Prosím o kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 17 črc 2017 22:11

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 afbgfrht; C:\Windows\system32\Drivers\afbgfrht.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)
C:\Windows\system32\Drivers\afbgfrht.sys
IE restricted site: HKU\.DEFAULT\...\2009fr.com -> spybot.2009fr.com
IE restricted site: HKU\.DEFAULT\...\2009search-destroy.com -> www.2009search-destroy.com
IE restricted site: HKU\.DEFAULT\...\2011-kilos-verlieren.eu -> www.2011-kilos-verlieren.eu
IE restricted site: HKU\.DEFAULT\...\2020search.com -> www.2020search.com
IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\.DEFAULT\...\21dice.net -> www.21dice.net
IE restricted site: HKU\.DEFAULT\...\2211.net -> wwww.2211.net
IE restricted site: HKU\.DEFAULT\...\24-7pharmacy.info -> www.24-7pharmacy.info
IE restricted site: HKU\.DEFAULT\...\24-7searching-and-more.com -> www.24-7searching-and-more.com
IE restricted site: HKU\.DEFAULT\...\247fxxx.info -> www.247fxxx.info
IE restricted site: HKU\.DEFAULT\...\24teen.com -> www.24teen.com
IE restricted site: HKU\.DEFAULT\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\.DEFAULT\...\2rfsex.info -> www.2rfsex.info
IE restricted site: HKU\.DEFAULT\...\2search.com -> feeds.2search.com
IE restricted site: HKU\.DEFAULT\...\2search.org -> feeds2.2search.org
IE restricted site: HKU\.DEFAULT\...\2squared.com -> www.2squared.com
IE restricted site: HKU\.DEFAULT\...\2vgporn.info -> www.2vgporn.info
IE restricted site: HKU\.DEFAULT\...\3-2005-search.com -> www.3-2005-search.com
IE restricted site: HKU\.DEFAULT\...\30horasdesexoonline.com -> www.30horasdesexoonline.com
IE restricted site: HKU\.DEFAULT\...\31columns.com -> www.31columns.com
There are 7623 more sites.
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxps://www.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxp://www.mojebanka.cz
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\125sms.com -> www.125sms.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\12w.net -> download-video.12w.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1987324.com -> www.1987324.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1importantiamreal.com -> www.1importantiamreal.com
There are 7660 more sites.

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Po restartu se podívej , zda tam máš opět tento soubor:
C:\Windows\system32\Drivers\afbgfrht.sys

+
Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených , svojí jednotku disku , pokud jich máš víc , můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning
- Program začne skenovat zatržené jednotky

Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors

Počítač
Místní disk C

Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka

A jiné , např. Flash disky , které máš připojeny.

- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku




KeyProwler Keylogger --- ten keylogger tam máš schválně??
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
martinb01
Level 2
Level 2
Příspěvky: 167
Registrován: únor 11
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod martinb01 » 18 črc 2017 11:01

Keylogger schválně nemám. Už jsem se ho snažil zbavit a myslel jsem,že je pryč....

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 18 črc 2017 18:53

Udělej co jsem psal výše.

Keylogger:
Stáhněte si a nainstalujte Revo Uninstaller FreePlease download and install Revo Uninstaller Free
http://www.revouninstaller.com/start_fr ... nload.html
Poklepáním na Revo Uninstaller jej spustit.
Podívej se , jestli je v programech nějaký neznámý program , keylogger.
Ze seznamu programů klikněte dvakrát na programu KeyProwler Keylogger-- odstranit
Až budete vyzváni, zda chcete odinstalovat klepněte na tlačítko Ano.
Ujistěte se, že je vybrána možnost Mírný potom klepněte na tlačítko Další.
Program bude probíhat, Pokud budete vyzváni znovu klepněte na tlačítko Ano
Při vestavěný Uninstaller je dokončena klepněte na tlačítko Další.
Jakmile program hledal zbytky klepněte na tlačítko Další.
Zkontrolujte / zaškrtněte položky Bolded jen na seznamu a potom klepněte na tlačítko Odstranit
Po vyzvání klepněte na Ano a pak na další.
další na všechny složky, které se nachází a vyberte možnost odstranění
Po zobrazení výzvy vyberte ano, pak na další
Poté, co udělal na tlačítko Dokončit.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

martinb01
Level 2
Level 2
Příspěvky: 167
Registrován: únor 11
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod martinb01 » 18 črc 2017 19:32

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Martin (18-07-2017 19:19:18) Run:2
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 afbgfrht; C:\Windows\system32\Drivers\afbgfrht.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)
C:\Windows\system32\Drivers\afbgfrht.sys
IE restricted site: HKU\.DEFAULT\...\2009fr.com -> spybot.2009fr.com
IE restricted site: HKU\.DEFAULT\...\2009search-destroy.com -> www.2009search-destroy.com
IE restricted site: HKU\.DEFAULT\...\2011-kilos-verlieren.eu -> www.2011-kilos-verlieren.eu
IE restricted site: HKU\.DEFAULT\...\2020search.com -> www.2020search.com
IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\.DEFAULT\...\21dice.net -> www.21dice.net
IE restricted site: HKU\.DEFAULT\...\2211.net -> wwww.2211.net
IE restricted site: HKU\.DEFAULT\...\24-7pharmacy.info -> www.24-7pharmacy.info
IE restricted site: HKU\.DEFAULT\...\24-7searching-and-more.com -> www.24-7searching-and-more.com
IE restricted site: HKU\.DEFAULT\...\247fxxx.info -> www.247fxxx.info
IE restricted site: HKU\.DEFAULT\...\24teen.com -> www.24teen.com
IE restricted site: HKU\.DEFAULT\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\.DEFAULT\...\2rfsex.info -> www.2rfsex.info
IE restricted site: HKU\.DEFAULT\...\2search.com -> feeds.2search.com
IE restricted site: HKU\.DEFAULT\...\2search.org -> feeds2.2search.org
IE restricted site: HKU\.DEFAULT\...\2squared.com -> www.2squared.com
IE restricted site: HKU\.DEFAULT\...\2vgporn.info -> www.2vgporn.info
IE restricted site: HKU\.DEFAULT\...\3-2005-search.com -> www.3-2005-search.com
IE restricted site: HKU\.DEFAULT\...\30horasdesexoonline.com -> www.30horasdesexoonline.com
IE restricted site: HKU\.DEFAULT\...\31columns.com -> www.31columns.com
There are 7623 more sites.
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxps://www.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxp://www.mojebanka.cz
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\125sms.com -> www.125sms.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\12w.net -> download-video.12w.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1987324.com -> www.1987324.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1importantiamreal.com -> www.1importantiamreal.com
There are 7660 more sites.

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
afbgfrht => service not found.
"C:\Windows\system32\Drivers\afbgfrht.sys" => not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009fr.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009search-destroy.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2011-kilos-verlieren.eu => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2020search.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\21dice.net => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2211.net => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\24-7pharmacy.info => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\24-7searching-and-more.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\247fxxx.info => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\24teen.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2ndpower.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2rfsex.info => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2search.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2search.org => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2squared.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2vgporn.info => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3-2005-search.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\30horasdesexoonline.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\31columns.com => key removed successfully.
There are 7623 more sites. => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz => key not found.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com => key removed successfully.
There are 7660 more sites. => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5566009 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 888 B
Edge => 0 B
Chrome => 12942596 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 0 B
NetworkService => 0 B
Martin => 311880 B

RecycleBin => 137217 B
EmptyTemp: => 26.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:21:08 ====

martinb01
Level 2
Level 2
Příspěvky: 167
Registrován: únor 11
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod martinb01 » 18 črc 2017 19:39

C:\Windows\system32\Drivers\afbgfrht.sys

Tenhle soubor tam není...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 18 črc 2017 21:42

Co ten keylogger a co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

martinb01
Level 2
Level 2
Příspěvky: 167
Registrován: únor 11
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod martinb01 » 19 črc 2017 06:41

Keylogger budu dělat dnes.
Kaspersky z tvého odkazu se nechtěl aktualizovat a jelikož tam byla databáze z roku 2014,stáhnul jsem si celý nový...
Neumí uložit report,tak bych chtěl vložit print screen. Ale nějak nevím jak...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 19 črc 2017 09:16

ofoť obrazovku , klikni na tlačítko "Print screen" , otevři si "Malování" , klikni v něm na "vložit" , obrázek si ulož.
Důležité jsou pouze nákazy.


Pak mi udělej ještě toto:
Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt

Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

martinb01
Level 2
Level 2
Příspěvky: 167
Registrován: únor 11
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod martinb01 » 19 črc 2017 12:51

Právě,že ten print screen mi sem nejde vložit. Asi jsem úplně blbý...
Aspoň je sem přepíšu.
Dvakrát Adware: AdWare.win32.Opencandy.Ic
HEUR:Adware.AndroidOS.Yeahmobi
Dále: RiskTool.Win32.Startpage.ccc
RiskTool.Win32.Startpage.ccc
a: HEUR:Exploit.AndroidOS.Lotoor.bm

martinb01
Level 2
Level 2
Příspěvky: 167
Registrován: únor 11
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod martinb01 » 19 črc 2017 12:56

REVO žádný keylogger nenašel.

martinb01
Level 2
Level 2
Příspěvky: 167
Registrován: únor 11
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod martinb01 » 19 črc 2017 13:15

OTL logfile created on: 19.7.2017 13:04:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,84% Memory free
4,22 Gb Paging File | 2,57 Gb Available in Paging File | 61,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 203,64 Gb Free Space | 67,13% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 48,65 Gb Free Space | 32,29% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o.)
PRC - C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
PRC - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe ()
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\AvChrome.dll ()
MOD - C:\Program Files\AVAST Software\Avast\ffl2.dll ()
MOD - C:\Program Files\AVAST Software\Avast\tasks_core.dll ()
MOD - C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll ()
MOD - C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll ()
MOD - C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll ()
MOD - C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\CCleaner\Lang\lang-1029.dll ()
MOD - C:\Program Files\CCleaner\branding.dll ()
MOD - C:\Program Files\WinRar\rarlng.dll ()
MOD - C:\Program Files\WinRar\RarExt.dll ()
MOD - C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe ()
MOD - C:\Program Files\FSC\LASER MOUSE\1.0\GTGMDLL.dll ()


========== Services (SafeList) ==========

SRV - (WsDrvInst) -- C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe File not found
SRV - (AvastVBoxSvc) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (aswbIDSAgent) -- C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ZAMSvc) -- C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)


========== Driver Services (SafeList) ==========

DRV - (VBoxAswDrv) -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys File not found
DRV - (a8kkeg9k) -- File not found
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswmonflt.sys (AVAST Software)
DRV - (aswblog) -- C:\Windows\System32\drivers\aswblogx.sys (AVAST Software s.r.o.)
DRV - (aswbidsdriver) -- C:\Windows\System32\drivers\aswbidsdriverx.sys (AVAST Software s.r.o.)
DRV - (aswbidsh) -- C:\Windows\System32\drivers\aswbidshx.sys (AVAST Software s.r.o.)
DRV - (aswbuniv) -- C:\Windows\System32\drivers\aswbunivx.sys (AVAST Software s.r.o.)
DRV - (ZAM) -- C:\Windows\System32\drivers\zam32.sys (Zemana Ltd.)
DRV - (ZAM_Guard) -- C:\Windows\System32\drivers\zamguard32.sys (Zemana Ltd.)
DRV - (MBAMProtection) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswStmXP) -- C:\Windows\System32\drivers\aswStmXP.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswHwid) -- C:\Windows\System32\drivers\aswHwid.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (HWiNFO32) -- C:\Windows\System32\drivers\HWiNFO32.SYS (REALiX(tm))
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Martin\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.15 19:33:25 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_1\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_1\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2017.07.15 10:26:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4 - HKLM..\Run: [GTGMOUSE] C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKCU..\Run: [BingSvc] C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_47064272.lnk = C:\Users\Martin\AppData\Local\temp\_uninst_47064272.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (Rational Intellectual Holdings Ltd.)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882498C6-53A3-4545-B910-58434356C432}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2017.07.19 13:01:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2017.07.19 12:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2017.07.19 12:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2017.07.19 12:43:16 | 007,178,424 | ---- | C] (VS Revo Group ) -- C:\Users\Martin\Desktop\revosetup.exe
[2017.07.18 22:56:29 | 000,000,000 | ---D | C] -- C:\KVRT_Data
[2017.07.18 22:55:16 | 120,828,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\KVRT.exe
[2017.07.18 20:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2017.07.18 19:02:58 | 000,303,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2017.07.17 18:43:26 | 000,000,000 | ---D | C] -- C:\FRST
[2017.07.17 18:42:24 | 001,780,736 | ---- | C] (Farbar) -- C:\Users\Martin\Desktop\FRST.exe
[2017.07.16 10:05:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017.07.15 10:33:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\temp
[2017.07.14 22:00:18 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2017.07.14 22:00:16 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\zamguard32.sys
[2017.07.14 22:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2017.07.14 22:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiMalware
[2017.07.14 21:59:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Zemana
[2017.07.14 21:58:40 | 006,589,840 | ---- | C] (Zemana Ltd. ) -- C:\Users\Martin\Desktop\Zemana.AntiMalware.Setup.exe
[2017.07.14 21:51:38 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2017.07.13 22:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2017.07.13 22:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2017.07.13 22:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2017.07.13 20:43:20 | 171,309,576 | ---- | C] (Sophos Limited) -- C:\Users\Martin\Desktop\Sophos Virus Removal Tool.exe
[2017.07.12 20:59:31 | 000,162,240 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys
[2017.07.12 20:59:28 | 000,064,800 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017.07.12 20:59:21 | 000,040,352 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017.07.12 20:59:14 | 000,221,600 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017.07.12 20:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017.07.12 20:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017.07.12 20:58:00 | 065,033,984 | ---- | C] (Malwarebytes ) -- C:\Users\Martin\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
[2017.07.10 11:51:38 | 000,000,000 | ---D | C] -- C:\25313335900d7f696160167d00a5
[2008.08.31 15:23:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Martin\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2017.07.19 13:02:46 | 000,060,287 | ---- | M] () -- C:\Windows\ZAM.krnl.trace
[2017.07.19 13:02:46 | 000,046,918 | ---- | M] () -- C:\Windows\ZAM_Guard.krnl.trace
[2017.07.19 13:01:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2017.07.19 13:00:38 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller.lnk
[2017.07.19 12:47:09 | 000,039,609 | ---- | M] () -- C:\Users\Martin\Desktop\Kaspersky.jpg
[2017.07.19 12:44:05 | 000,673,764 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2017.07.19 12:44:05 | 000,659,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2017.07.19 12:44:05 | 000,142,560 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2017.07.19 12:44:05 | 000,122,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2017.07.19 12:41:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2017.07.19 12:41:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2017.07.19 12:41:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.07.19 08:38:34 | 007,178,424 | ---- | M] (VS Revo Group ) -- C:\Users\Martin\Desktop\revosetup.exe
[2017.07.18 22:55:34 | 120,828,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\KVRT.exe
[2017.07.18 22:43:18 | 000,000,810 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_47064272.lnk
[2017.07.18 19:54:03 | 159,428,216 | ---- | M] () -- C:\Users\Martin\Desktop\Kaspersky_Virus_Removal_Tool_11.0.3.7_[28.08.2014].exe
[2017.07.18 19:03:54 | 000,123,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswmonflt.sys
[2017.07.18 19:02:41 | 000,303,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2017.07.18 19:02:21 | 000,276,736 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswblogx.sys
[2017.07.18 19:02:21 | 000,267,008 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidsdriverx.sys
[2017.07.18 19:02:21 | 000,157,416 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidshx.sys
[2017.07.18 19:02:21 | 000,050,384 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbunivx.sys
[2017.07.17 16:22:52 | 001,780,736 | ---- | M] (Farbar) -- C:\Users\Martin\Desktop\FRST.exe
[2017.07.16 13:20:46 | 000,043,008 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2017.07.16 10:13:29 | 000,376,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2017.07.15 10:26:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2017.07.14 22:00:18 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2017.07.14 22:00:16 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\zamguard32.sys
[2017.07.14 22:00:11 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017.07.14 21:58:48 | 006,589,840 | ---- | M] (Zemana Ltd. ) -- C:\Users\Martin\Desktop\Zemana.AntiMalware.Setup.exe
[2017.07.14 21:34:09 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2017.07.14 21:34:09 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2017.07.14 21:34:03 | 005,216,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2017.07.14 21:33:43 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2017.07.14 20:49:50 | 000,024,688 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2017.07.14 18:31:27 | 000,064,800 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017.07.14 18:23:23 | 000,162,240 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys
[2017.07.14 18:23:16 | 000,040,352 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017.07.14 18:23:10 | 000,221,600 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017.07.13 22:04:05 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017.07.13 20:44:26 | 171,309,576 | ---- | M] (Sophos Limited) -- C:\Users\Martin\Desktop\Sophos Virus Removal Tool.exe
[2017.07.12 20:59:02 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.07.11 21:15:42 | 065,033,984 | ---- | M] (Malwarebytes ) -- C:\Users\Martin\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
[2017.07.10 12:46:12 | 001,237,796 | ---- | M] () -- C:\Users\Martin\Desktop\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c (1).msu
[2017.07.03 17:35:15 | 000,296,312 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys
[2017.07.03 17:33:50 | 000,496,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2017.07.03 17:33:50 | 000,202,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStmXP.sys
[2017.07.03 17:33:50 | 000,070,840 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys
[2017.07.03 17:33:49 | 000,070,088 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2017.07.03 17:33:49 | 000,042,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys
[2017.07.03 17:33:30 | 000,774,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2017.07.03 17:33:29 | 000,039,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2017.06.27 12:06:28 | 000,059,936 | ---- | M] () -- C:\Windows\System32\drivers\mbae.sys

========== Files Created - No Company Name ==========

[2017.07.19 12:57:37 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller.lnk
[2017.07.19 12:47:09 | 000,039,609 | ---- | C] () -- C:\Users\Martin\Desktop\Kaspersky.jpg
[2017.07.18 22:43:18 | 000,000,810 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_47064272.lnk
[2017.07.18 19:53:35 | 159,428,216 | ---- | C] () -- C:\Users\Martin\Desktop\Kaspersky_Virus_Removal_Tool_11.0.3.7_[28.08.2014].exe
[2017.07.14 22:00:24 | 000,060,287 | ---- | C] () -- C:\Windows\ZAM.krnl.trace
[2017.07.14 22:00:23 | 000,046,918 | ---- | C] () -- C:\Windows\ZAM_Guard.krnl.trace
[2017.07.14 22:00:11 | 000,001,693 | ---- | C] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017.07.14 21:51:39 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2017.07.13 22:04:05 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017.07.12 20:59:02 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.07.12 20:59:00 | 000,059,936 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys
[2017.07.10 12:46:09 | 001,237,796 | ---- | C] () -- C:\Users\Martin\Desktop\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c (1).msu
[2017.05.04 20:52:05 | 000,006,354 | ---- | C] () -- C:\Users\Martin\BELICA_MARTIN.p12
[2012.04.29 13:35:47 | 000,002,208 | ---- | C] () -- C:\Users\Martin\.recently-used.xbel
[2011.12.20 22:18:08 | 000,001,568 | ---- | C] () -- C:\Users\Martin\AppData\Local\SRDownloader (1).nast
[2011.12.20 22:17:02 | 000,005,814 | ---- | C] () -- C:\Users\Martin\AppData\Local\SRDownloader (1).err
[2011.10.09 12:38:22 | 000,248,341 | ---- | C] () -- C:\Users\Martin\AppData\Local\SRDownloader.err
[2011.08.15 12:47:35 | 000,001,344 | ---- | C] () -- C:\Users\Martin\AppData\Local\SRDownloader.nast
[2011.03.21 23:06:48 | 000,220,831 | ---- | C] () -- C:\Users\Martin\AppData\Local\SRDownloader[1].err
[2011.02.17 11:11:16 | 000,000,872 | ---- | C] () -- C:\Users\Martin\AppData\Local\SRDownloader[2].nast
[2011.02.17 10:15:26 | 000,001,112 | ---- | C] () -- C:\Users\Martin\AppData\Local\SRDownloader[1].nast
[2009.01.04 12:12:20 | 000,000,012 | ---- | C] () -- C:\Users\Martin\intlname.ols
[2008.08.31 15:23:53 | 000,007,887 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\pcouffin.cat
[2008.08.31 15:23:53 | 000,001,144 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\pcouffin.inf
[2008.03.11 18:51:05 | 000,000,757 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\mainhst.zgh
[2008.03.03 08:31:23 | 000,043,008 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.07.29 02:46:08 | 011,588,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.03.10 20:01:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ACD Systems
[2009.09.23 19:02:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Acoustica
[2008.08.30 19:26:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Any Video Converter
[2014.06.19 08:20:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ashampoo
[2014.04.15 00:38:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AVAST Software
[2008.06.18 16:45:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\COWON
[2008.03.03 08:42:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools
[2011.09.03 11:01:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2014.05.05 23:26:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Deckadance
[2008.03.05 09:19:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GHISLER
[2012.04.29 13:35:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gtk-2.0
[2008.05.10 12:16:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ImgBurn
[2009.12.22 00:00:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Juce VST Host
[2011.12.26 17:23:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Nokia
[2011.12.26 16:43:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PC Suite
[2012.02.26 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PhotoScape
[2011.03.08 21:49:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2016.07.07 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\uTorrent
[2014.08.02 12:57:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Wargaming.net
[2008.08.01 14:26:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\XnView
[2008.03.18 20:32:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ZipGenius
[2010.03.04 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Zoner
[2008.09.23 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\zweitgeist

========== Purity Check ==========



< End of report >

martinb01
Level 2
Level 2
Příspěvky: 167
Registrován: únor 11
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod martinb01 » 19 črc 2017 13:16

OTL Extras logfile created on: 19.7.2017 13:04:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,84% Memory free
4,22 Gb Paging File | 2,57 Gb Available in Paging File | 61,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 203,64 Gb Free Space | 67,13% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 48,65 Gb Free Space | 32,29% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31C7D85A-EA17-41F0-8243-1F35FB9F21AD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{394B23A3-8975-401B-833D-564559624D85}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{99CAC6B8-3FC1-4984-BEF1-2867D353A330}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D1BA5C7D-998F-43ED-9A9E-15F04768295C}C:\users\martin\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{0CC3582C-C351-4F7B-8C94-1EB13EC31FBD}C:\users\martin\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{8D6579AD-57E2-4F0B-8052-1DDD8511F474}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C5567B19-BF93-46AC-AF0B-A81FA1C53216}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F32180111F0}" = Java 8 Update 111
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes verze 3.1.2.1733
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}" = Google Earth Pro
"{4837718C-5B6E-4496-B283-FFFB5A937825}" = ABBYY PDF Transformer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69EDC871-8A8A-34A8-B511-FF7CE3C4B0B7}" = Microsoft .NET Framework 4.5.2 (CSY)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.0.52
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{801F9351-A8A7-441D-9398-6A56E143E316}" = FormApps Signing Extension
"{81CD6232-10F5-4832-B3DA-1B88B1571029}" = Nero 7 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1" = Zemana AntiMalware
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1" = Ashampoo Burning Studio 6 FREE v.6.84
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.2 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1" = Revo Uninstaller 2.0.3
"{A6297093-E4C1-40F8-AEB6-104DD3BD4EAF}" = KeyProwler Keylogger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}" = Microsoft Works
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 26 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter_is1" = Any Video Converter 2.5.5
"ASIO4ALL" = ASIO4ALL
"Avast Antivirus" = Avast Pro Antivirus
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3.8)
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.5.2
"DivXCodec" = DivX 4.12 Codec
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 9" = FL Studio 9
"Foxit PDF Editor" = Foxit PDF Editor
"FSC LASER MOUSE Software_is1" = FSC LASER MOUSE Software 1.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HWiNFO32_is1" = HWiNFO32 Version 4.30
"IL Download Manager" = IL Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
"Maximus" = Maximus
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = FLAC codecs
"PDF Editor 3" = PDF Editor 3
"PokerStars" = PokerStars
"SafeZone 1.48.2066.120" = SafeZone Stable 1.48.2066.120
"SBPCIUnInstall" = Creative PCI Audio Drivers
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Toxic Biohazard" = Toxic Biohazard
"Winamp" = Winamp
"WinRAR archiver" = WinRAR

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.7.2017 16:30:44 | Computer Name = Home | Source = VSS | ID = 8194
Description =

Error - 15.7.2017 4:17:56 | Computer Name = Home | Source = ESENT | ID = 467
Description = Windows (4212) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index System_ItemFolderPathDisplayNarrow405 tabulky SystemIndex_0A je poškozen
(0).

Error - 15.7.2017 4:17:56 | Computer Name = Home | Source = Windows Search Service | ID = 7040
Description =

Error - 15.7.2017 4:28:12 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko
0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029,
kód výjimky 0xc0000005, posun chyby 0x00027140, ID procesu 0xc90, čas spuštění aplikace
0x01d2fd443197e202.

Error - 16.7.2017 4:14:24 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko
0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029,
kód výjimky 0xc0000005, posun chyby 0x00027140, ID procesu 0xcd8, čas spuštění aplikace
0x01d2fe0b83924a7b.

Error - 16.7.2017 10:40:48 | Computer Name = Home | Source = VSS | ID = 8194
Description =

Error - 17.7.2017 14:44:59 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko
0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029,
kód výjimky 0xc0000005, posun chyby 0x00027140, ID procesu 0xd80, čas spuštění aplikace
0x01d2ff2cc5356a31.

Error - 18.7.2017 13:10:48 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko
0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029,
kód výjimky 0xc0000005, posun chyby 0x00027140, ID procesu 0xe90, čas spuštění aplikace
0x01d2ffe89b230aef.

Error - 18.7.2017 13:30:11 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko
0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029,
kód výjimky 0xc0000005, posun chyby 0x00027140, ID procesu 0x690, čas spuštění aplikace
0x01d2ffeb5c777768.

Error - 18.7.2017 13:57:54 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko
0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029,
kód výjimky 0xc0000005, posun chyby 0x00027140, ID procesu 0x9bc, čas spuštění aplikace
0x01d2ffef5aa5909c.

[ System Events ]
Error - 18.7.2017 13:20:26 | Computer Name = Home | Source = Service Control Manager | ID = 7009
Description =

Error - 18.7.2017 13:20:26 | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 18.7.2017 13:20:48 | Computer Name = Home | Source = Service Control Manager | ID = 7031
Description =

Error - 18.7.2017 13:28:47 | Computer Name = Home | Source = LSM | ID = 1048
Description =

Error - 18.7.2017 13:29:00 | Computer Name = Home | Source = LSM | ID = 1048
Description =

Error - 18.7.2017 13:45:15 | Computer Name = Home | Source = Service Control Manager | ID = 7011
Description =

Error - 18.7.2017 16:41:37 | Computer Name = Home | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 78.45.22.211 pro síťovou kartu s adresou 0019214F22B6
byla serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 18.7.2017 16:42:25 | Computer Name = Home | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.100.10 pro síťovou kartu s adresou 0019214F22B6
byla serverem DHCP 10.128.129.125 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 19.7.2017 0:30:23 | Computer Name = Home | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.100.10 pro síťovou kartu se síťovou
adresou 0019214F22B6 bylo ukončeno.

Error - 19.7.2017 6:43:41 | Computer Name = Home | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.100.10 pro síťovou kartu se síťovou
adresou 0019214F22B6 bylo ukončeno.


< End of report >


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti