Prosím o překontrolování
-
- Level 1.5
- Příspěvky: 144
- Registrován: srpen 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
Pořád trvají.
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 144
- Registrován: srpen 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
Postupoval jsem podle návodu, nicméně žádný log se nevytvořil. Samozřejmě jsem spouštěl jako správce a i v nouzovém režimu. Při prvním pokusu vše proběhlo v pořádku, na konci se program sám zavřel. Při druhém vyskočila tato hláška.
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
Stáhni si zde DelFix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pak:
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pak:
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 144
- Registrován: srpen 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
# DelFix v10.6 - Logfile created 20/03/2014 at 08:00:58
# Updated 11/11/2013 by Xplode
# Username : notebook - NOTEBOOK-PC
# Operating System : Windows 7 Home Premium (32 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\32788R22FWJFW
Deleted : C:\AdwCleaner
Deleted : C:\Users\notebook\Desktop\RK_Quarantine
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\TDSSKiller.2.8.16.0_18.03.2014_21.07.47_log.txt
Deleted : C:\Users\notebook\Desktop\adwcleaner.exe
Deleted : C:\Users\notebook\Desktop\ComboFix.exe
Deleted : C:\Users\notebook\Desktop\JRT.exe
Deleted : C:\Users\notebook\Desktop\HiJackThis.lnk
Deleted : C:\Users\notebook\Desktop\HiJackThis.msi
Deleted : C:\Users\notebook\Desktop\RKreport[0]_D_03182014_210545.txt
Deleted : C:\Users\notebook\Desktop\RKreport[0]_S_03182014_210413.txt
Deleted : C:\Users\notebook\Desktop\RogueKiller.exe
Deleted : C:\Users\notebook\Desktop\TDSSKiller.exe
Deleted : C:\Users\notebook\Downloads\tdsskiller.zip
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
~ Cleaning system restore ...
Deleted : RP #114 [Scheduled Checkpoint | 03/16/2014 08:38:02]
Deleted : RP #115 [Installed HiJackThis | 03/16/2014 12:39:55]
New restore point created !
########## - EOF - ##########
---------------------------------------------------------
ComboFix 14-03-19.01 - notebook 20.03.2014 8:21.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1033.18.3034.1659 [GMT 1:00]
Spuštěný z: c:\users\notebook\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system64
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-20 do 2014-03-20 )))))))))))))))))))))))))))))))
.
.
2014-03-20 07:27 . 2014-03-20 07:28 -------- d-----w- c:\users\notebook\AppData\Local\temp
2014-03-20 07:27 . 2014-03-20 07:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-19 13:00 . 2014-03-19 13:03 -------- d-----w- C:\WoW Cata 4.3.4 (Twinstar)
2014-03-19 09:40 . 2014-03-19 09:40 -------- d-----w- c:\users\notebook\AppData\Local\CrashDumps
2014-03-18 19:59 . 2014-03-18 19:59 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-03-18 18:13 . 2014-03-18 18:13 -------- d-----w- c:\windows\ERUNT
2014-03-17 10:08 . 2014-03-17 11:26 -------- d-----w- c:\users\notebook\AppData\Local\Adobe
2014-03-16 21:03 . 2014-03-17 18:10 -------- d-----w- c:\users\notebook\AppData\Roaming\Audacity
2014-03-16 21:02 . 2014-03-16 21:03 -------- d-----w- c:\program files\Audacity
2014-03-16 20:34 . 2014-03-16 20:34 -------- d-----w- c:\users\notebook\AppData\Local\Skype
2014-03-16 20:33 . 2014-03-16 20:33 -------- d-----w- c:\program files\Common Files\Skype
2014-03-16 20:30 . 2014-03-20 07:01 -------- d-----w- C:\AdwCleaner
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\users\notebook\AppData\Roaming\Malwarebytes
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\programdata\Malwarebytes
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-16 20:08 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-16 12:40 . 2014-03-20 07:01 -------- d-----w- c:\program files\Trend Micro
2014-03-16 12:40 . 2014-03-16 12:40 388096 ----a-r- c:\users\notebook\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-09 17:53 . 2014-03-17 15:52 -------- d-----w- c:\users\notebook\AppData\Local\Spotify
2014-03-09 17:51 . 2014-03-18 18:10 -------- d-----w- c:\users\notebook\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 17:40 . 2013-05-09 23:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 17:40 . 2013-05-09 23:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 16:41 . 2014-02-04 16:41 64168 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-02-04 16:41 . 2014-02-04 16:41 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-04 16:41 . 2014-02-04 16:41 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-04 16:41 . 2014-02-04 16:41 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-04 16:41 . 2014-02-04 16:41 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-04 16:41 . 2014-02-04 16:41 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-04 16:41 . 2014-02-04 16:41 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-02-04 16:41 . 2014-02-04 16:41 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-04 16:41 . 2014-02-04 16:41 43152 ----a-w- c:\windows\avastSS.scr
2013-12-25 16:23 . 2013-12-25 16:24 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-11-17 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-04 16:41 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\notebook\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-26 802136]
"Akamai NetSession Interface"="c:\users\notebook\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Spotify Web Helper"="c:\users\notebook\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-03-09 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-04-19 3926128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 145904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 181232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 189936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-04 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 FAH-02;Folding Service 02;c:\program files\Folding@Home 01\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
R2 MyPublicWiFiService;MyPublicWiFi Service;c:\program files\MyPublicWiFi\PublicWiFiService.exe [2011-12-02 597504]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 AIDA32Driver;AIDA32Driver;c:\program files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 3584]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-02-04 64168]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [2013-12-27 64808]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [2013-12-27 477960]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-17 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-04 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-04 410784]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-02-22 26208]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-04 67824]
S2 FAH-01;Folding Service 01;c:\program files\Folding@Home 01\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-03-23 27760]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys [2012-10-31 55680]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 289792]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2012-04-25 91760]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-03-23 1830512]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:34 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-09 17:40]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 16:41]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 16:41]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 193.85.2.100 8.8.8.8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{4B4D5056-3700-A76A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\KMPV7\Passport.dll
Toolbar-{4B4D5056-3700-A76A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\KMPV7\Passport.dll
WebBrowser-{4B4D5056-3700-A76A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\KMPV7\Passport.dll
HKCU-Run-AdobeBridge - (no file)
c:\users\notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe
AddRemove-Neverwinter - c:\games\Cryptic Studios\Uninstall Neverwinter.exe
AddRemove-Rainmeter - c:\program files\Rainmeter\uninst.exe
AddRemove-{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1 - c:\program files\GameforgeLive\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-03-20 08:29:43
ComboFix-quarantined-files.txt 2014-03-20 07:29
.
