20 19:00 - 00000000 __SHD () C:\Users\Administrátor\AppData\Local\EmieBrowserModeList
2014-12-20 19:00 - 2014-12-20 19:00 - 00000000 ____D () C:\Users\Administrátor\AppData\Roaming\Adobe
2014-12-20 18:43 - 2014-12-20 18:43 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\vlc
2014-12-20 18:39 - 2014-12-20 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-20 18:39 - 2014-12-20 18:39 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-20 18:38 - 2014-12-20 18:39 - 02166272 _____ () C:\Users\Uživatel\Downloads\adwcleaner_4.105.exe
2014-12-20 18:36 - 2014-12-20 18:37 - 24743106 _____ () C:\Users\Uživatel\Downloads\vlc-2.1.5-win32.exe
2014-12-20 18:35 - 2014-12-20 20:27 - 00000000 ____D () C:\Program Files\trend micro
2014-12-20 18:35 - 2014-12-20 18:35 - 00000000 ____D () C:\rsit
2014-12-19 17:51 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 17:51 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:23 - 2014-12-16 16:23 - 00001874 _____ () C:\Users\Uživatel\Downloads\smime.p7s
2014-12-11 09:39 - 2014-12-11 09:39 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 13:36 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 13:36 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 13:36 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 13:36 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 13:36 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 13:36 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 13:36 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 13:36 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 13:36 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 13:36 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 10:40 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 10:40 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 10:40 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 10:40 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 10:40 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 10:40 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 10:40 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 10:40 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 10:40 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 10:40 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 10:40 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 10:40 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 10:40 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 10:40 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 10:40 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 10:40 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 10:40 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 10:40 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 10:40 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 10:40 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 10:40 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 10:40 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 10:40 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 10:40 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 10:40 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 10:40 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 10:40 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 10:40 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 10:40 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 10:40 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 10:40 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 10:40 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 10:40 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 10:40 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 10:40 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 10:40 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 10:40 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 10:40 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 10:40 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 10:40 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 10:40 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 10:40 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 10:40 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 10:40 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 10:40 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 10:40 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 10:40 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 10:40 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 10:40 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 10:40 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 10:40 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 10:40 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 10:40 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 10:40 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 10:40 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 10:40 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 10:40 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 10:40 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 10:40 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 10:40 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 10:40 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 10:40 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 10:40 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 10:40 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 10:40 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 10:39 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 10:39 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 10:39 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 10:39 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 10:39 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 10:39 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 10:39 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 10:39 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 10:39 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 10:39 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 10:39 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 10:39 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 10:39 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 10:39 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-07 17:00 - 2014-12-07 17:00 - 00087242 _____ () C:\Users\Uživatel\Documents\Spolužáci z Pohořelic.ods
2014-11-23 09:42 - 2014-12-20 20:05 - 00001658 _____ () C:\Windows\PFRO.log
2014-11-22 17:04 - 2014-11-22 17:04 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\Macromedia
2014-11-22 17:03 - 2014-12-20 20:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-22 17:03 - 2014-12-20 20:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-22 16:49 - 2014-12-20 22:05 - 00002571 _____ () C:\Windows\setupact.log
2014-11-22 16:49 - 2014-11-22 16:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-22 16:35 - 2014-11-22 16:35 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-22 16:35 - 2014-11-22 16:35 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Mozilla
2014-11-22 16:35 - 2014-11-22 16:35 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\Mozilla
2014-11-22 16:35 - 2014-11-22 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-22 16:29 - 2014-12-20 20:07 - 00000000 ____D () C:\Users\Administrátor
2014-11-22 16:29 - 2014-11-22 16:29 - 00000020 ___SH () C:\Users\Administrátor\ntuser.ini
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Šablony
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Soubory cookie
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Poslední
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Okolní tiskárny
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Okolní síť
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Nabídka Start
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Dokumenty
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Documents\Obrázky
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Documents\Hudba
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Documents\Filmy
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\Data aplikací
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-11-22 16:29 - 2014-11-22 16:29 - 00000000 _SHDL () C:\Users\Administrátor\AppData\Local\Data aplikací
2014-11-22 16:29 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-22 16:29 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-22 15:25 - 2014-11-22 15:25 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\LibreOffice
2014-11-22 15:21 - 2014-11-22 15:22 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-11-22 15:20 - 2014-11-22 15:21 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-11-22 15:05 - 2014-11-22 15:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-22 14:59 - 2014-11-22 14:59 - 00001416 _____ () C:\Users\Uživatel\Documents\cc_20141122_145927.reg
2014-11-22 14:58 - 2014-11-22 14:58 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-11-22 14:57 - 2014-11-22 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-11-22 14:57 - 2014-11-22 14:57 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-11-22 13:01 - 2014-11-22 13:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-22 12:48 - 2014-11-22 12:48 - 00000000 ____D () C:\Windows\ERUNT
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 22:06 - 2009-08-18 03:04 - 00728338 _____ () C:\Windows\system32\perfh005.dat
2014-12-20 22:06 - 2009-08-18 03:04 - 00166540 _____ () C:\Windows\system32\perfc005.dat
2014-12-20 22:06 - 2009-07-14 06:13 - 01749746 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 20:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-20 20:17 - 2013-12-21 20:38 - 02030810 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 20:17 - 2009-07-14 05:45 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 20:17 - 2009-07-14 05:45 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 20:16 - 2012-11-08 23:40 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\VirtualStore
2014-12-20 20:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 20:05 - 2009-08-18 04:11 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-20 20:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-20 19:48 - 2013-09-21 13:17 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\Adobe
2014-12-20 19:43 - 2014-03-08 18:41 - 00000000 ____D () C:\inetpub
2014-12-20 19:03 - 2012-11-09 08:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-20 19:02 - 2009-08-18 17:22 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-12-20 18:59 - 2012-11-09 07:45 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-12-20 18:59 - 2009-08-18 17:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-11 09:39 - 2014-05-06 14:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 09:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 13:40 - 2013-09-21 19:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 13:37 - 2013-09-21 19:04 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-23 09:43 - 2009-07-14 05:45 - 00473336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-22 15:32 - 2013-12-21 20:37 - 00124448 _____ () C:\Users\Uživatel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-22 15:26 - 2014-02-03 21:50 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Foxit Software
2014-11-20 17:45 - 2009-07-14 06:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-16 22:26
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Trusted zone - prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Trusted zone - prosím o kontrolu logu
Zdravim 
Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu) 
Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Nebezpeci CFka
Nasel byste jeho log c:\combofix.txt
Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu) Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby" Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
Nasel byste jeho log c:\combofix.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Trusted zone - prosím o kontrolu logu
Díky za rychlou odpověď, moc tomu nerozumím, ComboFix jsem zatím pouze spustil a jsem u varování, řekl jsem si, že se radši zeptám tady. 
Rozumím tedy správně, že ho nemám spouštět?
Rozumím tedy správně, že ho nemám spouštět? Re: Trusted zone - prosím o kontrolu logu
Ne, nespoustet Uvedene O15 muzete fixnout v HJT"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Trusted zone - prosím o kontrolu logu
Dobře, a jinak je log čistý? Žádná známka nekalé aktivity? Děkuji.
Re: Trusted zone - prosím o kontrolu logu
Jelikoz je to uz prohnane zoek-em a ten pripadne stopy umi zahladit, tak tezko usuzovat, log vypada ale cisty...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Trusted zone - prosím o kontrolu logu
Hm, bohužel, to jsem ještě netušil že najdu tohle, asi vždycky nejdřív udělám sérii logů a potom se vrhnu na čištění, budiž to ponaučení. 
Takže asi budu hledat manuálně... Děkuji za pomoc, pro mne vyřešeno. 
Takže asi budu hledat manuálně... Děkuji za pomoc, pro mne vyřešeno.
Re: Trusted zone - prosím o kontrolu logu
Neni zac 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?