Prosím o preventivní kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
Uživatelský avatar
Mety
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: duben 12
Bydliště: Markvartovice
Pohlaví: Muž
Stav:
Offline

Prosím o preventivní kontrolu logu

Příspěvekod Mety » 15 dub 2015 22:34

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:40, on 15.4.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16636)


Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\OSCAR Editor X7\OscarEditor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Maty\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Maty\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Maty\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-21-841204282-3179981326-29079518-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor X7\OscarEditor.exe" Minimum (User '?')
O4 - HKUS\S-1-5-21-841204282-3179981326-29079518-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-841204282-3179981326-29079518-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Spotify Web Helper] "C:\Users\Maty\AppData\Roaming\Spotify\SpotifyWebHelper.exe" (User '?')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 5382 bytes


Log z MbAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15.4.2015
Čas skenování: 22:23:32
Protokol: mbam.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.15.08
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: Maty

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 295932
Uplynulý čas: 9 min, 13 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)
Nahoru
Reklama
Top
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod jaro3 » 16 dub 2015 10:02

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Mety
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: duben 12
Bydliště: Markvartovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod Mety » 16 dub 2015 21:04

Log z AdwCleaner:

# AdwCleaner v4.201 - Log vytvořen 16/04/2015 v 20:57:27
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-15.1 [Server]
# Operační system : Windows Vista (TM) Home Basic Service Pack 2 (x86)
# Uživatelské jméno : Maty - MATY-PC
# Spuštěno z : C:\Users\Maty\Downloads\adwcleaner_4.201.exe
# Nastavení : Sken

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v9.0.8112.16636


-\\ Google Chrome v42.0.2311.90


*************************

AdwCleaner[R0].txt - [630 bytů] - [16/04/2015 20:57:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [687 bytů] ##########
Nahoru
Uživatelský avatar
Mety
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: duben 12
Bydliště: Markvartovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod Mety » 16 dub 2015 21:11

Log z RogueKiller:

RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Maty [Práva správce]
Started from : C:\Users\Maty\Downloads\RogueKiller.exe
Mód : Prohledat -- Datum : 04/16/2015 21:10:18

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2638EB51-29A1-4AF2-995D-F44D9748314E} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2638EB51-29A1-4AF2-995D-F44D9748314E} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-841204282-3179981326-29079518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-841204282-3179981326-29079518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-841204282-3179981326-29079518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-841204282-3179981326-29079518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 1 (Driver: Nahrán) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\atikmdag.sys)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000VX000-1CU162 ATA Device +++++
--- User ---
[MBR] bc1f70ca82fe41af5e18ad0668339552
[BSP] 4a7660a9d6aeed8370c112f687a8da93 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_SCN_07202014_204557.log - RKreport_SCN_07212014_124355.log - RKreport_DEL_07212014_124653.log - RKreport_SCN_09252014_220703.log
RKreport_SCN_09262014_115219.log - RKreport_DEL_09262014_115339.log - RKreport_SCN_11112014_204418.log - RKreport_SCN_11142014_140509.log
RKreport_SCN_11152014_151120.log - RKreport_DEL_11152014_151244.log - RKreport_SCN_01192015_150035.log - RKreport_SCN_01202015_011358.log
RKreport_DEL_01202015_011439.log - RKreport_SCN_02072015_124428.log - RKreport_SCN_02092015_113148.log - RKreport_DEL_02092015_113833.log
RKreport_SCN_03102015_014553.log - RKreport_SCN_03102015_163631.log - RKreport_DEL_03102015_163704.log
Nahoru
Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod jerabina » 16 dub 2015 21:14

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

===================================================

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

===================================================

Proveď znovu kontrolu v Malwarebytes' Anti-Malware a vlož sem prosím log.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Nahoru
Uživatelský avatar
Mety
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: duben 12
Bydliště: Markvartovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod Mety » 16 dub 2015 21:48

Log z RogueKiller po smazání:

RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Maty [Práva správce]
Started from : C:\Users\Maty\Downloads\RogueKiller.exe
Mód : Smazat -- Datum : 04/16/2015 21:47:36

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2638EB51-29A1-4AF2-995D-F44D9748314E} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2638EB51-29A1-4AF2-995D-F44D9748314E} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-841204282-3179981326-29079518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-841204282-3179981326-29079518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-841204282-3179981326-29079518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-841204282-3179981326-29079518-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost -> Smazáno

¤¤¤ Antirootkit : 1 (Driver: Nahrán) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\atikmdag.sys)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000VX000-1CU162 ATA Device +++++
--- User ---
[MBR] bc1f70ca82fe41af5e18ad0668339552
[BSP] 4a7660a9d6aeed8370c112f687a8da93 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_SCN_07202014_204557.log - RKreport_SCN_07212014_124355.log - RKreport_DEL_07212014_124653.log - RKreport_SCN_09252014_220703.log
RKreport_SCN_09262014_115219.log - RKreport_DEL_09262014_115339.log - RKreport_SCN_11112014_204418.log - RKreport_SCN_11142014_140509.log
RKreport_SCN_11152014_151120.log - RKreport_DEL_11152014_151244.log - RKreport_SCN_01192015_150035.log - RKreport_SCN_01202015_011358.log
RKreport_DEL_01202015_011439.log - RKreport_SCN_02072015_124428.log - RKreport_SCN_02092015_113148.log - RKreport_DEL_02092015_113833.log
RKreport_SCN_03102015_014553.log - RKreport_SCN_03102015_163631.log - RKreport_DEL_03102015_163704.log - RKreport_SCN_04162015_211018.log
RKreport_SCN_04162015_214052.log
Nahoru
mople71
Level 3.5
Level 3.5
Příspěvky: 662
Registrován: listopad 14
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod mople71 » 16 dub 2015 21:56

Stáhni si prosím FRST: http://www.bleepingcomputer.com/downloa ... ool/dl/81/

Ulož na Plochu, spusť jako Správce, potvrď licenci a klikni na tlačítko Scan. Vše ponech v základním nastavení, nic nezatrhávej.

Po dokončení skenu na tebe vyjedou dva logy, oba sem prosím zkopíruj.
Nahoru
Uživatelský avatar
Mety
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: duben 12
Bydliště: Markvartovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod Mety » 16 dub 2015 22:45

Log 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by Maty (administrator) on MATY-PC on 16-04-2015 22:40:10
Running from C:\Users\Maty\Downloads
Loaded Profiles: Maty (Available profiles: Maty)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\OSCAR Editor X7\OscarEditor.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Spotify Ltd) C:\Users\Maty\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
() C:\Windows\System32\PnkBstrA.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11483752 2011-11-18] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-13] (Avast Software s.r.o.)
HKU\S-1-5-21-841204282-3179981326-29079518-1000\...\Run: [OscarEditor] => C:\Program Files\OSCAR Editor X7\OscarEditor.exe [3340288 2012-03-20] ()
HKU\S-1-5-21-841204282-3179981326-29079518-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-841204282-3179981326-29079518-1000\...\Run: [Spotify Web Helper] => C:\Users\Maty\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-02] (Spotify Ltd)
HKU\S-1-5-21-841204282-3179981326-29079518-1000\...\MountPoints2: {1177b9dd-302a-11e4-9cc4-50e549154c09} - I:\Startme.exe
HKU\S-1-5-21-841204282-3179981326-29079518-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
ShortcutTarget: GamePark klient 2.lnk -> C:\Program Files\GamePark2\gpcl.exe (Allstar Group, s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-841204282-3179981326-29079518-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-13] (Avast Software s.r.o.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-24]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-26]
CHR Extension: (Google Docs) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (YouTube) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Google Search) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Google Sheets) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-26]
CHR Extension: (AdBlock) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-11]
CHR Extension: (Bookmark Manager) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Avast Online Security) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-20]
CHR Extension: (Google Wallet) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\Maty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-13] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-22] (Avast Software)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2014-06-28] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-13] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-13] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-13] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-13] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-13] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-13] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [97296 2010-11-17] (Advanced Micro Devices)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2014-08-30] (Sony Mobile Communications)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [84080 2011-08-11] (Atheros Communications, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-22] (Avast Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 22:40 - 2015-04-16 22:40 - 00012206 _____ () C:\Users\Maty\Downloads\FRST.txt
2015-04-16 22:40 - 2015-04-16 22:40 - 00000000 ____D () C:\FRST
2015-04-16 22:38 - 2015-04-16 22:38 - 01137152 _____ (Farbar) C:\Users\Maty\Downloads\FRST.exe
2015-04-16 21:04 - 2015-04-16 21:04 - 16866392 _____ () C:\Users\Maty\Downloads\RogueKiller.exe
2015-04-16 20:57 - 2015-04-16 20:58 - 00000000 ____D () C:\AdwCleaner
2015-04-16 20:56 - 2015-04-16 20:56 - 02217984 _____ () C:\Users\Maty\Downloads\adwcleaner_4.201.exe
2015-04-16 20:51 - 2015-04-16 20:51 - 00448512 _____ (OldTimer Tools) C:\Users\Maty\Downloads\TFC.exe
2015-04-15 22:26 - 2015-04-15 22:26 - 00005383 _____ () C:\Users\Maty\Documents\hijackthis.log
2015-04-15 22:24 - 2015-04-15 22:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Maty\Downloads\HijackThis.exe
2015-04-15 14:53 - 2015-04-16 20:30 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-15 14:53 - 2014-11-14 21:47 - 00011839 _____ () C:\Users\Maty\Documents\config.cfg
2015-04-15 14:53 - 2014-08-01 11:58 - 00001781 _____ () C:\Users\Maty\Documents\autoexec.cfg
2015-04-15 14:51 - 2015-04-15 14:51 - 00005151 _____ () C:\Users\Maty\Downloads\file_169914933144432_4661_0.rar
2015-04-15 13:59 - 2015-04-15 13:59 - 00000215 _____ () C:\Users\Maty\Desktop\Sniper Elite V2.url
2015-04-15 13:57 - 2015-04-15 13:57 - 00000213 _____ () C:\Users\Maty\Desktop\Counter-Strike Global Offensive.url
2015-04-15 13:49 - 2015-04-16 22:32 - 00000000 ____D () C:\Program Files\Steam
2015-04-15 13:49 - 2015-04-15 13:49 - 00000720 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-15 13:49 - 2015-04-15 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-15 13:15 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 13:08 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 13:07 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 13:07 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 13:07 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 13:07 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 13:07 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 13:00 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 13:00 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 13:00 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 13:00 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 13:00 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 13:00 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 13:00 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 13:00 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 13:00 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 13:00 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 13:00 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 13:00 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 13:00 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 13:00 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 13:00 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 13:00 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 13:00 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 13:00 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 13:00 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 13:00 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 13:00 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 13:00 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-14 22:48 - 2015-04-14 22:48 - 00000000 ____D () C:\Users\Maty\AppData\Local\openvr
2015-04-13 14:11 - 2015-04-16 20:30 - 00002330 _____ () C:\Windows\PFRO.log
2015-04-13 14:09 - 2015-04-13 14:09 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-13 14:09 - 2015-04-13 14:09 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-02 22:39 - 2015-04-02 22:39 - 00000000 ____D () C:\Users\Maty\AppData\Roaming\WinRAR
2015-03-22 16:28 - 2015-03-22 16:29 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-17 16:32 - 2015-03-17 16:32 - 00000000 ____D () C:\Users\Maty\AppData\Local\Microsoft Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 22:13 - 2006-11-02 12:33 - 01531410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 22:09 - 2006-11-02 14:49 - 01929313 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 22:05 - 2015-02-11 17:51 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-16 22:05 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-16 22:05 - 2006-11-02 14:45 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-16 22:05 - 2006-11-02 14:45 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-16 22:00 - 2006-11-02 14:58 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-16 21:57 - 2014-05-18 01:52 - 00000000 ____D () C:\Users\Maty\AppData\Roaming\vlc
2015-04-16 21:56 - 2015-02-11 17:51 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-16 21:35 - 2014-07-20 20:40 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-15 23:58 - 2015-01-12 14:19 - 00000000 ____D () C:\Users\Maty\AppData\Local\Spotify
2015-04-15 23:53 - 2015-01-12 14:19 - 00000000 ____D () C:\Users\Maty\AppData\Roaming\Spotify
2015-04-15 19:09 - 2015-01-13 00:49 - 00000000 ____D () C:\Users\Maty\AppData\Local\Battle.net
2015-04-15 19:08 - 2014-09-22 14:09 - 00000000 ____D () C:\Program Files\Hearthstone
2015-04-15 15:58 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 14:57 - 2014-04-24 19:22 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-04-15 14:02 - 2014-04-24 20:48 - 00000000 ____D () C:\Users\Maty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-15 13:15 - 2014-04-24 20:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 13:08 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-15 01:26 - 2015-02-11 17:52 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-14 15:45 - 2014-04-24 19:19 - 00000000 ____D () C:\Users\Maty\AppData\Roaming\TS3Client
2015-04-13 20:04 - 2015-03-15 18:56 - 00000000 ____D () C:\Users\Maty\AppData\Local\CrashDumps
2015-04-13 14:09 - 2014-04-24 19:12 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-13 14:09 - 2014-04-24 19:12 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-13 14:09 - 2014-04-24 19:12 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-13 14:09 - 2014-04-24 19:12 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-13 14:09 - 2014-04-24 19:12 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-04-13 14:09 - 2014-04-24 19:12 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-04-13 14:09 - 2014-04-24 19:12 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-13 14:09 - 2014-04-24 19:12 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-07 19:54 - 2014-09-22 14:07 - 00000000 ____D () C:\Program Files\Battle.net
2015-04-02 16:10 - 2015-01-12 14:19 - 00001706 _____ () C:\Users\Maty\Desktop\Spotify.lnk
2015-04-02 16:10 - 2015-01-12 14:19 - 00001692 _____ () C:\Users\Maty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-27 20:19 - 2014-08-03 23:45 - 00000000 ____D () C:\Users\Maty\Desktop\Films
2015-03-20 14:10 - 2014-05-18 01:51 - 00000819 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-18 00:39 - 2014-09-10 23:34 - 00000223 _____ () C:\Users\Maty\Desktop\vtip.txt

==================== Files in the root of some directories =======

2014-04-25 20:07 - 2014-11-05 01:19 - 0005632 _____ () C:\Users\Maty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Maty\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-16 22:12

==================== End Of Log ============================
Nahoru
Uživatelský avatar
Mety
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: duben 12
Bydliště: Markvartovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod Mety » 16 dub 2015 22:46

Log 2:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by Maty at 2015-04-16 22:40:53
Running from C:\Users\Maty\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.12) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
ATI AVIVO Codecs (Version: 11.6.0.10126 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{0B0F132E-6E8A-934D-A839-C5C15889F12B}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Call of Duty(R) 2 (HKLM\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty(R) 2 (Version: 1.2 - Activision) Hidden
Call of Duty(R) 2 Patch 1.3 (HKLM\...\{C13E90B0-4E1C-11DB-6784-0152EAA218BE}) (Version: 1.3 - Activision)
Call of Duty(R) 2 Patch 1.3 (Version: 1.3 - ) Hidden
ccc-core-static (Version: 2011.0126.1749.31909 - Název společnosti:) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Free to Play (HKLM\...\Steam App 245550) (Version: - Valve)
GamePark klient 2.0.9.0 (HKLM\...\{52E5D8A7-B129-4A29-AD4B-EBB749DCC3A3}_is1) (Version: 2.0.9.0 - GamePark)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
HydraVision (Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OSCAR Editor (Version: 12.03.0004 - A4TECH) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6511 - Realtek Semiconductor Corp.)
Sada Compatibility Pack pro systém Office 2007 (HKLM\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Sniper Elite V2 (HKLM\...\Steam App 63380) (Version: - Rebellion)
Spotify (HKU\S-1-5-21-841204282-3179981326-29079518-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
X7 Oscar Editor (HKLM\...\InstallShield_{3C2379D2-337A-4FFA-9017-BDFB80EC0931}) (Version: 12.03.0004 - A4TECH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

11-03-2015 01:30:32 End of disinfection
11-03-2015 12:52:50 Windows Update
17-03-2015 13:28:16 Windows Update
20-03-2015 14:04:59 Windows Update
22-03-2015 16:22:27 avast! antivirus system restore point
24-03-2015 10:45:29 Windows Update
27-03-2015 14:22:58 Windows Update
31-03-2015 16:08:26 Windows Update
02-04-2015 17:38:29 Naplánovaný kontrolní bod
07-04-2015 20:31:10 Windows Update
13-04-2015 14:08:33 avast! antivirus system restore point
14-04-2015 15:17:22 Windows Update
15-04-2015 13:03:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-04-16 21:47 - 00000725 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3BAE6DC6-5C8F-44AC-B864-D0F2EA21E38F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {7A4EDB56-4F65-40DA-8B00-9F099A0043F0} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-18] (Společnost Microsoft)
Task: {8C94E222-B43C-453A-A01C-4E4A336DEDEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-11] (Google Inc.)
Task: {A6A80E36-4300-4709-BD5C-8A08C236D0CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-11] (Google Inc.)
Task: {ADDAD803-F2A4-400C-9D5E-9DA675786F01} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {EA19DA4B-8942-43CD-99ED-38B4956CD1BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-22 16:23 - 2015-04-13 14:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-22 16:23 - 2015-04-13 14:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-16 20:31 - 2015-04-16 20:31 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041601\algo.dll
2011-01-27 00:11 - 2011-01-27 00:11 - 00023040 _____ () C:\Windows\system32\atitmpxx.dll
2015-03-14 11:43 - 2015-03-22 16:23 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-03-20 11:59 - 2012-03-20 11:59 - 03340288 _____ () C:\Program Files\OSCAR Editor X7\OscarEditor.exe
2010-12-02 17:56 - 2010-12-02 17:56 - 00815104 _____ () C:\Program Files\OSCAR Editor X7\Data\X7\Forms\OSD_Text\OSD_Text.dll
2011-01-09 20:45 - 2011-01-09 20:45 - 00088064 _____ () C:\Program Files\OSCAR Editor X7\DLL\DLL_MouseDeviceManager.dll
2012-02-07 11:20 - 2012-02-07 11:20 - 02413568 _____ () C:\Program Files\OSCAR Editor X7\Data\X7\Forms\ScreenCapture\ScreenCapture.dll
2011-03-21 19:33 - 2011-03-21 19:33 - 00999424 _____ () C:\Program Files\OSCAR Editor X7\Data\X7\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 14:18 - 2010-09-20 14:18 - 00085504 _____ () C:\Program Files\OSCAR Editor X7\DLL\DLL_ZoomControl.dll
2010-09-20 14:18 - 2010-09-20 14:18 - 00054272 _____ () C:\Program Files\OSCAR Editor X7\DLL\DLL_ScrollbarControl.dll
2011-04-12 15:14 - 2011-04-12 15:14 - 00063488 _____ () C:\Program Files\OSCAR Editor X7\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 20:16 - 2010-11-01 20:16 - 00062976 _____ () C:\Program Files\OSCAR Editor X7\DLL\DLL_AnalyzeGesturesInOne.dll
2011-08-10 13:43 - 2011-08-10 13:43 - 00118272 _____ () C:\Program Files\OSCAR Editor X7\DLL\DLL_Wheel4D.dll
2015-04-15 13:53 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files\Steam\SDL2.dll
2015-04-15 13:53 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll
2015-04-15 13:53 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll
2015-04-15 13:53 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll
2015-04-15 13:53 - 2015-04-14 01:44 - 02371776 _____ () C:\Program Files\Steam\video.dll
2015-04-15 13:53 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2015-04-15 13:53 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2015-04-15 13:53 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2015-04-15 13:53 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2015-04-15 13:53 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2015-04-15 13:53 - 2015-04-14 01:44 - 00702656 _____ () C:\Program Files\Steam\bin\chromehtml.dll
2015-04-15 13:53 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll
2014-06-28 22:28 - 2014-06-28 22:28 - 00075064 _____ () C:\Windows\system32\PnkBstrA.exe
2011-01-26 17:48 - 2011-01-26 17:48 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-24 19:33 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Maty\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-24 19:33 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Maty\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-04-15 01:25 - 2015-04-13 23:55 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
2015-04-15 13:53 - 2015-02-25 03:58 - 01709960 _____ () C:\Program Files\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-841204282-3179981326-29079518-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Maty\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-841204282-3179981326-29079518-500 - Administrator - Disabled)
Guest (S-1-5-21-841204282-3179981326-29079518-501 - Limited - Disabled)
Maty (S-1-5-21-841204282-3179981326-29079518-1000 - Administrator - Enabled) => C:\Users\Maty

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2015 09:17:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\MATY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (04/16/2015 09:17:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\MATY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (04/15/2015 01:49:16 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/15/2015 01:14:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (04/15/2015 01:14:23 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (04/13/2015 08:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace csgo.exe, verze 0.0.0.0, časové razítko 0x54c98822, chybující modul tier0.dll, verze 0.0.0.0, časové razítko 0x54c98819, kód výjimky 0x40000015, posun chyby 0x000204ee,
ID procesu 0x1474, čas spuštění aplikace 0xcsgo.exe0.

Error: (04/13/2015 02:08:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {9ab329d9-032f-4c0f-b89f-ee20ae300c80}

Error: (04/11/2015 06:55:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace csgo.exe, verze 0.0.0.0, časové razítko 0x54c98822, chybující modul tier0.dll, verze 0.0.0.0, časové razítko 0x54c98819, kód výjimky 0x40000015, posun chyby 0x000204ee,
ID procesu 0x17c0, čas spuštění aplikace 0xcsgo.exe0.

Error: (04/11/2015 01:06:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace csgo.exe, verze 0.0.0.0, časové razítko 0x54c98822, chybující modul tier0.dll, verze 0.0.0.0, časové razítko 0x54c98819, kód výjimky 0x40000015, posun chyby 0x000204ee,
ID procesu 0x13c4, čas spuštění aplikace 0xcsgo.exe0.

Error: (04/11/2015 01:49:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace csgo.exe, verze 0.0.0.0, časové razítko 0x54c98822, chybující modul tier0.dll, verze 0.0.0.0, časové razítko 0x54c98819, kód výjimky 0x40000015, posun chyby 0x000204ee,
ID procesu 0xb2c, čas spuštění aplikace 0xcsgo.exe0.


System errors:
=============
Error: (04/16/2015 09:36:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SysMain

Error: (04/16/2015 09:36:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000TrkWks

Error: (04/16/2015 08:51:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: AMD External Events Utility1

Error: (04/15/2015 01:55:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Steam Client Service%%1053

Error: (04/15/2015 01:55:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Steam Client Service

Error: (04/14/2015 08:18:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Steam Client Service%%1053

Error: (04/14/2015 08:18:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Steam Client Service

Error: (04/10/2015 09:51:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Steam Client Service%%1053

Error: (04/10/2015 09:51:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Steam Client Service

Error: (03/25/2015 01:20:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Steam Client Service%%1053


Microsoft Office Sessions:
=========================
Error: (04/16/2015 09:17:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)
C:\USERS\MATY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES

Error: (04/16/2015 09:17:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)
C:\USERS\MATY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES

Error: (04/15/2015 01:49:16 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/15/2015 01:14:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (04/15/2015 01:14:23 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (04/13/2015 08:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.054c98822tier0.dll0.0.0.054c9881940000015000204ee147401d0760cdfc88550

Error: (04/13/2015 02:08:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {9ab329d9-032f-4c0f-b89f-ee20ae300c80}

Error: (04/11/2015 06:55:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.054c98822tier0.dll0.0.0.054c9881940000015000204ee17c001d07471f7e04660

Error: (04/11/2015 01:06:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.054c98822tier0.dll0.0.0.054c9881940000015000204ee13c401d0743d9f1ba800

Error: (04/11/2015 01:49:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.054c98822tier0.dll0.0.0.054c9881940000015000204eeb2c01d073e7fa738648


CodeIntegrity Errors:
===================================
Date: 2015-04-15 22:28:21.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-15 22:28:21.056
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-15 22:28:20.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-15 22:28:20.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-15 22:28:20.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-15 22:28:20.325
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-15 22:25:22.988
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-15 22:25:22.827
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-15 22:25:22.675
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-15 22:25:22.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 72%
Total physical RAM: 3563.29 MB
Available physical RAM: 992.18 MB
Total Pagefile: 7361.55 MB
Available Pagefile: 4658.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:450.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: B35A5156)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Nahoru
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod Orcus » 16 dub 2015 23:07

Prvně se zeptám, co problémy? Jsou nějaké nebo jde jen o prevenci? FRST nemá smysl používat, pokud nejsou.
Láska hřeje, ale uhlí je uhlí. :fire:


Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.
Nahoru
Uživatelský avatar
Mety
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: duben 12
Bydliště: Markvartovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod Mety » 16 dub 2015 23:09

Jde jen o prevenci :)
Nahoru
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o preventivní kontrolu logu

Příspěvekod Orcus » 17 dub 2015 00:47

OK.

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

+ nový log z HJT.
Láska hřeje, ale uhlí je uhlí. :fire:


Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 100 hostů