Stránka 1 z 1
kontrola logu
Napsal: 22 zář 2017 13:17
od marian34
Blbne mi firewall. Opravil som to cez sharedaccess.reg, ale po reštarte sa to opakuje. Firewall som vypol.
No niečo v PC stále drhne.
Kód: Vybrat vše
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:14:49, on 22.9.2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe
D:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
D:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
D:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
C:\totalcmd\TOTALCMD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EaseUS EPM Tray Agent] "D:\Program Files\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - D:\Documents and Settings\matko\Data aplikací\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - D:\Documents and Settings\matko\Data aplikací\ICQM\icq.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A3CD2D8-BF04-45E1-8D05-67B5DB099266}: NameServer = 8.8.8.8,8.8.4.4
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - D:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - D:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - D:\Program Files\WinPcap\rpcapd.exe
Re: kontrola logu
Napsal: 22 zář 2017 15:29
od Rudy
Zdravím!
Dejte log FRST:
https://forum.viry.cz/viewtopic.php?f=13&t=152707 . HijackThis je už dávno za zenitem.
Re: kontrola logu
Napsal: 22 zář 2017 15:49
od marian34
Ok, dík
Kód: Vybrat vše
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-09-2017
Ran by matko (administrator) on KUBKO (22-09-2017 16:45:55)
Running from D:\Documents and Settings\matko\Plocha
Loaded Profiles: matko (Available Profiles: matko & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) D:\WINDOWS\system32\rundll32.exe
() D:\Program Files\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe
(NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) D:\WINDOWS\system32\nvsvc32.exe
() D:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Software 2000 Limited) D:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) D:\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [EaseUS EPM Tray Agent] => D:\Program Files\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe [256144 2017-09-13] ()
HKU\S-1-5-21-839522115-746137067-2147011267-1004\...\MountPoints2: {5e124f26-030e-11e6-9a0b-001fd092a56c} - G:\LG_PC_Programs.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{5A3CD2D8-BF04-45E1-8D05-67B5DB099266}: [NameServer] 8.8.8.8,8.8.4.4
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-839522115-746137067-2147011267-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.sk/
HKU\S-1-5-21-839522115-746137067-2147011267-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-839522115-746137067-2147011267-1004 - Modul přiřazenà adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-839522115-746137067-2147011267-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\System32\browseui.dll [2008-04-14] (SpoleÄŤnost Microsoft)
FireFox:
========
FF ProfilePath: D:\Documents and Settings\matko\Data aplikacĂ\Mozilla\Firefox\Profiles\ljh5l6fv.default-1489234005718 [2017-09-22]
FF NetworkProxy: D:\Documents and Settings\matko\Data aplikacĂ\Mozilla\Firefox\Profiles\ljh5l6fv.default-1489234005718 -> socks", "127.0.0.1"
FF NetworkProxy: D:\Documents and Settings\matko\Data aplikacĂ\Mozilla\Firefox\Profiles\ljh5l6fv.default-1489234005718 -> socks_port", 9870
FF NetworkProxy: D:\Documents and Settings\matko\Data aplikacĂ\Mozilla\Firefox\Profiles\ljh5l6fv.default-1489234005718 -> type", 0
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-10-25] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-839522115-746137067-2147011267-1004: @acestream.net/acestreamplugin,version=3.1.0-b3 -> D:\Documents and Settings\matko\Data aplikacĂ\ACEStream\player\npace_plugin.dll [2014-12-12] (Innovative Digital Technologies)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; D:\WINDOWS\System32\6to4svc.dll [100352 2008-04-14] (Microsoft Corporation)
R2 EaseUS Agent; D:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [40080 2017-08-30] (CHENGDU YIWO Tech Development Co., Ltd)
S3 idsvc; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; D:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [32736 2017-06-20] (The OpenVPN Project) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; D:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2014-10-24] (Meetinghouse Data Communications) [File not signed]
S3 Ambfilt; D:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AndnetBus; D:\WINDOWS\System32\DRIVERS\lgandnetbus.sys [24576 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; D:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [25088 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; D:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [30208 2015-05-12] (LG Electronics Inc.)
S3 AR9271; D:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2013-06-29] (Atheros Communications, Inc.)
S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 epmntdrv; D:\WINDOWS\system32\epmntdrv.sys [20472 2016-01-14] ()
R0 EUBAKUP; D:\WINDOWS\System32\drivers\eubakup.sys [57080 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; D:\WINDOWS\System32\drivers\EUBKMON.sys [45816 2016-12-06] ()
R1 EUDSKACS; D:\WINDOWS\system32\drivers\eudskacs.sys [19960 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; D:\WINDOWS\system32\drivers\EuFdDisk.sys [193784 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; D:\WINDOWS\system32\EuGdiDrv.sys [10208 2016-07-11] ()
R2 Ext2Fsd; D:\WINDOWS\system32\Drivers\Ext2Fsd.sys [688920 2014-08-26] (www.ext2fsd.com)
R3 FTDIBUS; D:\WINDOWS\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R2 giveio; D:\Sat\PIC\icprog.sys [5248 2017-01-21] () [File not signed]
S3 Monfilt; D:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MPE; D:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NPF; D:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RT73; D:\WINDOWS\System32\DRIVERS\rt73.sys [255232 2006-03-08] (Ralink Technology, Corp.)
R3 tap0901; D:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R1 Tcpip6; D:\WINDOWS\System32\DRIVERS\tcpip6.sys [225664 2008-04-14] (Microsoft Corporation)
R2 thdudf; D:\WINDOWS\System32\DRIVERS\thdudf.sys [66944 2013-11-04] (TOSHIBA Corporation) [File not signed]
S3 TTUSB2BDA; D:\WINDOWS\System32\DRIVERS\ttusb2bda.sys [581888 2012-05-24] (TechnoTrend Goerler GmbH)
S3 UDST7000BDA; D:\WINDOWS\System32\Drivers\UDST7000BDA.sys [433168 2009-07-20] (TechniSat Digital S.A.)
S3 UDST7000HID; D:\WINDOWS\System32\drivers\UDST7000HID.sys [23568 2009-07-20] (TechniSat Digital S.A.)
S4 IntelIde; no ImagePath
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-22 16:45 - 2017-09-22 16:46 - 000009875 _____ D:\Documents and Settings\matko\Plocha\FRST.txt
2017-09-22 16:45 - 2017-09-22 16:45 - 001796096 _____ (Farbar) D:\Documents and Settings\matko\Plocha\FRST.exe
2017-09-22 16:45 - 2017-09-22 16:45 - 000000000 ____D D:\FRST
2017-09-22 16:41 - 2017-09-22 16:41 - 000112640 _____ (forum.viry.cz) D:\FRSTLauncher.exe
2017-09-22 15:26 - 2017-09-22 15:30 - 000000028 _____ D:\WINDOWS\OutLog.txt
2017-09-22 14:06 - 2017-09-22 14:05 - 000388608 _____ (Trend Micro Inc.) D:\Program Files\hijackthis.exe
2017-09-22 11:06 - 2017-09-22 13:16 - 000001320 _____ D:\WINDOWS\SchedLgU.Txt
2017-09-21 21:11 - 2017-09-21 21:24 - 000000000 ____D D:\Documents and Settings\matko\Data aplikacĂ\microMon
2017-09-21 21:11 - 2017-09-21 21:11 - 000000661 _____ D:\Documents and Settings\All Users\NabĂdka Start\Programy\microMon.lnk
2017-09-21 21:11 - 2017-09-21 21:11 - 000000000 ____D D:\Program Files\microMon
2017-09-21 12:55 - 2017-09-21 12:55 - 000000000 ____D D:\Documents and Settings\All Users\NabĂdka Start\Programy\EaseUS Todo Backup 10.6
2017-09-21 12:55 - 2017-09-21 12:55 - 000000000 ____D D:\Documents and Settings\All Users\Data aplikacĂ\SystemAcCrux
2017-09-21 12:55 - 2016-12-06 02:45 - 000193784 _____ (CHENGDU YIWO Tech Development Co., Ltd) D:\WINDOWS\system32\Drivers\EuFdDisk.sys
2017-09-21 12:55 - 2016-12-06 02:45 - 000057080 _____ (CHENGDU YIWO Tech Development Co., Ltd) D:\WINDOWS\system32\Drivers\eubakup.sys
2017-09-21 12:55 - 2016-12-06 02:45 - 000045816 _____ D:\WINDOWS\system32\Drivers\EUBKMON.sys
2017-09-21 12:55 - 2016-12-06 02:45 - 000019960 _____ (CHENGDU YIWO Tech Development Co., Ltd) D:\WINDOWS\system32\Drivers\eudskacs.sys
2017-09-21 12:54 - 2016-12-06 02:46 - 000021696 _____ (CHENGDU YIWO Tech Development Co., Ltd) D:\WINDOWS\system32\fbnative.exe
2017-09-21 12:53 - 2017-09-21 12:54 - 000000000 ____D D:\Program Files\EaseUS
2017-09-21 12:53 - 2017-09-21 12:53 - 000000000 ____D D:\Documents and Settings\All Users\NabĂdka Start\Programy\EaseUS Partition Master 12.5
2017-09-21 12:53 - 2017-09-13 11:10 - 003037328 _____ D:\WINDOWS\system32\BootMan.exe
2017-09-21 12:53 - 2016-07-11 10:01 - 000088160 _____ D:\WINDOWS\system32\setupempdrv03.exe
2017-09-21 12:53 - 2016-07-11 10:01 - 000010208 _____ D:\WINDOWS\system32\EuGdiDrv.sys
2017-09-21 12:53 - 2016-07-08 15:28 - 000248832 _____ D:\WINDOWS\system32\epmntdrv.pdb
2017-09-21 12:53 - 2016-01-14 10:05 - 000020472 _____ D:\WINDOWS\system32\epmntdrv.sys
2017-09-21 12:53 - 2014-11-18 14:46 - 000021088 _____ D:\WINDOWS\system32\EuEpmGdi.dll
2017-09-21 10:34 - 2017-09-21 11:28 - 000000000 ____D D:\Program Files\PowerArchiver
2017-09-21 10:34 - 2017-09-21 10:34 - 000001657 _____ D:\Documents and Settings\matko\NabĂdka Start\PowerArchiver 2017.lnk
2017-09-21 10:34 - 2017-09-21 10:34 - 000000000 ____D D:\Documents and Settings\All Users\NabĂdka Start\Programy\PowerArchiver 2017
2017-09-18 11:21 - 2017-09-18 11:21 - 000000000 ____D D:\Program Files\BEL
2017-09-18 11:17 - 2017-09-18 11:17 - 000000000 ___RD D:\Documents and Settings\matko\Dokumenty\Obrázky
2017-09-18 11:17 - 2017-09-18 11:17 - 000000000 ____D D:\Documents and Settings\matko\Dokumenty\ZOC7 Files
2017-09-18 11:17 - 2017-09-18 11:17 - 000000000 ____D D:\Documents and Settings\matko\Data aplikacĂ\EmTec
2017-09-12 11:46 - 2017-09-12 11:46 - 000000000 ____D D:\Documents and Settings\matko\Data aplikacĂ\HandBrake
2017-09-12 11:38 - 2017-09-12 11:38 - 000000000 ____D D:\Documents and Settings\matko\Data aplikacĂ\Digiarty
2017-09-06 17:23 - 2017-09-22 14:52 - 000001394 _____ D:\Documents and Settings\matko\advanced_ip_scanner_MAC.bin
2017-09-04 15:10 - 2017-09-04 15:11 - 000000000 ____D D:\Program Files\TAP-Windows
2017-09-04 15:10 - 2017-09-04 15:11 - 000000000 ____D D:\Program Files\OpenVPN
2017-09-04 15:10 - 2017-09-04 15:11 - 000000000 ____D D:\Documents and Settings\All Users\NabĂdka Start\Programy\OpenVPN
2017-09-04 15:10 - 2017-09-04 15:10 - 000000000 ____D D:\Documents and Settings\All Users\NabĂdka Start\Programy\TAP-Windows
2017-08-26 14:26 - 2017-08-26 14:26 - 000000000 ____D D:\Documents and Settings\matko\.OneStep
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-22 16:46 - 2014-10-24 19:49 - 000000000 ____D D:\Documents and Settings\matko\Local Settings\Temp
2017-09-22 16:45 - 2014-10-24 19:49 - 000000000 ___HD D:\Documents and Settings\matko\Local Settings\Data aplikacĂ
2017-09-22 16:45 - 2014-10-24 19:49 - 000000000 ____D D:\Documents and Settings\matko\Plocha
2017-09-22 16:43 - 2014-10-24 21:39 - 000004046 _____ D:\WINDOWS\WINCMD.INI
2017-09-22 14:56 - 2014-10-25 00:25 - 000009036 _____ D:\WINDOWS\system32\nvAppTimestamps
2017-09-22 14:04 - 2014-10-24 19:45 - 000000006 ____H D:\WINDOWS\Tasks\SA.DAT
2017-09-22 13:16 - 2014-10-24 19:49 - 000000272 ___SH D:\Documents and Settings\matko\ntuser.ini
2017-09-22 13:07 - 2014-10-24 19:49 - 000000000 ___RD D:\Documents and Settings\matko\NabĂdka Start\Programy
2017-09-22 12:29 - 2014-10-24 19:49 - 000000000 ____D D:\Documents and Settings\matko
2017-09-22 11:59 - 2014-10-26 15:09 - 000001172 _____ D:\WINDOWS\wcx_ftp.ini
2017-09-22 11:36 - 2014-10-27 18:53 - 000000000 ____D D:\Sat
2017-09-22 11:00 - 2014-10-24 21:32 - 000000000 ____D D:\WINDOWS\security
2017-09-22 10:52 - 2017-03-12 21:00 - 000000000 ____D D:\Program Files\Mozilla Firefox
2017-09-22 10:42 - 2003-04-16 14:00 - 000002422 _____ D:\WINDOWS\system32\wpa.dbl
2017-09-21 23:00 - 2014-10-25 00:32 - 000000000 ____D D:\Documents and Settings\matko\Data aplikacĂ\vlc
2017-09-21 21:11 - 2014-10-24 21:38 - 000000000 ___RD D:\Documents and Settings\All Users\NabĂdka Start\Programy
2017-09-21 21:11 - 2014-10-24 19:49 - 000000000 __RHD D:\Documents and Settings\matko\Data aplikacĂ
2017-09-21 15:02 - 2014-11-21 13:34 - 000000600 _____ D:\Documents and Settings\matko\Local Settings\Data aplikacĂ\PUTTY.RND
2017-09-21 15:02 - 2014-10-24 21:38 - 000000000 ____D D:\Documents and Settings\All Users\Plocha
2017-09-21 14:59 - 2016-04-08 13:40 - 000000600 _____ D:\Documents and Settings\matko\Data aplikacĂ\winscp.rnd
2017-09-21 12:55 - 2014-10-24 21:38 - 000000000 __RHD D:\Documents and Settings\All Users\Data aplikacĂ
2017-09-21 11:46 - 2017-07-23 07:34 - 000000000 ____D D:\Program Files\Mozilla Thunderbird
2017-09-21 10:34 - 2014-10-24 22:20 - 000043728 _____ D:\Documents and Settings\matko\Local Settings\Data aplikacĂ\GDIPFONTCACHEV1.DAT
2017-09-21 10:34 - 2014-10-24 19:49 - 000000000 ___RD D:\Documents and Settings\matko\NabĂdka Start
2017-09-21 09:54 - 2017-06-24 20:10 - 000000000 ____D D:\Iva
2017-09-19 07:39 - 2014-10-24 21:37 - 000198552 _____ D:\WINDOWS\system32\FNTCACHE.DAT
2017-09-18 11:17 - 2014-10-24 19:49 - 000000000 ___RD D:\Documents and Settings\matko\Dokumenty
2017-09-17 19:24 - 2015-05-30 17:34 - 000000000 ____D D:\Documents and Settings\matko\Data aplikacĂ\.ACEStream
2017-09-12 11:52 - 2014-10-25 00:34 - 000361986 _____ D:\Documents and Settings\LocalService\Local Settings\Data aplikacĂ\WPFFontCache_v0400-S-1-5-21-839522115-746137067-2147011267-1004-0.dat
2017-09-12 11:52 - 2014-10-25 00:34 - 000194178 _____ D:\Documents and Settings\LocalService\Local Settings\Data aplikacĂ\WPFFontCache_v0400-System.dat
2017-09-09 09:36 - 2014-10-26 14:11 - 000000000 ____D D:\Program Files\DVBViewer
2017-09-05 15:43 - 2014-10-24 21:32 - 000000000 ___HD D:\WINDOWS\inf
2017-09-05 09:23 - 2017-01-08 19:08 - 000000000 ____D D:\Documents and Settings\matko\Data aplikacĂ\NVIDIA
==================== Files in the root of some directories =======
2017-09-22 14:06 - 2017-09-22 14:05 - 000388608 _____ (Trend Micro Inc.) D:\Program Files\hijackthis.exe
2017-09-22 14:14 - 2017-09-22 14:14 - 000004244 _____ () D:\Program Files\hijackthis.log
2016-04-08 13:40 - 2017-09-21 14:59 - 000000600 _____ () D:\Documents and Settings\matko\Data aplikacĂ\winscp.rnd
2017-07-17 11:15 - 2017-07-17 11:15 - 000003584 _____ () D:\Documents and Settings\matko\Local Settings\Data aplikacĂ\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-21 13:34 - 2017-09-21 15:02 - 000000600 _____ () D:\Documents and Settings\matko\Local Settings\Data aplikacĂ\PUTTY.RND
2015-12-19 16:47 - 2015-12-19 16:47 - 000005088 _____ () D:\Documents and Settings\All Users\Data aplikacĂ\mxnhytee.feu
Some files in TEMP:
====================
2014-11-08 10:33 - 2015-06-21 19:56 - 000610816 _____ () D:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
2014-11-08 10:47 - 2014-10-17 13:39 - 000665682 _____ (SQLite Development Team) D:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\dnsapi.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:97.65 GB) (Free:50.93 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:49.33 GB) (Free:35.35 GB) NTFS
Drive e: (FAT32) (Fixed) (Total:137.55 GB) (Free:122.99 GB) FAT32
Available physical RAM: 2502.8 MB
Total physical RAM: 3326.42 MB
Percentage of memory in use: 24%
==================== MBR and Partition Table ==================
2017-09-21 12:54 - 2016-12-06 02:43 - 000195776 _____ () D:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
Disk: 0 (Size: 465.8 GB) (Disk ID: 0D7A0D79)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137.6 GB) - (Type=0C)
Partition 4: (Not Active) - (Size=181.2 GB) - (Type=05)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "D:\Documents and Settings\matko\Plocha" je 1 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\915adadfa5a9dad14c1243dd9082365d
"D:\Documents and Settings\matko\Local Settings\Temp\winlogen.exe" .. [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceStream
D:\Documents and Settings\matko\Data aplikací\ACEStream\engine\ace_engine.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceWebExtensionUpdater
D:\Documents and Settings\matko\Data aplikací\AceWebExtension\updater\ace_web_extension.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE
D:\WINDOWS\System32\CTFMON.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"D:\Documents and Settings\matko\Data aplikací\Seznam.cz\szninstall.exe" -c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"D:\Documents and Settings\matko\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq
D:\Documents and Settings\matko\Data aplikací\ICQM\icq.exe -CU [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
%systemroot%\system32\dumprep 0 -k [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend
"D:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
D:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL
"D:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
Re§im ECHO je vypnut.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk
D:\PROGRA~1\RALINK\Common\RaUI.exe -s [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^matko^Nabídka Start^Programy^Po spuštění^915adadfa5a9dad14c1243dd9082365d.exe
D:\Documents and Settings\matko\Nabídka Start\Programy\Po spuštění\915adadfa5a9dad14c1243dd9082365d.exe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
==================== End Of Log ==============================
Re: kontrola logu
Napsal: 22 zář 2017 16:42
od Rudy
Teď spusťte tuto utilitu:
Re: kontrola logu
Napsal: 22 zář 2017 17:09
od marian34
Ten som už spustil predtým, teraz už nenájde žiadne hrozby.
Re: kontrola logu
Napsal: 22 zář 2017 17:21
od Rudy
OK. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-839522115-746137067-2147011267-1004\...\MountPoints2: {5e124f26-030e-11e6-9a0b-001fd092a56c} - G:\LG_PC_Programs.exe
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 IntelIde; no ImagePath
D:\Documents and Settings\matko\Local Settings\Temp
D:\Documents and Settings\Administrator\Local Settings\Temp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Re: kontrola logu
Napsal: 22 zář 2017 17:29
od marian34
Kód: Vybrat vše
Fix result of Farbar Recovery Scan Tool (x86) Version: 20-09-2017
Ran by matko (22-09-2017 18:24:33) Run:1
Running from D:\Documents and Settings\matko\Plocha
Loaded Profiles: matko (Available Profiles: matko & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-839522115-746137067-2147011267-1004\...\MountPoints2: {5e124f26-030e-11e6-9a0b-001fd092a56c} - G:\LG_PC_Programs.exe
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 IntelIde; no ImagePath
D:\Documents and Settings\matko\Local Settings\Temp
D:\Documents and Settings\Administrator\Local Settings\Temp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
EmptyTemp:
End
*****************
HKU\S-1-5-21-839522115-746137067-2147011267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e124f26-030e-11e6-9a0b-001fd092a56c} => key removed successfully.
HKLM\Software\Classes\CLSID\{5e124f26-030e-11e6-9a0b-001fd092a56c} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
"D:\Documents and Settings\matko\Local Settings\Temp" folder move:
Could not move "D:\Documents and Settings\matko\Local Settings\Temp" => Scheduled to move on reboot.
D:\Documents and Settings\Administrator\Local Settings\Temp => moved successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck => Error: No automatic fix found for this entry.
=========== EmptyTemp: ==========
BITS transfer queue => 4096 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 10067 B
Java, Flash, Steam htmlcache => 26 B
Windows/system/dllcache/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 83460613 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 115316 B
LocalService => 628 B
NetworkService => 628 B
matko => 656019 B
Administrator => 115064 B
RecycleBin => 0 B
EmptyTemp: => 80.5 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-09-2017 18:27:26)
D:\Documents and Settings\matko\Local Settings\Temp => moved successfully
==== End of Fixlog 18:27:26 ====
Re: kontrola logu
Napsal: 22 zář 2017 18:06
od Rudy
Smazáno. Nastala nějaká změna?
Re: kontrola logu
Napsal: 22 zář 2017 18:24
od marian34
Jj, vyzerá to ok. Odinštaloval som ešte nejaký EasyUS, s čím som niečo formátoval.
Firewall už nepadá a štart je tiež svižný ako predtým.
Dííík.
Re: kontrola logu
Napsal: 22 zář 2017 18:59
od Rudy
Rádo se stalo!