Před spuštěním: 87 888 457 728 bytes free
Po spuštění: 87 621 287 936 bytes free
.
- - End Of File - - 4A2736A2D17AE6FDEEBB006AA8FBA4FA
A36C5E4F47E84449FF07ED3517B43A31
# Updated 11/11/2013 by Xplode
# Username : notebook - NOTEBOOK-PC
# Operating System : Windows 7 Home Premium (32 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\32788R22FWJFW
Deleted : C:\AdwCleaner
Deleted : C:\Users\notebook\Desktop\RK_Quarantine
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\TDSSKiller.2.8.16.0_18.03.2014_21.07.47_log.txt
Deleted : C:\Users\notebook\Desktop\adwcleaner.exe
Deleted : C:\Users\notebook\Desktop\ComboFix.exe
Deleted : C:\Users\notebook\Desktop\JRT.exe
Deleted : C:\Users\notebook\Desktop\HiJackThis.lnk
Deleted : C:\Users\notebook\Desktop\HiJackThis.msi
Deleted : C:\Users\notebook\Desktop\RKreport[0]_D_03182014_210545.txt
Deleted : C:\Users\notebook\Desktop\RKreport[0]_S_03182014_210413.txt
Deleted : C:\Users\notebook\Desktop\RogueKiller.exe
Deleted : C:\Users\notebook\Desktop\TDSSKiller.exe
Deleted : C:\Users\notebook\Downloads\tdsskiller.zip
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
~ Cleaning system restore ...
Deleted : RP #114 [Scheduled Checkpoint | 03/16/2014 08:38:02]
Deleted : RP #115 [Installed HiJackThis | 03/16/2014 12:39:55]
New restore point created !
########## - EOF - ##########
---------------------------------------------------------
ComboFix 14-03-19.01 - notebook 20.03.2014 8:21.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1033.18.3034.1659 [GMT 1:00]
Spuštěný z: c:\users\notebook\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system64
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-20 do 2014-03-20 )))))))))))))))))))))))))))))))
.
.
2014-03-20 07:27 . 2014-03-20 07:28 -------- d-----w- c:\users\notebook\AppData\Local\temp
2014-03-20 07:27 . 2014-03-20 07:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-19 13:00 . 2014-03-19 13:03 -------- d-----w- C:\WoW Cata 4.3.4 (Twinstar)
2014-03-19 09:40 . 2014-03-19 09:40 -------- d-----w- c:\users\notebook\AppData\Local\CrashDumps
2014-03-18 19:59 . 2014-03-18 19:59 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-03-18 18:13 . 2014-03-18 18:13 -------- d-----w- c:\windows\ERUNT
2014-03-17 10:08 . 2014-03-17 11:26 -------- d-----w- c:\users\notebook\AppData\Local\Adobe
2014-03-16 21:03 . 2014-03-17 18:10 -------- d-----w- c:\users\notebook\AppData\Roaming\Audacity
2014-03-16 21:02 . 2014-03-16 21:03 -------- d-----w- c:\program files\Audacity
2014-03-16 20:34 . 2014-03-16 20:34 -------- d-----w- c:\users\notebook\AppData\Local\Skype
2014-03-16 20:33 . 2014-03-16 20:33 -------- d-----w- c:\program files\Common Files\Skype
2014-03-16 20:30 . 2014-03-20 07:01 -------- d-----w- C:\AdwCleaner
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\users\notebook\AppData\Roaming\Malwarebytes
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\programdata\Malwarebytes
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-16 20:08 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-16 12:40 . 2014-03-20 07:01 -------- d-----w- c:\program files\Trend Micro
2014-03-16 12:40 . 2014-03-16 12:40 388096 ----a-r- c:\users\notebook\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-09 17:53 . 2014-03-17 15:52 -------- d-----w- c:\users\notebook\AppData\Local\Spotify
2014-03-09 17:51 . 2014-03-18 18:10 -------- d-----w- c:\users\notebook\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 17:40 . 2013-05-09 23:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 17:40 . 2013-05-09 23:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 16:41 . 2014-02-04 16:41 64168 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-02-04 16:41 . 2014-02-04 16:41 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-04 16:41 . 2014-02-04 16:41 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-04 16:41 . 2014-02-04 16:41 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-04 16:41 . 2014-02-04 16:41 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-04 16:41 . 2014-02-04 16:41 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-04 16:41 . 2014-02-04 16:41 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-02-04 16:41 . 2014-02-04 16:41 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-04 16:41 . 2014-02-04 16:41 43152 ----a-w- c:\windows\avastSS.scr
2013-12-25 16:23 . 2013-12-25 16:24 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-11-17 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-04 16:41 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\notebook\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-26 802136]
"Akamai NetSession Interface"="c:\users\notebook\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Spotify Web Helper"="c:\users\notebook\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-03-09 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-04-19 3926128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 145904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 181232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 189936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-04 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 FAH-02;Folding Service 02;c:\program files\Folding@Home 01\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
R2 MyPublicWiFiService;MyPublicWiFi Service;c:\program files\MyPublicWiFi\PublicWiFiService.exe [2011-12-02 597504]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 AIDA32Driver;AIDA32Driver;c:\program files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 3584]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-02-04 64168]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [2013-12-27 64808]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [2013-12-27 477960]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-17 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-04 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-04 410784]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-02-22 26208]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-04 67824]
S2 FAH-01;Folding Service 01;c:\program files\Folding@Home 01\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-03-23 27760]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys [2012-10-31 55680]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 289792]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2012-04-25 91760]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-03-23 1830512]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:34 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-09 17:40]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 16:41]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 16:41]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 193.85.2.100 8.8.8.8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{4B4D5056-3700-A76A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\KMPV7\Passport.dll
Toolbar-{4B4D5056-3700-A76A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\KMPV7\Passport.dll
WebBrowser-{4B4D5056-3700-A76A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\KMPV7\Passport.dll
HKCU-Run-AdobeBridge - (no file)
c:\users\notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe
AddRemove-Neverwinter - c:\games\Cryptic Studios\Uninstall Neverwinter.exe
AddRemove-Rainmeter - c:\program files\Rainmeter\uninst.exe
AddRemove-{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1 - c:\program files\GameforgeLive\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-03-20 08:29:43
ComboFix-quarantined-files.txt 2014-03-20 07:29
.
