Re: Prosím o kontrolu logu
Napsal: 03 zář 2017 10:04
RogueKiller
Omylem jsem neoznačil napoprvé všechno, tak jsem to musel pustit dvakrát ale druhý log nemůžu najít. Posílám ten první.
RogueKiller V12.11.11.0 [Aug 21 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : AutoCont [Práva správce]
Started from : C:\Users\AutoCont\Desktop\RogueKiller_portable32.exe
Mód : Smazat -- Datum : 08/31/2017 10:05:10 (Duration : 00:49:45)
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUM.Proxy] HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Nevybráno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://cs.intl.acer.yahoo.com -> Nevybráno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://cs.intl.acer.yahoo.com -> Nevybráno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 1.1.1.1 8.8.8.8 ([AU][-]) -> Nevybráno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{761BB808-11F2-4392-99B7-FB3EB6061B91} | DhcpNameServer : 1.1.1.1 8.8.8.8 ([AU][-]) -> Nevybráno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8B720273-1ACA-469F-BA95-AFB8D98B9A68}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{69274805-D9A5-48B6-8F6D-09BC65135B99}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8B720273-1ACA-469F-BA95-AFB8D98B9A68}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{69274805-D9A5-48B6-8F6D-09BC65135B99}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8B720273-1ACA-469F-BA95-AFB8D98B9A68}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{69274805-D9A5-48B6-8F6D-09BC65135B99}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
¤¤¤ Úlohy : 13 ¤¤¤
[Hj.Shortcut] \{07D881D8-8A27-40B9-A481-1F139FB6D3A2} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
[Hj.Shortcut] \{2E56DB05-4F10-48A5-A52D-0BFBD3D8C803} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
[Hj.Shortcut] \{4DB01043-59F8-4D96-BEFF-8FC64E1B1612} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.5.0.124.259/ ... d;disabled) -> Smazáno
[Hj.Shortcut] \{6A20AAD2-E913-4A7B-9BAE-7C171F2652C8} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.2.0.152/cs/g ... Error=1603) -> Smazáno
[Hj.Shortcut] \{79958A69-40F6-470A-BD9A-85338E5EEC4D} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.5.0.124.259/ ... tinstaller) -> Smazáno
[Hj.Shortcut] \{7ED6081A-6D80-4039-9103-7DBFC11E8594} -- "c:\program files\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.6.73.106.456 ... age=tsMain) -> Smazáno
[Hj.Shortcut] \{8ECF6882-00E9-4618-A30C-40A0A3FDE870} -- "c:\program files\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.6.73.106.456 ... age=tsBing) -> Smazáno
[Hj.Shortcut] \{A1B58029-39D0-4FF3-8B9D-C7B0EDB520E8} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.3.0.120.259/ ... adedefault) -> Smazáno
[Hj.Shortcut] \{AA53ACC2-D2DC-4975-A873-706F41FAC45C} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.17.0.105.259 ... age=tsMain) -> Smazáno
[Hj.Shortcut] \{AE6B3FBF-65AA-420F-914A-76076E9C7C85} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.1.0.104.259/ ... velpresent) -> Smazáno
[Hj.Shortcut] \{AEAAA158-B2C6-4184-9941-8AF1C1BB4284} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.3.0.120.259/ ... velpresent) -> Smazáno
[Hj.Shortcut] \{FAFFE941-5D00-415A-866E-777D5044BE5D} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
[Hj.Shortcut] \{FE5CE28F-3B65-4C0B-8C4E-06834AD18F87} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS542516K9SA00 ATA Device +++++
--- User ---
[MBR] 41bac060d3705df50b7223d14d939549
[BSP] a6fd32d9d93473571153e9846cd9a1ca : Acer|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 11993 MB
1 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 24563712 | Size: 70424 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 168792064 | Size: 70208 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Zoek
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by AutoCont on pá 01.09.2017 at 23:38:27,90.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\AutoCont\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2017-08-31-205200.log 1255 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\Alwil Software deleted successfully
C:\Program Files\Fotolab deleted successfully
C:\Program Files\JetAudio deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\TiskProRadost deleted successfully
C:\Program Files\Yahoo! deleted successfully
C:\Program Files\Common Files\Nero deleted successfully
C:\Program Files\Common Files\Steam deleted successfully
C:\Program Files\Common Files\SWF Studio deleted successfully
C:\PROGRA~2\BlazeVideo deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\SSScanAppDataDir deleted successfully
C:\PROGRA~2\WLInstaller deleted successfully
C:\Users\AutoCont\AppData\Roaming\COWON deleted successfully
C:\Users\AutoCont\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\AutoCont\AppData\Roaming\Yahoo! deleted successfully
C:\Users\AutoCont\AppData\Local\MakeDisc deleted successfully
C:\Users\AutoCont\AppData\Local\MicroVision Applications deleted successfully
C:\Users\AutoCont\AppData\Local\Skype deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\prefs.js:
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\prefs.js:
Deleted from C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default\prefs.js:
Added to C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_02.09.2017_0010_.backup
ProfilePath: C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_02.09.2017_0010_.backup
==== Deleting Files \ Folders ======================
C:\Program Files\Alwil Software not found
C:\Program Files\Fotolab not found
C:\Program Files\JetAudio not found
C:\Program Files\TiskProRadost not found
C:\Program Files\Yahoo! not found
C:\Program Files\Windows Live SkyDrive deleted
C:\Program Files\GUM4AB5.tmp deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\AppData\Local\AVAST Software deleted
C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\Invalidprefs.js deleted
C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\GoogleToolbarData deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [09.08.2012 21:15]
ComboFix
ComboFix 17-09-01.01 - AutoCont 01.09.2017 23:10:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.238 [GMT 2:00]
Spuštěný z: c:\users\AutoCont\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\AutoCont\AppData\Roaming\.#
c:\users\AutoCont\AppData\Roaming\.#\MBX@11E0@3F2990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@11E0@3F29C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@11E0@3F29F0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@1548@1D02990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@1548@1D029C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@1548@1D029F0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@4B7C@1B52990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@4B7C@1B529C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@4B7C@1B529F0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@E34@1BB2990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@E34@1BB29C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@E34@1BB29F0.###
c:\users\AutoCont\AppData\Roaming\Microsoft\Windows\Recent\FastStone Image Viewer (2).url
c:\users\AutoCont\AppData\Roaming\Microsoft\Windows\Recent\FastStone Image Viewer.url
c:\windows\system32\AF15BDAEX.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-08-01 do 2017-09-01 )))))))))))))))))))))))))))))))
.
.
2017-09-01 21:28 . 2017-09-01 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-09-01 20:58 . 2017-09-01 20:58 -------- d-----w- c:\programdata\SWCUTemp
2017-08-31 20:52 . 2017-08-31 20:52 -------- dc----w- C:\$AV_ASW
2017-08-31 20:48 . 2017-08-31 20:48 -------- dc----w- C:\zoek_backup
2017-08-31 07:33 . 2017-08-26 06:49 84928 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2017-08-28 13:12 . 2017-08-31 19:50 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-08-28 13:06 . 2017-08-28 14:33 -------- d-----w- c:\programdata\RogueKiller
2017-08-28 06:25 . 2017-08-28 06:25 -------- d-----w- c:\programdata\Sophos
2017-08-28 06:23 . 2017-08-28 06:23 -------- d-----w- c:\program files\Sophos
2017-08-26 06:48 . 2017-08-26 22:29 -------- dc----w- C:\AdwCleaner
2017-08-22 22:27 . 2017-08-22 22:27 -------- dc----w- C:\My PDF
2017-08-22 22:27 . 2017-08-22 22:27 -------- d-----w- c:\program files\Weeny Free Word to PDF Converter
2017-08-21 20:06 . 2013-11-12 10:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-08-21 17:16 . 2017-08-21 17:16 -------- d-----w- c:\users\Public\CyberLink
2017-08-21 17:15 . 2017-08-21 17:15 -------- d-----w- c:\users\AutoCont\Tracing
2017-08-21 17:12 . 2017-08-21 17:12 -------- d-----w- c:\program files\Common Files\Skype
2017-08-21 16:36 . 2017-08-21 15:22 303280 ----a-w- c:\windows\system32\aswBoot.exe
2017-08-21 16:13 . 2015-07-18 13:14 11616 ----a-w- c:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-08-21 15:59 . 2017-08-21 15:59 -------- d-----w- c:\windows\system32\config\systemprofile\{f871cebf-10d6-4121-aa88-b4d98fc12971}
2017-08-21 15:50 . 2017-08-21 15:50 -------- dc----w- C:\0b0ff799c201f75fe3cc72ff
2017-08-21 15:48 . 2017-08-21 15:48 -------- d-----w- c:\programdata\Package Cache
2017-08-21 15:35 . 2017-08-21 15:35 39752 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-08-21 15:32 . 2017-08-21 15:32 -------- d-----w- c:\users\AutoCont\AppData\Local\CEF
2017-08-21 15:28 . 2017-08-21 15:25 202688 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-08-21 15:28 . 2017-08-21 15:25 496976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-08-21 15:28 . 2017-08-21 15:25 296312 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-08-21 15:28 . 2017-08-21 17:44 123928 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2017-08-21 15:28 . 2017-08-21 15:25 70840 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-08-21 15:28 . 2017-08-21 15:25 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-08-21 15:28 . 2017-08-21 17:44 774320 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2017-08-21 15:28 . 2017-08-21 15:25 70088 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2017-08-21 15:28 . 2017-08-21 15:19 50384 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-08-21 15:28 . 2017-08-21 15:19 276736 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-08-21 15:28 . 2017-08-21 15:19 157416 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-08-21 15:28 . 2017-08-21 15:19 267008 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-08-21 15:27 . 2017-08-21 15:23 921280 ----a-w- c:\windows\ucrtbase.dll
2017-08-21 15:12 . 2017-08-21 15:35 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-08-08 13:11 . 2012-05-12 10:04 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-08-08 13:11 . 2011-07-12 19:26 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-10 19:44 . 2014-01-11 16:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-08-21 15:22 1210312 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2017-05-05 27716568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-08-21 213832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-4-19 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2588390014-3003545289-3532412750-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-14 10:42 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000Core.job
- c:\users\AutoCont\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-16 11:01]
.
2017-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000UA.job
- c:\users\AutoCont\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-16 11:01]
.
2015-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 12:09]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 1.1.1.1 8.8.8.8
FF - ProfilePath - c:\users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKCU-Run-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-4StoryPrePatch - f:\program files\Gameforge4D\4Story_CZ\PrePatch.exe
c:\users\AutoCont\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk - f:\verbatim green button\GREEN BUTTON.exe /a
SafeBoot-MBAMService
AddRemove-4Story_CZ_is1 - f:\program files\Gameforge4D\4Story_CZ\unins000.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
AddRemove-Verbatim GREEN BUTTON_is1 - f:\verbatim green button\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-09-01 23:29
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p\OpenWithList]
@Class="Shell"
"a"="wmplayer.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p\OpenWithProgids]
"TĘŰ_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\.*,%p]
@Allowed: (Read) (RestrictedCode)
@="TĘŰ_auto_file"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell]
@="Play"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Open \"%L\" "
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"
"MUIVerb"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9991"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Play \"%L\" "
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2017-09-01 23:33:46
ComboFix-quarantined-files.txt 2017-09-01 21:33
.
Před spuštěním: 4 254 986 240
Po spuštění: 4 123 275 264
.
- - End Of File - - 6346E9C986EF7C39F324965D04E3EFF0
A863475757CC50891AA8458C415E4B25
Omylem jsem neoznačil napoprvé všechno, tak jsem to musel pustit dvakrát ale druhý log nemůžu najít. Posílám ten první.
RogueKiller V12.11.11.0 [Aug 21 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : AutoCont [Práva správce]
Started from : C:\Users\AutoCont\Desktop\RogueKiller_portable32.exe
Mód : Smazat -- Datum : 08/31/2017 10:05:10 (Duration : 00:49:45)
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUM.Proxy] HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Nevybráno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://cs.intl.acer.yahoo.com -> Nevybráno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://cs.intl.acer.yahoo.com -> Nevybráno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 1.1.1.1 8.8.8.8 ([AU][-]) -> Nevybráno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{761BB808-11F2-4392-99B7-FB3EB6061B91} | DhcpNameServer : 1.1.1.1 8.8.8.8 ([AU][-]) -> Nevybráno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8B720273-1ACA-469F-BA95-AFB8D98B9A68}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{69274805-D9A5-48B6-8F6D-09BC65135B99}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8B720273-1ACA-469F-BA95-AFB8D98B9A68}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{69274805-D9A5-48B6-8F6D-09BC65135B99}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8B720273-1ACA-469F-BA95-AFB8D98B9A68}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{69274805-D9A5-48B6-8F6D-09BC65135B99}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
¤¤¤ Úlohy : 13 ¤¤¤
[Hj.Shortcut] \{07D881D8-8A27-40B9-A481-1F139FB6D3A2} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
[Hj.Shortcut] \{2E56DB05-4F10-48A5-A52D-0BFBD3D8C803} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
[Hj.Shortcut] \{4DB01043-59F8-4D96-BEFF-8FC64E1B1612} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.5.0.124.259/ ... d;disabled) -> Smazáno
[Hj.Shortcut] \{6A20AAD2-E913-4A7B-9BAE-7C171F2652C8} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.2.0.152/cs/g ... Error=1603) -> Smazáno
[Hj.Shortcut] \{79958A69-40F6-470A-BD9A-85338E5EEC4D} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.5.0.124.259/ ... tinstaller) -> Smazáno
[Hj.Shortcut] \{7ED6081A-6D80-4039-9103-7DBFC11E8594} -- "c:\program files\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.6.73.106.456 ... age=tsMain) -> Smazáno
[Hj.Shortcut] \{8ECF6882-00E9-4618-A30C-40A0A3FDE870} -- "c:\program files\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.6.73.106.456 ... age=tsBing) -> Smazáno
[Hj.Shortcut] \{A1B58029-39D0-4FF3-8B9D-C7B0EDB520E8} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.3.0.120.259/ ... adedefault) -> Smazáno
[Hj.Shortcut] \{AA53ACC2-D2DC-4975-A873-706F41FAC45C} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.17.0.105.259 ... age=tsMain) -> Smazáno
[Hj.Shortcut] \{AE6B3FBF-65AA-420F-914A-76076E9C7C85} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.1.0.104.259/ ... velpresent) -> Smazáno
[Hj.Shortcut] \{AEAAA158-B2C6-4184-9941-8AF1C1BB4284} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.3.0.120.259/ ... velpresent) -> Smazáno
[Hj.Shortcut] \{FAFFE941-5D00-415A-866E-777D5044BE5D} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
[Hj.Shortcut] \{FE5CE28F-3B65-4C0B-8C4E-06834AD18F87} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS542516K9SA00 ATA Device +++++
--- User ---
[MBR] 41bac060d3705df50b7223d14d939549
[BSP] a6fd32d9d93473571153e9846cd9a1ca : Acer|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 11993 MB
1 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 24563712 | Size: 70424 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 168792064 | Size: 70208 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Zoek
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by AutoCont on pá 01.09.2017 at 23:38:27,90.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\AutoCont\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2017-08-31-205200.log 1255 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\Alwil Software deleted successfully
C:\Program Files\Fotolab deleted successfully
C:\Program Files\JetAudio deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\TiskProRadost deleted successfully
C:\Program Files\Yahoo! deleted successfully
C:\Program Files\Common Files\Nero deleted successfully
C:\Program Files\Common Files\Steam deleted successfully
C:\Program Files\Common Files\SWF Studio deleted successfully
C:\PROGRA~2\BlazeVideo deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\SSScanAppDataDir deleted successfully
C:\PROGRA~2\WLInstaller deleted successfully
C:\Users\AutoCont\AppData\Roaming\COWON deleted successfully
C:\Users\AutoCont\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\AutoCont\AppData\Roaming\Yahoo! deleted successfully
C:\Users\AutoCont\AppData\Local\MakeDisc deleted successfully
C:\Users\AutoCont\AppData\Local\MicroVision Applications deleted successfully
C:\Users\AutoCont\AppData\Local\Skype deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\prefs.js:
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\prefs.js:
Deleted from C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default\prefs.js:
Added to C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_02.09.2017_0010_.backup
ProfilePath: C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_02.09.2017_0010_.backup
==== Deleting Files \ Folders ======================
C:\Program Files\Alwil Software not found
C:\Program Files\Fotolab not found
C:\Program Files\JetAudio not found
C:\Program Files\TiskProRadost not found
C:\Program Files\Yahoo! not found
C:\Program Files\Windows Live SkyDrive deleted
C:\Program Files\GUM4AB5.tmp deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\AppData\Local\AVAST Software deleted
C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\Invalidprefs.js deleted
C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\GoogleToolbarData deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [09.08.2012 21:15]
ComboFix
ComboFix 17-09-01.01 - AutoCont 01.09.2017 23:10:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.238 [GMT 2:00]
Spuštěný z: c:\users\AutoCont\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\AutoCont\AppData\Roaming\.#
c:\users\AutoCont\AppData\Roaming\.#\MBX@11E0@3F2990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@11E0@3F29C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@11E0@3F29F0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@1548@1D02990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@1548@1D029C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@1548@1D029F0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@4B7C@1B52990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@4B7C@1B529C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@4B7C@1B529F0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@E34@1BB2990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@E34@1BB29C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@E34@1BB29F0.###
c:\users\AutoCont\AppData\Roaming\Microsoft\Windows\Recent\FastStone Image Viewer (2).url
c:\users\AutoCont\AppData\Roaming\Microsoft\Windows\Recent\FastStone Image Viewer.url
c:\windows\system32\AF15BDAEX.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-08-01 do 2017-09-01 )))))))))))))))))))))))))))))))
.
.
2017-09-01 21:28 . 2017-09-01 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-09-01 20:58 . 2017-09-01 20:58 -------- d-----w- c:\programdata\SWCUTemp
2017-08-31 20:52 . 2017-08-31 20:52 -------- dc----w- C:\$AV_ASW
2017-08-31 20:48 . 2017-08-31 20:48 -------- dc----w- C:\zoek_backup
2017-08-31 07:33 . 2017-08-26 06:49 84928 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2017-08-28 13:12 . 2017-08-31 19:50 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-08-28 13:06 . 2017-08-28 14:33 -------- d-----w- c:\programdata\RogueKiller
2017-08-28 06:25 . 2017-08-28 06:25 -------- d-----w- c:\programdata\Sophos
2017-08-28 06:23 . 2017-08-28 06:23 -------- d-----w- c:\program files\Sophos
2017-08-26 06:48 . 2017-08-26 22:29 -------- dc----w- C:\AdwCleaner
2017-08-22 22:27 . 2017-08-22 22:27 -------- dc----w- C:\My PDF
2017-08-22 22:27 . 2017-08-22 22:27 -------- d-----w- c:\program files\Weeny Free Word to PDF Converter
2017-08-21 20:06 . 2013-11-12 10:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-08-21 17:16 . 2017-08-21 17:16 -------- d-----w- c:\users\Public\CyberLink
2017-08-21 17:15 . 2017-08-21 17:15 -------- d-----w- c:\users\AutoCont\Tracing
2017-08-21 17:12 . 2017-08-21 17:12 -------- d-----w- c:\program files\Common Files\Skype
2017-08-21 16:36 . 2017-08-21 15:22 303280 ----a-w- c:\windows\system32\aswBoot.exe
2017-08-21 16:13 . 2015-07-18 13:14 11616 ----a-w- c:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-08-21 15:59 . 2017-08-21 15:59 -------- d-----w- c:\windows\system32\config\systemprofile\{f871cebf-10d6-4121-aa88-b4d98fc12971}
2017-08-21 15:50 . 2017-08-21 15:50 -------- dc----w- C:\0b0ff799c201f75fe3cc72ff
2017-08-21 15:48 . 2017-08-21 15:48 -------- d-----w- c:\programdata\Package Cache
2017-08-21 15:35 . 2017-08-21 15:35 39752 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-08-21 15:32 . 2017-08-21 15:32 -------- d-----w- c:\users\AutoCont\AppData\Local\CEF
2017-08-21 15:28 . 2017-08-21 15:25 202688 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-08-21 15:28 . 2017-08-21 15:25 496976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-08-21 15:28 . 2017-08-21 15:25 296312 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-08-21 15:28 . 2017-08-21 17:44 123928 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2017-08-21 15:28 . 2017-08-21 15:25 70840 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-08-21 15:28 . 2017-08-21 15:25 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-08-21 15:28 . 2017-08-21 17:44 774320 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2017-08-21 15:28 . 2017-08-21 15:25 70088 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2017-08-21 15:28 . 2017-08-21 15:19 50384 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-08-21 15:28 . 2017-08-21 15:19 276736 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-08-21 15:28 . 2017-08-21 15:19 157416 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-08-21 15:28 . 2017-08-21 15:19 267008 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-08-21 15:27 . 2017-08-21 15:23 921280 ----a-w- c:\windows\ucrtbase.dll
2017-08-21 15:12 . 2017-08-21 15:35 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-08-08 13:11 . 2012-05-12 10:04 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-08-08 13:11 . 2011-07-12 19:26 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-10 19:44 . 2014-01-11 16:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-08-21 15:22 1210312 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2017-05-05 27716568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-08-21 213832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-4-19 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2588390014-3003545289-3532412750-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-14 10:42 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000Core.job
- c:\users\AutoCont\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-16 11:01]
.
2017-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000UA.job
- c:\users\AutoCont\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-16 11:01]
.
2015-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 12:09]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 1.1.1.1 8.8.8.8
FF - ProfilePath - c:\users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKCU-Run-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-4StoryPrePatch - f:\program files\Gameforge4D\4Story_CZ\PrePatch.exe
c:\users\AutoCont\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk - f:\verbatim green button\GREEN BUTTON.exe /a
SafeBoot-MBAMService
AddRemove-4Story_CZ_is1 - f:\program files\Gameforge4D\4Story_CZ\unins000.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
AddRemove-Verbatim GREEN BUTTON_is1 - f:\verbatim green button\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-09-01 23:29
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p\OpenWithList]
@Class="Shell"
"a"="wmplayer.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p\OpenWithProgids]
"TĘŰ_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\.*,%p]
@Allowed: (Read) (RestrictedCode)
@="TĘŰ_auto_file"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell]
@="Play"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Open \"%L\" "
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"
"MUIVerb"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9991"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Play \"%L\" "
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2017-09-01 23:33:46
ComboFix-quarantined-files.txt 2017-09-01 21:33
.
Před spuštěním: 4 254 986 240
Po spuštění: 4 123 275 264
.
- - End Of File - - 6346E9C986EF7C39F324965D04E3EFF0
A863475757CC50891AA8458C415E4B25