Před spuštěním: 87 888 457 728 bytes free
Po spuštění: 87 621 287 936 bytes free
.
- - End Of File - - 4A2736A2D17AE6FDEEBB006AA8FBA4FA
A36C5E4F47E84449FF07ED3517B43A31
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
TCP: DhcpNameServer = 193.85.2.100 8.8.8.8 --tu IP zunáš?
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update
Driver::
SkypeUpdate
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
TCP: DhcpNameServer = 193.85.2.100 8.8.8.8 --tu IP zunáš?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 144
- Registrován: srpen 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:42, on 20.3.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Users\notebook\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\notebook\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\notebook\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MyPublicWiFi Service (MyPublicWiFiService) - Unknown owner - C:\Program Files\MyPublicWiFi\PublicWiFiService.exe
O23 - Service: MySQL56 - Unknown owner - C:/Program.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe
--
End of file - 8440 bytes
----------------------------------------------
ComboFix 14-03-19.01 - notebook 20.03.2014 16:05:04.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1033.18.3034.2091 [GMT 1:00]
Spuštěný z: c:\users\notebook\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\notebook\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdate.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.22.5\goopdate.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_am.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ar.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_bg.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_bn.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ca.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_cs.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_da.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_de.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_el.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_en.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_es.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_et.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fa.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fi.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fil.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_gu.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_hi.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_hr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_hu.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_id.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_is.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_it.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_iw.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ja.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_kn.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ko.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_lt.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_lv.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ml.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_mr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ms.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_nl.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_no.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_pl.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ro.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ru.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sk.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sl.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sv.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sw.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ta.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_te.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_th.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_tr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_uk.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ur.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_vi.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.22.5\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.22.5\psmachine.dll
c:\program files\Google\Update\1.3.22.5\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-20 do 2014-03-20 )))))))))))))))))))))))))))))))
.
.
2014-03-20 15:11 . 2014-03-20 15:14 -------- d-----w- c:\users\notebook\AppData\Local\temp
2014-03-20 15:11 . 2014-03-20 15:11 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-20 15:11 . 2014-03-20 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-19 13:00 . 2014-03-19 13:03 -------- d-----w- C:\WoW Cata 4.3.4 (Twinstar)
2014-03-19 09:40 . 2014-03-19 09:40 -------- d-----w- c:\users\notebook\AppData\Local\CrashDumps
2014-03-18 19:59 . 2014-03-18 19:59 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-03-18 18:13 . 2014-03-18 18:13 -------- d-----w- c:\windows\ERUNT
2014-03-17 10:08 . 2014-03-17 11:26 -------- d-----w- c:\users\notebook\AppData\Local\Adobe
2014-03-16 21:03 . 2014-03-17 18:10 -------- d-----w- c:\users\notebook\AppData\Roaming\Audacity
2014-03-16 21:02 . 2014-03-16 21:03 -------- d-----w- c:\program files\Audacity
2014-03-16 20:34 . 2014-03-16 20:34 -------- d-----w- c:\users\notebook\AppData\Local\Skype
2014-03-16 20:33 . 2014-03-16 20:33 -------- d-----w- c:\program files\Common Files\Skype
2014-03-16 20:30 . 2014-03-20 07:01 -------- d-----w- C:\AdwCleaner
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\users\notebook\AppData\Roaming\Malwarebytes
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\programdata\Malwarebytes
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-16 20:08 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-16 12:40 . 2014-03-20 07:01 -------- d-----w- c:\program files\Trend Micro
2014-03-16 12:40 . 2014-03-16 12:40 388096 ----a-r- c:\users\notebook\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-09 17:53 . 2014-03-17 15:52 -------- d-----w- c:\users\notebook\AppData\Local\Spotify
2014-03-09 17:51 . 2014-03-18 18:10 -------- d-----w- c:\users\notebook\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 17:40 . 2013-05-09 23:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 17:40 . 2013-05-09 23:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 16:41 . 2014-02-04 16:41 64168 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-02-04 16:41 . 2014-02-04 16:41 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-04 16:41 . 2014-02-04 16:41 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-04 16:41 . 2014-02-04 16:41 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-04 16:41 . 2014-02-04 16:41 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-04 16:41 . 2014-02-04 16:41 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-04 16:41 . 2014-02-04 16:41 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-02-04 16:41 . 2014-02-04 16:41 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-04 16:41 . 2014-02-04 16:41 43152 ----a-w- c:\windows\avastSS.scr
2013-12-25 16:23 . 2013-12-25 16:24 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-11-17 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-04 16:41 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\notebook\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-26 802136]
"Akamai NetSession Interface"="c:\users\notebook\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Spotify Web Helper"="c:\users\notebook\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-03-09 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-04-19 3926128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 145904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 181232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 189936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-04 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AIDA32Driver;AIDA32Driver;c:\program files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 3584]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [2013-12-27 64808]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [2013-12-27 477960]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-17 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-04 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-04 410784]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-02-22 26208]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-04 67824]
S2 FAH-01;Folding Service 01;c:\program files\Folding@Home 01\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 FAH-02;Folding Service 02;c:\program files\Folding@Home 01\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 MyPublicWiFiService;MyPublicWiFi Service;c:\program files\MyPublicWiFi\PublicWiFiService.exe [2011-12-02 597504]
S2 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-03-23 27760]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-02-04 64168]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys [2012-10-31 55680]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 289792]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2012-04-25 91760]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-03-23 1830512]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:34 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-09 17:40]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 193.85.1.100 8.8.8.8
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
c:\program files\MySQL\MySQL Server 5.6\bin\mysqld.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
c:\program files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2014-03-20 16:17:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-20 15:17
ComboFix2.txt 2014-03-20 07:29
.
Před spuštěním: 87 656 108 032 bytes free
Po spuštění: 87 243 526 144 bytes free
.
- - End Of File - - D251621C257B4F7C9CCE0AD7D4C61299
A36C5E4F47E84449FF07ED3517B43A31
Netuším co to je za IP.
Scan saved at 16:20:42, on 20.3.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Users\notebook\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\notebook\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\notebook\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MyPublicWiFi Service (MyPublicWiFiService) - Unknown owner - C:\Program Files\MyPublicWiFi\PublicWiFiService.exe
O23 - Service: MySQL56 - Unknown owner - C:/Program.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe
--
End of file - 8440 bytes
----------------------------------------------
ComboFix 14-03-19.01 - notebook 20.03.2014 16:05:04.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1033.18.3034.2091 [GMT 1:00]
Spuštěný z: c:\users\notebook\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\notebook\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdate.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.22.5\goopdate.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_am.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ar.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_bg.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_bn.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ca.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_cs.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_da.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_de.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_el.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_en.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_es.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_et.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fa.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fi.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fil.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_gu.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_hi.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_hr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_hu.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_id.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_is.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_it.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_iw.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ja.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_kn.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ko.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_lt.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_lv.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ml.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_mr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ms.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_nl.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_no.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_pl.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ro.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ru.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sk.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sl.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sv.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sw.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ta.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_te.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_th.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_tr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_uk.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ur.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_vi.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.22.5\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.22.5\psmachine.dll
c:\program files\Google\Update\1.3.22.5\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-20 do 2014-03-20 )))))))))))))))))))))))))))))))
.
.
2014-03-20 15:11 . 2014-03-20 15:14 -------- d-----w- c:\users\notebook\AppData\Local\temp
2014-03-20 15:11 . 2014-03-20 15:11 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-20 15:11 . 2014-03-20 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-19 13:00 . 2014-03-19 13:03 -------- d-----w- C:\WoW Cata 4.3.4 (Twinstar)
2014-03-19 09:40 . 2014-03-19 09:40 -------- d-----w- c:\users\notebook\AppData\Local\CrashDumps
2014-03-18 19:59 . 2014-03-18 19:59 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-03-18 18:13 . 2014-03-18 18:13 -------- d-----w- c:\windows\ERUNT
2014-03-17 10:08 . 2014-03-17 11:26 -------- d-----w- c:\users\notebook\AppData\Local\Adobe
2014-03-16 21:03 . 2014-03-17 18:10 -------- d-----w- c:\users\notebook\AppData\Roaming\Audacity
2014-03-16 21:02 . 2014-03-16 21:03 -------- d-----w- c:\program files\Audacity
2014-03-16 20:34 . 2014-03-16 20:34 -------- d-----w- c:\users\notebook\AppData\Local\Skype
2014-03-16 20:33 . 2014-03-16 20:33 -------- d-----w- c:\program files\Common Files\Skype
2014-03-16 20:30 . 2014-03-20 07:01 -------- d-----w- C:\AdwCleaner
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\users\notebook\AppData\Roaming\Malwarebytes
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\programdata\Malwarebytes
2014-03-16 20:08 . 2014-03-16 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-16 20:08 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-16 12:40 . 2014-03-20 07:01 -------- d-----w- c:\program files\Trend Micro
2014-03-16 12:40 . 2014-03-16 12:40 388096 ----a-r- c:\users\notebook\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-09 17:53 . 2014-03-17 15:52 -------- d-----w- c:\users\notebook\AppData\Local\Spotify
2014-03-09 17:51 . 2014-03-18 18:10 -------- d-----w- c:\users\notebook\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 17:40 . 2013-05-09 23:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 17:40 . 2013-05-09 23:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 16:41 . 2014-02-04 16:41 64168 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-02-04 16:41 . 2014-02-04 16:41 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-04 16:41 . 2014-02-04 16:41 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-04 16:41 . 2014-02-04 16:41 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-04 16:41 . 2014-02-04 16:41 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-04 16:41 . 2014-02-04 16:41 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-04 16:41 . 2014-02-04 16:41 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-02-04 16:41 . 2014-02-04 16:41 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-04 16:41 . 2014-02-04 16:41 43152 ----a-w- c:\windows\avastSS.scr
2013-12-25 16:23 . 2013-12-25 16:24 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-11-17 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-04 16:41 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\notebook\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-26 802136]
"Akamai NetSession Interface"="c:\users\notebook\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Spotify Web Helper"="c:\users\notebook\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-03-09 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-04-19 3926128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 145904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 181232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 189936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-04 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AIDA32Driver;AIDA32Driver;c:\program files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 3584]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [2013-12-27 64808]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [2013-12-27 477960]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-17 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-04 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-04 410784]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-02-22 26208]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-04 67824]
S2 FAH-01;Folding Service 01;c:\program files\Folding@Home 01\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 FAH-02;Folding Service 02;c:\program files\Folding@Home 01\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 MyPublicWiFiService;MyPublicWiFi Service;c:\program files\MyPublicWiFi\PublicWiFiService.exe [2011-12-02 597504]
S2 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-03-23 27760]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-02-04 64168]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys [2012-10-31 55680]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 289792]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2012-04-25 91760]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-03-23 1830512]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:34 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-09 17:40]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 193.85.1.100 8.8.8.8
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
c:\program files\MySQL\MySQL Server 5.6\bin\mysqld.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
c:\program files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2014-03-20 16:17:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-20 15:17
ComboFix2.txt 2014-03-20 07:29
.
Před spuštěním: 87 656 108 032 bytes free
Po spuštění: 87 243 526 144 bytes free
.
- - End Of File - - D251621C257B4F7C9CCE0AD7D4C61299
A36C5E4F47E84449FF07ED3517B43A31
Netuším co to je za IP.
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\userinit.exe
c:\windows\System32\user32.dll
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Návod
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\notebook\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\userinit.exe
c:\windows\System32\user32.dll
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 144
- Registrován: srpen 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
https://www.virustotal.com/en/file/7784 ... 395345849/
https://www.virustotal.com/en/file/88cf ... 395345966/
Pomalu začínám zvažovat přeinstalování Windowsů. Internet se odpojuje přibližně ve 4 hodinových intervalech, nicméně někdy se stane, že v jednom ze 100 restartů vše funguje jak má klidně i týden v kuse, dokud ho zase nerestartuju (dávám ho většinou jenom hibernovat). Nechával jsem si to jako poslední možnost, protože tu mám 300GB dat do školy a práce a nad zálohováním bych strávil celý den, ale jak to tak vypadá, nebudu mít na výběr.
Zatím děkuji za vaši práci. Pokud jste ještě nevyčerpali všechny možnosti, tak budu dál dělat co je potřeba.
https://www.virustotal.com/en/file/88cf ... 395345966/
Pomalu začínám zvažovat přeinstalování Windowsů. Internet se odpojuje přibližně ve 4 hodinových intervalech, nicméně někdy se stane, že v jednom ze 100 restartů vše funguje jak má klidně i týden v kuse, dokud ho zase nerestartuju (dávám ho většinou jenom hibernovat). Nechával jsem si to jako poslední možnost, protože tu mám 300GB dat do školy a práce a nad zálohováním bych strávil celý den, ale jak to tak vypadá, nebudu mít na výběr.
Zatím děkuji za vaši práci. Pokud jste ještě nevyčerpali všechny možnosti, tak budu dál dělat co je potřeba.
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Může blbnout síť. karta.
Stáhni si MiniToolBox
a spusť ho.
V okně zaškrtni čtverečky:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Potom klikni na GO , po chvíli skenu se objeví log s názvem „Result“ , zkopíruj sem celý jeho obsah.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Může blbnout síť. karta.
Stáhni si MiniToolBox
a spusť ho.
V okně zaškrtni čtverečky:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Potom klikni na GO , po chvíli skenu se objeví log s názvem „Result“ , zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 144
- Registrován: srpen 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
MiniToolBox by Farbar Version: 23-01-2014
Ran by notebook (administrator) on 21-03-2014 at 11:12:35
Running from "C:\Users\notebook\Downloads"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Atheros AR9485WB-EG Wireless Network Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 3 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled metric=100 nud=enabled
add address name="Wireless Network Connection 2" address=192.168.137.1
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : notebook-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-7E-D6-FB-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-FA-0A-53-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : FE-85-DE-A6-FB-B1
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 08-60-6E-94-03-36
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b921:a480:da17:73ff%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.155.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21. býezna 2014 10:58:00
Lease Expires . . . . . . . . . . : 22. býezna 2014 10:57:59
Default Gateway . . . . . . . . . : 192.168.155.1
DHCP Server . . . . . . . . . . . : 192.168.155.1
DHCPv6 IAID . . . . . . . . . . . : 403202158
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-1D-ED-DC-DC-85-DE-A6-FB-B1
DNS Servers . . . . . . . . . . . : 193.85.1.100
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9485WB-EG Wireless Network Adapter
Physical Address. . . . . . . . . : DC-85-DE-A6-FB-B1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : DC-85-DE-A6-FB-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6264CBB2-A10A-4596-ADAB-986EDDD7980F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2437:1df3:3f57:64f0(Preferred)
Link-local IPv6 Address . . . . . : fe80::2437:1df3:3f57:64f0%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{79C3A295-B505-4B25-9ED4-06B047A51E2A}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{7ED6FB3D-841F-40B9-9826-05D843BC661C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable Microsoft 6To4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{8CB443C1-724C-49ED-9783-1A1937A18B59}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{CF3FDC86-132F-4883-910C-74ABCB7FB1CC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{FA0A538E-2B56-4083-9D02-7B28850E5BCA}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: rs1.gts.cz
Address: 193.85.1.100
Name: google.com
Addresses: 2a00:1450:4001:c02::65
173.194.70.100
173.194.70.138
173.194.70.102
173.194.70.139
173.194.70.113
173.194.70.101
Pinging google.com [173.194.70.138] with 32 bytes of data:
Reply from 173.194.70.138: bytes=32 time=15ms TTL=50
Reply from 173.194.70.138: bytes=32 time=15ms TTL=50
Ping statistics for 173.194.70.138:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 15ms, Average = 15ms
Server: rs1.gts.cz
Address: 193.85.1.100
Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=187ms TTL=52
Reply from 98.139.183.24: bytes=32 time=132ms TTL=51
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 132ms, Maximum = 187ms, Average = 159ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
21...00 ff 7e d6 fb 3d ......TAP-Win32 Adapter V9
20...00 ff fa 0a 53 8e ......TAP-Win32 Adapter V9
16...fe 85 de a6 fb b1 ......Microsoft Virtual WiFi Miniport Adapter
15...08 60 6e 94 03 36 ......Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
13...dc 85 de a6 fb b1 ......Atheros AR9485WB-EG Wireless Network Adapter
12...dc 85 de a6 fb b0 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.155.1 192.168.155.15 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.155.0 255.255.255.0 On-link 192.168.155.15 276
192.168.155.15 255.255.255.255 On-link 192.168.155.15 276
192.168.155.255 255.255.255.255 On-link 192.168.155.15 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.155.15 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.155.15 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:5ef5:79fd:2437:1df3:3f57:64f0/128
On-link
15 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::2437:1df3:3f57:64f0/128
On-link
15 276 fe80::b921:a480:da17:73ff/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
15 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\PrxerNsp.dll [56424] ()
Catalog9 01 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 02 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 03 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 04 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 59 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 60 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (03/21/2014 09:43:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: Darksiders2.exe, version: 0.0.0.0, time stamp: 0x50241afa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x53ff8b90
Faulting process id: 0x418
Faulting application start time: 0xDarksiders2.exe0
Faulting application path: Darksiders2.exe1
Faulting module path: Darksiders2.exe2
Report Id: Darksiders2.exe3
Error: (03/21/2014 07:41:13 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:12 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:11 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:10 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:09 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:08 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:07 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:06 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:05 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
System errors:
=============
Error: (03/21/2014 11:03:36 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 11:02:44 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 11:02:33 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 11:01:31 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 10:58:05 AM) (Source: Service Control Manager) (User: )
Description: The atksgt service failed to start due to the following error:
%%1275
Error: (03/21/2014 10:58:05 AM) (Source: Application Popup) (User: )
Description: Driver atksgt.sys has been blocked from loading.
Error: (03/21/2014 10:57:54 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:27:04 on ?21.?3.?2014 was unexpected.
Error: (03/21/2014 09:27:42 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 09:19:59 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 09:04:52 AM) (Source: ipnathlp) (User: )
Description: 0
Microsoft Office Sessions:
=========================
Error: (03/21/2014 09:43:01 AM) (Source: Application Error)(User: )
Description: Darksiders2.exe0.0.0.050241afaunknown0.0.0.000000000c000000553ff8b9041801cf44dd27dc6a04C:\Program Files\THQ\Darksiders II\Darksiders2.exeunknowncefb6989-b0d4-11e3-ba28-dc85dea6fbb0
Error: (03/21/2014 07:41:13 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:12 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:11 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:10 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:09 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:08 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:07 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:06 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:05 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
=========================== Installed Programs ============================
µTorrent (Version: 3.3.0.29126)
Adobe Flash Media Live Encoder 3.2 (Version: 3.2.0)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI - Czech (Version: 11.0.00)
Akamai NetSession Interface
AKVIS Coloriage (Version: 9.0.1044.9177)
Assassin's Creed (Version: 1.01)
Assassin's Creed Brotherhood (Version: 1.00)
Assassin's Creed II (Version: 1.00)
ASUS Smart Gesture (Version: 1.0.35)
ASUS Virtual Camera (Version: 1.0.25)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.15.16)
Audacity 2.0.5 (Version: 2.0.5)
avast! Free Antivirus (Version: 9.0.2013)
Battle.net
BitRaider Web Client (Version: 1.1.9.9)
CCleaner (Version: 4.11)
Darksiders II
Folding@Home Services (Version: 5.0.2.0)
Fraps (remove only)
Google Chrome (Version: 33.0.1750.154)
Google Update Helper (Version: 1.3.22.5)
Harry Potter a Princ Dvojí Krve™ (Version: 1.0.0.0)
Hearthstone
HiJackThis (Version: 1.0.0)
HMA! Pro VPN 2.8.3.1 (Version: 2.8.3.1)
IceChat 7.70 (Build 20101031) (Version: 7.70)
Intel(R) Management Engine Components (Version: 8.1.0.1252)
Intel(R) Processor Graphics (Version: 9.17.10.3062)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IPVanish (Version: 1.3.1.17)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.
KMP Media Toolbar (Version: 12.10.3.4602)
League of Legends (Version: 1.3)
LibreOffice 4.0.3.3 (Version: 4.0.3.3)
Machinima Studio (Version: 1.0.0)
Malwarebytes Anti-Malware verze 1.75.0.1300 (Version: 1.75.0.1300)
Marvel Heroes
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MP3 Cutter 1.9
Mumble 1.2.4 (Version: 1.2.4)
MyPublicWiFi 4.1
MySQL Installer (Version: 1.3.0.0)
MySQL Server 5.6 (Version: 5.6.12)
Notepad++ (Version: 6.4.5)
NVIDIA PhysX (Version: 9.12.1031)
Open Broadcaster Software
Opera 12.16 (Version: 12.16.1860)
Opera Stable 19.0.1326.59 (Version: 19.0.1326.59)
Pando Media Booster (Version: 2.6.0.9)
PDF Architect (Version: 1.1.83.9982)
PDF Settings CS6 (Version: 11.0)
PDFCreator (Version: 1.7.0)
Platform (Version: 1.39)
PowerISO (Version: 5.6)
PremiumSoft Navicat Lite 10.0
Proxifier version 3.15 (Version: 3.15)
Psi (remove only)
PunkBuster Services (Version: 0.990)
Qualcomm Atheros WiFi Driver Installation (Version: 3.0)
Skype™ 6.14 (Version: 6.14.104)
Spotify (Version: 0.9.7.16.g4b197456)
Star Wars The Old Republic (Version: 7.0.0.29)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
Subtitle Workshop 2.51
TeamSpeak 3 Client (Version: 3.0.13.1)
The KMPlayer (remove only) (Version: 3.6.0.87)
Titulky 1.0.1.beta (Version: 1.0.1.beta)
TmNationsForever
Total Commander (Remove or Repair) (Version: 8.01)
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: 2.6.1f3_31223)
VIA Platforma Ovladače zařízení (Version: 1.39)
Windows Driver Package - ASUS (ATP) Mouse (10/13/2012 1.0.0.146) (Version: 10/13/2012 1.0.0.146)
Windows Media Player Firefox Plugin (Version: 1.0.0.
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Wireless Console 3 (Version: 3.0.30)
Wolf's Profi Miranda-Pack 1.5.0
World of Warcraft
World of Warcraft Public Test
XSplit (Version: 1.2.1303.0101)
========================= Memory info: ===================================
Percentage of memory in use: 47%
Total physical RAM: 3033.68 MB
Available physical RAM: 1596.18 MB
Total Pagefile: 6065.64 MB
Available Pagefile: 3896.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.85 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:589.09 GB) (Free:58.47 GB) NTFS
2 Drive d: () (Fixed) (Total:9 GB) (Free:8.04 GB) NTFS
========================= Users: ========================================
User accounts for \\NOTEBOOK-PC
Administrator Guest notebook
**** End of log ****
Ran by notebook (administrator) on 21-03-2014 at 11:12:35
Running from "C:\Users\notebook\Downloads"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Atheros AR9485WB-EG Wireless Network Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 3 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled metric=100 nud=enabled
add address name="Wireless Network Connection 2" address=192.168.137.1
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : notebook-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-7E-D6-FB-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-FA-0A-53-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : FE-85-DE-A6-FB-B1
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 08-60-6E-94-03-36
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b921:a480:da17:73ff%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.155.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21. býezna 2014 10:58:00
Lease Expires . . . . . . . . . . : 22. býezna 2014 10:57:59
Default Gateway . . . . . . . . . : 192.168.155.1
DHCP Server . . . . . . . . . . . : 192.168.155.1
DHCPv6 IAID . . . . . . . . . . . : 403202158
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-1D-ED-DC-DC-85-DE-A6-FB-B1
DNS Servers . . . . . . . . . . . : 193.85.1.100
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9485WB-EG Wireless Network Adapter
Physical Address. . . . . . . . . : DC-85-DE-A6-FB-B1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : DC-85-DE-A6-FB-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6264CBB2-A10A-4596-ADAB-986EDDD7980F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2437:1df3:3f57:64f0(Preferred)
Link-local IPv6 Address . . . . . : fe80::2437:1df3:3f57:64f0%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{79C3A295-B505-4B25-9ED4-06B047A51E2A}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{7ED6FB3D-841F-40B9-9826-05D843BC661C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable Microsoft 6To4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{8CB443C1-724C-49ED-9783-1A1937A18B59}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{CF3FDC86-132F-4883-910C-74ABCB7FB1CC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{FA0A538E-2B56-4083-9D02-7B28850E5BCA}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: rs1.gts.cz
Address: 193.85.1.100
Name: google.com
Addresses: 2a00:1450:4001:c02::65
173.194.70.100
173.194.70.138
173.194.70.102
173.194.70.139
173.194.70.113
173.194.70.101
Pinging google.com [173.194.70.138] with 32 bytes of data:
Reply from 173.194.70.138: bytes=32 time=15ms TTL=50
Reply from 173.194.70.138: bytes=32 time=15ms TTL=50
Ping statistics for 173.194.70.138:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 15ms, Average = 15ms
Server: rs1.gts.cz
Address: 193.85.1.100
Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=187ms TTL=52
Reply from 98.139.183.24: bytes=32 time=132ms TTL=51
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 132ms, Maximum = 187ms, Average = 159ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
21...00 ff 7e d6 fb 3d ......TAP-Win32 Adapter V9
20...00 ff fa 0a 53 8e ......TAP-Win32 Adapter V9
16...fe 85 de a6 fb b1 ......Microsoft Virtual WiFi Miniport Adapter
15...08 60 6e 94 03 36 ......Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
13...dc 85 de a6 fb b1 ......Atheros AR9485WB-EG Wireless Network Adapter
12...dc 85 de a6 fb b0 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.155.1 192.168.155.15 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.155.0 255.255.255.0 On-link 192.168.155.15 276
192.168.155.15 255.255.255.255 On-link 192.168.155.15 276
192.168.155.255 255.255.255.255 On-link 192.168.155.15 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.155.15 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.155.15 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:5ef5:79fd:2437:1df3:3f57:64f0/128
On-link
15 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::2437:1df3:3f57:64f0/128
On-link
15 276 fe80::b921:a480:da17:73ff/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
15 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\PrxerNsp.dll [56424] ()
Catalog9 01 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 02 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 03 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 04 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\PrxerDrv.dll [70248] (Initex)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 59 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 60 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (03/21/2014 09:43:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: Darksiders2.exe, version: 0.0.0.0, time stamp: 0x50241afa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x53ff8b90
Faulting process id: 0x418
Faulting application start time: 0xDarksiders2.exe0
Faulting application path: Darksiders2.exe1
Faulting module path: Darksiders2.exe2
Report Id: Darksiders2.exe3
Error: (03/21/2014 07:41:13 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:12 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:11 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:10 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:09 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:08 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:07 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:06 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:05 AM) (Source: PublicWiFiService.exe) (User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
System errors:
=============
Error: (03/21/2014 11:03:36 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 11:02:44 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 11:02:33 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 11:01:31 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 10:58:05 AM) (Source: Service Control Manager) (User: )
Description: The atksgt service failed to start due to the following error:
%%1275
Error: (03/21/2014 10:58:05 AM) (Source: Application Popup) (User: )
Description: Driver atksgt.sys has been blocked from loading.
Error: (03/21/2014 10:57:54 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:27:04 on ?21.?3.?2014 was unexpected.
Error: (03/21/2014 09:27:42 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 09:19:59 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/21/2014 09:04:52 AM) (Source: ipnathlp) (User: )
Description: 0
Microsoft Office Sessions:
=========================
Error: (03/21/2014 09:43:01 AM) (Source: Application Error)(User: )
Description: Darksiders2.exe0.0.0.050241afaunknown0.0.0.000000000c000000553ff8b9041801cf44dd27dc6a04C:\Program Files\THQ\Darksiders II\Darksiders2.exeunknowncefb6989-b0d4-11e3-ba28-dc85dea6fbb0
Error: (03/21/2014 07:41:13 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:12 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:11 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:10 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:09 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:08 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:07 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:06 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
Error: (03/21/2014 07:41:05 AM) (Source: PublicWiFiService.exe)(User: )
Description: Windows-Socket-Fehler: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full (10055), auf API 'connect'
=========================== Installed Programs ============================
µTorrent (Version: 3.3.0.29126)
Adobe Flash Media Live Encoder 3.2 (Version: 3.2.0)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI - Czech (Version: 11.0.00)
Akamai NetSession Interface
AKVIS Coloriage (Version: 9.0.1044.9177)
Assassin's Creed (Version: 1.01)
Assassin's Creed Brotherhood (Version: 1.00)
Assassin's Creed II (Version: 1.00)
ASUS Smart Gesture (Version: 1.0.35)
ASUS Virtual Camera (Version: 1.0.25)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.15.16)
Audacity 2.0.5 (Version: 2.0.5)
avast! Free Antivirus (Version: 9.0.2013)
Battle.net
BitRaider Web Client (Version: 1.1.9.9)
CCleaner (Version: 4.11)
Darksiders II
Folding@Home Services (Version: 5.0.2.0)
Fraps (remove only)
Google Chrome (Version: 33.0.1750.154)
Google Update Helper (Version: 1.3.22.5)
Harry Potter a Princ Dvojí Krve™ (Version: 1.0.0.0)
Hearthstone
HiJackThis (Version: 1.0.0)
HMA! Pro VPN 2.8.3.1 (Version: 2.8.3.1)
IceChat 7.70 (Build 20101031) (Version: 7.70)
Intel(R) Management Engine Components (Version: 8.1.0.1252)
Intel(R) Processor Graphics (Version: 9.17.10.3062)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IPVanish (Version: 1.3.1.17)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.
KMP Media Toolbar (Version: 12.10.3.4602)
League of Legends (Version: 1.3)
LibreOffice 4.0.3.3 (Version: 4.0.3.3)
Machinima Studio (Version: 1.0.0)
Malwarebytes Anti-Malware verze 1.75.0.1300 (Version: 1.75.0.1300)
Marvel Heroes
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MP3 Cutter 1.9
Mumble 1.2.4 (Version: 1.2.4)
MyPublicWiFi 4.1
MySQL Installer (Version: 1.3.0.0)
MySQL Server 5.6 (Version: 5.6.12)
Notepad++ (Version: 6.4.5)
NVIDIA PhysX (Version: 9.12.1031)
Open Broadcaster Software
Opera 12.16 (Version: 12.16.1860)
Opera Stable 19.0.1326.59 (Version: 19.0.1326.59)
Pando Media Booster (Version: 2.6.0.9)
PDF Architect (Version: 1.1.83.9982)
PDF Settings CS6 (Version: 11.0)
PDFCreator (Version: 1.7.0)
Platform (Version: 1.39)
PowerISO (Version: 5.6)
PremiumSoft Navicat Lite 10.0
Proxifier version 3.15 (Version: 3.15)
Psi (remove only)
PunkBuster Services (Version: 0.990)
Qualcomm Atheros WiFi Driver Installation (Version: 3.0)
Skype™ 6.14 (Version: 6.14.104)
Spotify (Version: 0.9.7.16.g4b197456)
Star Wars The Old Republic (Version: 7.0.0.29)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
Subtitle Workshop 2.51
TeamSpeak 3 Client (Version: 3.0.13.1)
The KMPlayer (remove only) (Version: 3.6.0.87)
Titulky 1.0.1.beta (Version: 1.0.1.beta)
TmNationsForever
Total Commander (Remove or Repair) (Version: 8.01)
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: 2.6.1f3_31223)
VIA Platforma Ovladače zařízení (Version: 1.39)
Windows Driver Package - ASUS (ATP) Mouse (10/13/2012 1.0.0.146) (Version: 10/13/2012 1.0.0.146)
Windows Media Player Firefox Plugin (Version: 1.0.0.
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Wireless Console 3 (Version: 3.0.30)
Wolf's Profi Miranda-Pack 1.5.0
World of Warcraft
World of Warcraft Public Test
XSplit (Version: 1.2.1303.0101)
========================= Memory info: ===================================
Percentage of memory in use: 47%
Total physical RAM: 3033.68 MB
Available physical RAM: 1596.18 MB
Total Pagefile: 6065.64 MB
Available Pagefile: 3896.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.85 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:589.09 GB) (Free:58.47 GB) NTFS
2 Drive d: () (Fixed) (Total:9 GB) (Free:8.04 GB) NTFS
========================= Users: ========================================
User accounts for \\NOTEBOOK-PC
Administrator Guest notebook
**** End of log ****
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43113
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o překontrolování
Spusť znovu MiniToolBox.
Zaškrtni čtverečky:
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Device * Only problem * No Driver *All
List Minidump Files
Potom klikni na GO , po chvíli skenu se objeví log s názvem „Result“ , zkopíruj sem celý jeho obsah.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Zaškrtni čtverečky:
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Device * Only problem * No Driver *All
List Minidump Files
Potom klikni na GO , po chvíli skenu se objeví log s názvem „Result“ , zkopíruj sem celý jeho obsah.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Error: (03/21/2014 09:43:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: Darksiders2.exe, version: 0.0.0.0, time stamp: 0x50241afa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x53ff8b90
Faulting process id: 0x418
Faulting application start time: 0xDarksiders2.exe0
Faulting application path: Darksiders2.exe1
Faulting module path: Darksiders2.exe2
Report Id: Darksiders2.exe3
Error: (03/21/2014 09:19:59 AM) (Source: ipnathlp) (User: )
Description: 0
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů