Prosím o kotrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uhernaut
Level 1
Level 1
Příspěvky: 89
Registrován: říjen 15
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod Uhernaut » 13 zář 2017 22:27

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.9.13
Operating System : Windows 7 64-bit
Processor : 2X Intel(R) Celeron(R) CPU B830 @ 1.80GHz
BIOS Mode : Legacy
CUID : 1252C031A12E025660FA98
Scan Type : Skenování systému
Duration : 40m 1s
Scanned Objects : 52948
Detected Objects : 0
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Nebyly zjištěny žádné hrozby


MB MSI B250M Gaming Pro, CPU Intel Core i5-7500 3,4 GHz, RAM Kingstone 2x4GB 2133MHz, VGA MSI GeForce GTX 1050 Ti, SSD 120 GB, HDD 1 TB 7200 ot., Chladič CPU COOLER SilentiumPC Spartan 3 Pro, Zdroj Corsair VS650, CASE AeroCool V3X

Reklama
Uhernaut
Level 1
Level 1
Příspěvky: 89
Registrován: říjen 15
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod Uhernaut » 13 zář 2017 22:27

ComboFix 17-09-01.01 - Alča 13.09.2017 19:59:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1932.859 [GMT 2:00]
Spuštěný z: c:\users\AlŔa\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-08-13 do 2017-09-13 )))))))))))))))))))))))))))))))
.
.
2017-09-13 18:58 . 2017-09-13 18:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2017-09-13 18:58 . 2017-09-13 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-09-13 18:04 . 2017-09-13 18:04 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1448DA7-5130-416F-8B73-C0645F2765B8}\offreg.2872.dll
2017-09-13 14:36 . 2017-09-13 14:36 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1448DA7-5130-416F-8B73-C0645F2765B8}\offreg.872.dll
2017-09-13 13:47 . 2017-09-13 13:47 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-09-13 13:47 . 2017-09-13 13:47 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-09-13 13:47 . 2017-09-13 13:48 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-09-13 13:47 . 2017-09-13 13:47 -------- d-----w- c:\users\Alča\AppData\Local\Zemana
2017-09-13 13:19 . 2017-09-13 13:19 -------- d-----w- C:\OneDriveTemp
2017-09-12 20:46 . 2017-09-12 20:07 24064 ----a-w- c:\windows\zoek-delete.exe
2017-09-12 20:45 . 2017-09-13 18:58 -------- d-----w- c:\users\Alča\AppData\Local\Temp
2017-09-12 20:41 . 2017-08-13 18:58 25730560 ----a-w- c:\windows\system32\mshtml.dll
2017-09-12 20:41 . 2017-08-15 14:06 15260160 ----a-w- c:\windows\system32\ieframe.dll
2017-09-12 20:41 . 2017-08-13 16:51 5981696 ----a-w- c:\windows\system32\jscript9.dll
2017-09-12 20:41 . 2017-08-13 15:48 4547072 ----a-w- c:\windows\SysWow64\jscript9.dll
2017-09-12 20:41 . 2017-08-13 15:40 3241472 ----a-w- c:\windows\system32\wininet.dll
2017-09-12 20:41 . 2017-08-13 15:17 2767872 ----a-w- c:\windows\SysWow64\wininet.dll
2017-09-12 20:41 . 2017-08-13 17:04 2899968 ----a-w- c:\windows\system32\iertutil.dll
2017-09-12 20:33 . 2017-08-13 16:27 13482976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1448DA7-5130-416F-8B73-C0645F2765B8}\mpengine.dll
2017-09-12 20:07 . 2017-09-12 20:40 -------- d-----w- C:\zoek_backup
2017-09-09 13:29 . 2017-09-10 17:17 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-09-09 13:29 . 2017-09-09 13:57 -------- d-----w- c:\programdata\RogueKiller
2017-09-09 13:28 . 2017-09-09 13:29 -------- d-----w- c:\program files\RogueKiller
2017-09-08 08:59 . 2017-09-08 08:59 192960 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-09-08 08:58 . 2017-09-13 16:54 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-09-08 08:58 . 2017-09-13 14:51 45472 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-09-08 08:57 . 2017-09-13 14:51 253888 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-09-08 08:56 . 2017-08-24 09:27 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-09-08 08:55 . 2017-09-08 08:55 -------- d-----w- c:\programdata\Malwarebytes
2017-09-08 08:55 . 2017-09-08 08:55 -------- d-----w- c:\program files\Malwarebytes
2017-09-08 08:41 . 2017-09-09 12:32 -------- d-----w- C:\AdwCleaner
2017-09-08 08:19 . 2017-09-08 08:19 -------- d-----w- c:\users\Alča\AppData\Local\Adobe
2017-09-07 20:04 . 2017-09-07 20:05 -------- d-----w- C:\cbc24c6807830c9c66e3d79e
2017-09-07 18:26 . 2017-09-07 18:28 -------- d-----w- C:\027043649d5d086311db8f
2017-09-05 19:03 . 2017-09-05 19:03 17407232 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2017-09-01 19:01 . 2017-09-01 19:01 -------- d-----w- c:\users\Alča\AppData\Roaming\Google
2017-08-24 04:25 . 2017-08-24 04:25 1591008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-13 14:13 . 2014-07-16 21:59 138202976 -c--a-w- c:\windows\system32\MRT.exe
2017-08-11 06:35 . 2017-09-12 20:40 345600 ----a-w- c:\windows\system32\schannel.dll
2017-08-11 06:35 . 2017-09-12 20:40 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-08-11 06:19 . 2017-09-12 20:40 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-08-11 06:19 . 2017-09-12 20:40 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-08-11 06:19 . 2017-09-12 20:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-07-29 14:56 . 2017-08-09 04:34 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-08-09 04:34 282624 ----a-w- c:\windows\SysWow64\mstext40.dll
2017-07-21 14:26 . 2017-08-09 04:34 518144 ----a-w- c:\windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-09 04:34 290816 ----a-w- c:\windows\SysWow64\msjtes40.dll
2017-07-21 14:26 . 2017-08-09 04:34 409600 ----a-w- c:\windows\SysWow64\msexch40.dll
2017-07-14 15:29 . 2017-08-09 04:34 486400 ----a-w- c:\windows\system32\wer.dll
2017-07-14 15:29 . 2017-08-09 04:34 34304 ----a-w- c:\windows\system32\werdiagcontroller.dll
2017-07-14 15:29 . 2017-08-09 04:34 2319872 ----a-w- c:\windows\system32\tquery.dll
2017-07-14 15:29 . 2017-08-09 04:34 2058240 ----a-w- c:\windows\system32\Query.dll
2017-07-14 15:29 . 2017-08-09 04:34 2222080 ----a-w- c:\windows\system32\mssrch.dll
2017-07-14 15:29 . 2017-08-09 04:34 778240 ----a-w- c:\windows\system32\mssvp.dll
2017-07-14 15:29 . 2017-08-09 04:34 491520 ----a-w- c:\windows\system32\mssph.dll
2017-07-14 15:29 . 2017-08-09 04:34 99840 ----a-w- c:\windows\system32\mssprxy.dll
2017-07-14 15:29 . 2017-08-09 04:34 288256 ----a-w- c:\windows\system32\mssphtb.dll
2017-07-14 15:29 . 2017-08-09 04:34 115200 ----a-w- c:\windows\system32\mssitlb.dll
2017-07-14 15:29 . 2017-08-09 04:34 75264 ----a-w- c:\windows\system32\msscntrs.dll
2017-07-14 15:29 . 2017-08-09 04:34 14336 ----a-w- c:\windows\system32\msshooks.dll
2017-07-14 15:12 . 2017-08-09 04:34 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-07-14 15:12 . 2017-08-09 04:34 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-07-14 15:11 . 2017-08-09 04:34 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-07-14 15:10 . 2017-08-09 04:34 382976 ----a-w- c:\windows\SysWow64\wer.dll
2017-07-14 15:10 . 2017-08-09 04:34 1549824 ----a-w- c:\windows\SysWow64\tquery.dll
2017-07-14 15:10 . 2017-08-09 04:34 1363968 ----a-w- c:\windows\SysWow64\Query.dll
2017-07-14 15:10 . 2017-08-09 04:34 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll
2017-07-14 15:10 . 2017-08-09 04:34 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2017-07-14 15:10 . 2017-08-09 04:34 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2017-07-14 15:10 . 2017-08-09 04:34 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2017-07-14 15:10 . 2017-08-09 04:34 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll
2017-07-14 15:10 . 2017-08-09 04:34 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2017-07-14 15:10 . 2017-08-09 04:34 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll
2017-07-14 15:00 . 2017-08-09 04:34 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00 . 2017-08-09 04:34 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59 . 2017-08-09 04:34 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59 . 2017-08-09 04:34 9728 ----a-w- c:\windows\SysWow64\msshooks.dll
2017-07-14 14:57 . 2017-08-09 04:34 50688 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-09 04:34 54272 ----a-w- c:\windows\SysWow64\wermgr.exe
2017-07-14 14:50 . 2017-08-09 04:34 28672 ----a-w- c:\windows\SysWow64\werdiagcontroller.dll
2017-07-08 15:34 . 2017-08-09 04:34 370920 ----a-w- c:\windows\system32\clfs.sys
2017-07-07 15:33 . 2017-08-09 04:34 363752 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2017-07-07 15:29 . 2017-08-09 04:34 149504 ----a-w- c:\windows\system32\t2embed.dll
2017-07-07 15:11 . 2017-08-09 04:34 109568 ----a-w- c:\windows\SysWow64\t2embed.dll
2017-07-06 04:56 . 2017-07-11 22:11 119296 ----a-w- c:\windows\system32\drivers\bthpan.sys
2017-07-01 13:05 . 2017-08-09 04:34 616448 ----a-w- c:\windows\SysWow64\msrepl40.dll
2017-07-01 13:05 . 2017-08-09 04:34 343552 ----a-w- c:\windows\SysWow64\msrd3x40.dll
2017-07-01 13:05 . 2017-08-09 04:34 310272 ----a-w- c:\windows\SysWow64\msrd2x40.dll
2017-07-01 13:05 . 2017-08-09 04:34 475648 ----a-w- c:\windows\SysWow64\msxbde40.dll
2017-07-01 13:05 . 2017-08-09 04:34 375808 ----a-w- c:\windows\SysWow64\mspbde40.dll
2017-07-01 13:05 . 2017-08-09 04:34 339968 ----a-w- c:\windows\SysWow64\msexcl40.dll
2017-07-01 13:05 . 2017-08-09 04:34 240640 ----a-w- c:\windows\SysWow64\msltus40.dll
2017-07-01 13:05 . 2017-08-09 04:34 1311744 ----a-w- c:\windows\SysWow64\msjet40.dll
2017-07-01 13:05 . 2017-08-09 04:34 866816 ----a-w- c:\windows\SysWow64\mswdat10.dll
2017-07-01 13:05 . 2017-08-09 04:34 83968 ----a-w- c:\windows\SysWow64\msjter40.dll
2017-07-01 13:05 . 2017-08-09 04:34 641536 ----a-w- c:\windows\SysWow64\mswstr10.dll
2017-07-01 13:05 . 2017-08-09 04:34 144896 ----a-w- c:\windows\SysWow64\msjint40.dll
2017-06-15 20:23 . 2017-07-11 22:11 753664 ----a-w- c:\windows\system32\drivers\http.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-08-19 8455960]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"OneDrive"="c:\users\Alča\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2017-09-07 1674960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-10-16 291608]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMFARFLT
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-09-09 10:29 1429848 ----a-w- c:\program files (x86)\Google\Chrome\Application\60.0.3112.113\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12 15:08]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0cd64368279b8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d10d8bef525f65.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d12f91b8bbf48.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d8810347730.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ab0b875d2831.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2015-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d00113e651262.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0ec62ea68887f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d10d8bf04bfa2d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d88122292cc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-08-19 5617432]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2016-10-12 173672]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2016-10-12 401512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2016-10-12 444008]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.80.70.2 212.80.66.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-09-13 21:03:15
ComboFix-quarantined-files.txt 2017-09-13 19:03
.
Před spuštěním: Volných bajtů: 164 929 150 976
Po spuštění: Volných bajtů: 164 761 964 544
.
- - End Of File - - 07A97A4856869701BF1129894747677E
A36C5E4F47E84449FF07ED3517B43A31
MB MSI B250M Gaming Pro, CPU Intel Core i5-7500 3,4 GHz, RAM Kingstone 2x4GB 2133MHz, VGA MSI GeForce GTX 1050 Ti, SSD 120 GB, HDD 1 TB 7200 ot., Chladič CPU COOLER SilentiumPC Spartan 3 Pro, Zdroj Corsair VS650, CASE AeroCool V3X

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37096
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod jaro3 » 14 zář 2017 09:30

AV: Malwarebytes --- trvale vypni všechny štíty.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0cd64368279b8.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d10d8bef525f65.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d12f91b8bbf48.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d8810347730.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ab0b875d2831.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1d00113e651262.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0ec62ea68887f.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1d10d8bf04bfa2d.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d88122292cc.job

Folder::
c:\program files (x86)\Google\Update

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uhernaut
Level 1
Level 1
Příspěvky: 89
Registrován: říjen 15
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod Uhernaut » 15 zář 2017 20:16

ComboFix 17-09-01.01 - Alča 15.09.2017 15:28:11.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1932.981 [GMT 2:00]
Spuštěný z: c:\users\AlŔa\Desktop\Novß slo×ka (2)\ComboFix.exe
Použité ovládací přepínače :: c:\users\AlŔa\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-08-15 do 2017-09-15 )))))))))))))))))))))))))))))))
.
.
2017-09-15 14:27 . 2017-09-15 14:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2017-09-15 14:27 . 2017-09-15 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-09-13 13:47 . 2017-09-13 13:47 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-09-13 13:47 . 2017-09-13 13:47 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-09-13 13:47 . 2017-09-13 13:48 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-09-13 13:47 . 2017-09-13 13:47 -------- d-----w- c:\users\Alča\AppData\Local\Zemana
2017-09-13 13:19 . 2017-09-13 13:19 -------- d-----w- C:\OneDriveTemp
2017-09-12 20:46 . 2017-09-12 20:07 24064 ----a-w- c:\windows\zoek-delete.exe
2017-09-12 20:45 . 2017-09-15 14:27 -------- d-----w- c:\users\Alča\AppData\Local\Temp
2017-09-12 20:41 . 2017-08-13 18:58 25730560 ----a-w- c:\windows\system32\mshtml.dll
2017-09-12 20:41 . 2017-08-15 14:06 15260160 ----a-w- c:\windows\system32\ieframe.dll
2017-09-12 20:41 . 2017-08-13 16:51 5981696 ----a-w- c:\windows\system32\jscript9.dll
2017-09-12 20:41 . 2017-08-13 15:48 4547072 ----a-w- c:\windows\SysWow64\jscript9.dll
2017-09-12 20:41 . 2017-08-13 15:40 3241472 ----a-w- c:\windows\system32\wininet.dll
2017-09-12 20:41 . 2017-08-13 15:17 2767872 ----a-w- c:\windows\SysWow64\wininet.dll
2017-09-12 20:41 . 2017-08-13 17:04 2899968 ----a-w- c:\windows\system32\iertutil.dll
2017-09-09 13:29 . 2017-09-10 17:17 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-09-09 13:29 . 2017-09-09 13:57 -------- d-----w- c:\programdata\RogueKiller
2017-09-09 13:28 . 2017-09-09 13:29 -------- d-----w- c:\program files\RogueKiller
2017-09-08 08:59 . 2017-09-14 04:10 192960 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-09-08 08:58 . 2017-09-15 12:06 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-09-08 08:58 . 2017-09-14 04:10 45472 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-09-08 08:57 . 2017-09-14 04:10 253888 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-09-08 08:56 . 2017-08-24 09:27 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-09-08 08:55 . 2017-09-08 08:55 -------- d-----w- c:\programdata\Malwarebytes
2017-09-08 08:55 . 2017-09-08 08:55 -------- d-----w- c:\program files\Malwarebytes
2017-09-08 08:41 . 2017-09-09 12:32 -------- d-----w- C:\AdwCleaner
2017-09-08 08:19 . 2017-09-08 08:19 -------- d-----w- c:\users\Alča\AppData\Local\Adobe
2017-09-07 20:04 . 2017-09-07 20:05 -------- d-----w- C:\cbc24c6807830c9c66e3d79e
2017-09-07 18:26 . 2017-09-07 18:28 -------- d-----w- C:\027043649d5d086311db8f
2017-09-05 19:03 . 2017-09-05 19:03 17407232 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2017-09-01 19:01 . 2017-09-01 19:01 -------- d-----w- c:\users\Alča\AppData\Roaming\Google
2017-08-24 04:25 . 2017-08-24 04:25 1591008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-13 14:13 . 2014-07-16 21:59 138202976 -c--a-w- c:\windows\system32\MRT.exe
2017-08-11 06:35 . 2017-09-12 20:40 345600 ----a-w- c:\windows\system32\schannel.dll
2017-08-11 06:35 . 2017-09-12 20:40 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-08-11 06:19 . 2017-09-12 20:40 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-08-11 06:19 . 2017-09-12 20:40 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-08-11 06:19 . 2017-09-12 20:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-07-29 14:56 . 2017-08-09 04:34 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-08-09 04:34 282624 ----a-w- c:\windows\SysWow64\mstext40.dll
2017-07-21 14:26 . 2017-08-09 04:34 518144 ----a-w- c:\windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-09 04:34 290816 ----a-w- c:\windows\SysWow64\msjtes40.dll
2017-07-21 14:26 . 2017-08-09 04:34 409600 ----a-w- c:\windows\SysWow64\msexch40.dll
2017-07-14 15:29 . 2017-08-09 04:34 486400 ----a-w- c:\windows\system32\wer.dll
2017-07-14 15:29 . 2017-08-09 04:34 34304 ----a-w- c:\windows\system32\werdiagcontroller.dll
2017-07-14 15:29 . 2017-08-09 04:34 2319872 ----a-w- c:\windows\system32\tquery.dll
2017-07-14 15:29 . 2017-08-09 04:34 2058240 ----a-w- c:\windows\system32\Query.dll
2017-07-14 15:29 . 2017-08-09 04:34 2222080 ----a-w- c:\windows\system32\mssrch.dll
2017-07-14 15:29 . 2017-08-09 04:34 778240 ----a-w- c:\windows\system32\mssvp.dll
2017-07-14 15:29 . 2017-08-09 04:34 491520 ----a-w- c:\windows\system32\mssph.dll
2017-07-14 15:29 . 2017-08-09 04:34 99840 ----a-w- c:\windows\system32\mssprxy.dll
2017-07-14 15:29 . 2017-08-09 04:34 288256 ----a-w- c:\windows\system32\mssphtb.dll
2017-07-14 15:29 . 2017-08-09 04:34 115200 ----a-w- c:\windows\system32\mssitlb.dll
2017-07-14 15:29 . 2017-08-09 04:34 75264 ----a-w- c:\windows\system32\msscntrs.dll
2017-07-14 15:29 . 2017-08-09 04:34 14336 ----a-w- c:\windows\system32\msshooks.dll
2017-07-14 15:12 . 2017-08-09 04:34 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-07-14 15:12 . 2017-08-09 04:34 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-07-14 15:11 . 2017-08-09 04:34 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-07-14 15:10 . 2017-08-09 04:34 382976 ----a-w- c:\windows\SysWow64\wer.dll
2017-07-14 15:10 . 2017-08-09 04:34 1549824 ----a-w- c:\windows\SysWow64\tquery.dll
2017-07-14 15:10 . 2017-08-09 04:34 1363968 ----a-w- c:\windows\SysWow64\Query.dll
2017-07-14 15:10 . 2017-08-09 04:34 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll
2017-07-14 15:10 . 2017-08-09 04:34 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2017-07-14 15:10 . 2017-08-09 04:34 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2017-07-14 15:10 . 2017-08-09 04:34 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2017-07-14 15:10 . 2017-08-09 04:34 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll
2017-07-14 15:10 . 2017-08-09 04:34 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2017-07-14 15:10 . 2017-08-09 04:34 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll
2017-07-14 15:00 . 2017-08-09 04:34 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00 . 2017-08-09 04:34 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59 . 2017-08-09 04:34 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59 . 2017-08-09 04:34 9728 ----a-w- c:\windows\SysWow64\msshooks.dll
2017-07-14 14:57 . 2017-08-09 04:34 50688 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-09 04:34 54272 ----a-w- c:\windows\SysWow64\wermgr.exe
2017-07-14 14:50 . 2017-08-09 04:34 28672 ----a-w- c:\windows\SysWow64\werdiagcontroller.dll
2017-07-08 15:34 . 2017-08-09 04:34 370920 ----a-w- c:\windows\system32\clfs.sys
2017-07-07 15:33 . 2017-08-09 04:34 363752 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2017-07-07 15:29 . 2017-08-09 04:34 149504 ----a-w- c:\windows\system32\t2embed.dll
2017-07-07 15:11 . 2017-08-09 04:34 109568 ----a-w- c:\windows\SysWow64\t2embed.dll
2017-07-06 04:56 . 2017-07-11 22:11 119296 ----a-w- c:\windows\system32\drivers\bthpan.sys
2017-07-01 13:05 . 2017-08-09 04:34 616448 ----a-w- c:\windows\SysWow64\msrepl40.dll
2017-07-01 13:05 . 2017-08-09 04:34 343552 ----a-w- c:\windows\SysWow64\msrd3x40.dll
2017-07-01 13:05 . 2017-08-09 04:34 310272 ----a-w- c:\windows\SysWow64\msrd2x40.dll
2017-07-01 13:05 . 2017-08-09 04:34 475648 ----a-w- c:\windows\SysWow64\msxbde40.dll
2017-07-01 13:05 . 2017-08-09 04:34 375808 ----a-w- c:\windows\SysWow64\mspbde40.dll
2017-07-01 13:05 . 2017-08-09 04:34 339968 ----a-w- c:\windows\SysWow64\msexcl40.dll
2017-07-01 13:05 . 2017-08-09 04:34 240640 ----a-w- c:\windows\SysWow64\msltus40.dll
2017-07-01 13:05 . 2017-08-09 04:34 1311744 ----a-w- c:\windows\SysWow64\msjet40.dll
2017-07-01 13:05 . 2017-08-09 04:34 866816 ----a-w- c:\windows\SysWow64\mswdat10.dll
2017-07-01 13:05 . 2017-08-09 04:34 83968 ----a-w- c:\windows\SysWow64\msjter40.dll
2017-07-01 13:05 . 2017-08-09 04:34 641536 ----a-w- c:\windows\SysWow64\mswstr10.dll
2017-07-01 13:05 . 2017-08-09 04:34 144896 ----a-w- c:\windows\SysWow64\msjint40.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-08-19 8455960]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"OneDrive"="c:\users\Alča\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2017-09-07 1674960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-10-16 291608]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - WS2IFSL
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-09-09 10:29 1429848 ----a-w- c:\program files (x86)\Google\Chrome\Application\60.0.3112.113\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12 15:08]
.
2017-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0cd64368279b8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d10d8bef525f65.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d12f91b8bbf48.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d8810347730.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ab0b875d2831.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2015-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d00113e651262.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0ec62ea68887f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d10d8bf04bfa2d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d88122292cc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-08-19 5617432]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2016-10-12 173672]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2016-10-12 401512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2016-10-12 444008]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.80.70.2 212.80.66.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-09-15 16:31:11
ComboFix-quarantined-files.txt 2017-09-15 14:31
ComboFix2.txt 2017-09-13 19:03
.
Před spuštěním: Volných bajtů: 162 731 327 488
Po spuštění: Volných bajtů: 165 775 060 992
.
- - End Of File - - EFBF8E07FAD476DF0FC394B4D550589A
A36C5E4F47E84449FF07ED3517B43A31
MB MSI B250M Gaming Pro, CPU Intel Core i5-7500 3,4 GHz, RAM Kingstone 2x4GB 2133MHz, VGA MSI GeForce GTX 1050 Ti, SSD 120 GB, HDD 1 TB 7200 ot., Chladič CPU COOLER SilentiumPC Spartan 3 Pro, Zdroj Corsair VS650, CASE AeroCool V3X

Uhernaut
Level 1
Level 1
Příspěvky: 89
Registrován: říjen 15
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod Uhernaut » 15 zář 2017 20:16

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-09-15 20:13:23
-----------------------------
20:13:23.805 OS Version: Windows x64 6.1.7601 Service Pack 1
20:13:23.805 Number of processors: 2 586 0x2A07
20:13:23.805 ComputerName: ALČA-PC UserName: Alča
20:13:24.990 Initialize success
20:13:25.053 VM: initialized successfully
20:13:25.053 VM: Intel CPU supported
20:13:32.358 VM: supported disk I/O ataport.SYS
20:13:37.920 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:13:37.935 Disk 0 Vendor: ST320LM001_HN-M320MBB 2AR10001 Size: 305245MB BusType: 11
20:13:38.388 VM: Disk 0 MBR read successfully
20:13:38.403 Disk 0 MBR scan
20:13:38.403 Disk 0 Windows 7 default MBR code
20:13:38.419 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:13:38.434 Disk 0 Boot: NTFS code=1
20:13:38.450 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
20:13:38.497 Disk 0 scanning C:\Windows\system32\drivers
20:14:06.998 Service scanning
20:14:50.054 Modules scanning
20:14:50.569 Disk 0 trace - called modules:
20:14:50.585 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:14:50.585 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80040c8060]
20:14:50.600 3 CLASSPNP.SYS[fffff8800190343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003b6f3b0]
20:14:50.600 Disk 0 statistics 104875/0/18 @ 2,12 MB/s
20:14:50.600 Scan finished successfully
20:15:04.687 Disk 0 MBR has been saved successfully to "C:\Users\Alča\Desktop\MBR.dat"
20:15:04.703 The log file has been saved successfully to "C:\Users\Alča\Desktop\aswMBR.txt"
MB MSI B250M Gaming Pro, CPU Intel Core i5-7500 3,4 GHz, RAM Kingstone 2x4GB 2133MHz, VGA MSI GeForce GTX 1050 Ti, SSD 120 GB, HDD 1 TB 7200 ot., Chladič CPU COOLER SilentiumPC Spartan 3 Pro, Zdroj Corsair VS650, CASE AeroCool V3X

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37096
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod jaro3 » 15 zář 2017 20:48

AV: Malwarebytes --- trvale vypni všechny štíty.

Script v combofixu udělej znovu v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uhernaut
Level 1
Level 1
Příspěvky: 89
Registrován: říjen 15
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod Uhernaut » 18 zář 2017 10:06

ComboFix 17-09-01.01 - Alča 18.09.2017 9:39.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1932.712 [GMT 2:00]
Spuštěný z: c:\users\AlŔa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AlŔa\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-08-18 do 2017-09-18 )))))))))))))))))))))))))))))))
.
.
2017-09-18 07:46 . 2017-09-18 07:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
2017-09-18 07:46 . 2017-09-18 07:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-09-13 13:47 . 2017-09-13 13:47 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-09-13 13:47 . 2017-09-13 13:47 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-09-13 13:47 . 2017-09-13 13:48 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-09-13 13:47 . 2017-09-13 13:47 -------- d-----w- c:\users\Alča\AppData\Local\Zemana
2017-09-12 20:46 . 2017-09-12 20:07 24064 ----a-w- c:\windows\zoek-delete.exe
2017-09-12 20:45 . 2017-09-18 07:46 -------- d-----w- c:\users\Alča\AppData\Local\Temp
2017-09-12 20:41 . 2017-08-13 18:58 25730560 ----a-w- c:\windows\system32\mshtml.dll
2017-09-12 20:41 . 2017-08-15 14:06 15260160 ----a-w- c:\windows\system32\ieframe.dll
2017-09-12 20:41 . 2017-08-13 16:51 5981696 ----a-w- c:\windows\system32\jscript9.dll
2017-09-12 20:41 . 2017-08-13 15:48 4547072 ----a-w- c:\windows\SysWow64\jscript9.dll
2017-09-12 20:41 . 2017-08-13 15:40 3241472 ----a-w- c:\windows\system32\wininet.dll
2017-09-12 20:41 . 2017-08-13 15:17 2767872 ----a-w- c:\windows\SysWow64\wininet.dll
2017-09-12 20:41 . 2017-08-13 17:04 2899968 ----a-w- c:\windows\system32\iertutil.dll
2017-09-09 13:29 . 2017-09-10 17:17 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-09-09 13:29 . 2017-09-09 13:57 -------- d-----w- c:\programdata\RogueKiller
2017-09-09 13:28 . 2017-09-09 13:29 -------- d-----w- c:\program files\RogueKiller
2017-09-08 08:59 . 2017-09-18 07:30 192960 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-09-08 08:58 . 2017-09-18 07:26 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-09-08 08:58 . 2017-09-18 07:34 45472 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-09-08 08:57 . 2017-09-18 07:34 253888 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-09-08 08:56 . 2017-08-24 09:27 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-09-08 08:55 . 2017-09-08 08:55 -------- d-----w- c:\programdata\Malwarebytes
2017-09-08 08:55 . 2017-09-08 08:55 -------- d-----w- c:\program files\Malwarebytes
2017-09-08 08:41 . 2017-09-09 12:32 -------- d-----w- C:\AdwCleaner
2017-09-08 08:19 . 2017-09-08 08:19 -------- d-----w- c:\users\Alča\AppData\Local\Adobe
2017-09-07 20:04 . 2017-09-07 20:05 -------- d-----w- C:\cbc24c6807830c9c66e3d79e
2017-09-07 18:26 . 2017-09-07 18:28 -------- d-----w- C:\027043649d5d086311db8f
2017-09-05 19:03 . 2017-09-05 19:03 17407232 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2017-09-01 19:01 . 2017-09-01 19:01 -------- d-----w- c:\users\Alča\AppData\Roaming\Google
2017-08-24 04:25 . 2017-08-24 04:25 1591008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-13 14:13 . 2014-07-16 21:59 138202976 -c--a-w- c:\windows\system32\MRT.exe
2017-08-11 06:35 . 2017-09-12 20:40 345600 ----a-w- c:\windows\system32\schannel.dll
2017-08-11 06:35 . 2017-09-12 20:40 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-08-11 06:19 . 2017-09-12 20:40 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-08-11 06:19 . 2017-09-12 20:40 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-08-11 06:19 . 2017-09-12 20:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-07-29 14:56 . 2017-08-09 04:34 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-08-09 04:34 282624 ----a-w- c:\windows\SysWow64\mstext40.dll
2017-07-21 14:26 . 2017-08-09 04:34 518144 ----a-w- c:\windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-09 04:34 290816 ----a-w- c:\windows\SysWow64\msjtes40.dll
2017-07-21 14:26 . 2017-08-09 04:34 409600 ----a-w- c:\windows\SysWow64\msexch40.dll
2017-07-14 15:29 . 2017-08-09 04:34 486400 ----a-w- c:\windows\system32\wer.dll
2017-07-14 15:29 . 2017-08-09 04:34 34304 ----a-w- c:\windows\system32\werdiagcontroller.dll
2017-07-14 15:29 . 2017-08-09 04:34 2319872 ----a-w- c:\windows\system32\tquery.dll
2017-07-14 15:29 . 2017-08-09 04:34 2058240 ----a-w- c:\windows\system32\Query.dll
2017-07-14 15:29 . 2017-08-09 04:34 2222080 ----a-w- c:\windows\system32\mssrch.dll
2017-07-14 15:29 . 2017-08-09 04:34 778240 ----a-w- c:\windows\system32\mssvp.dll
2017-07-14 15:29 . 2017-08-09 04:34 491520 ----a-w- c:\windows\system32\mssph.dll
2017-07-14 15:29 . 2017-08-09 04:34 99840 ----a-w- c:\windows\system32\mssprxy.dll
2017-07-14 15:29 . 2017-08-09 04:34 288256 ----a-w- c:\windows\system32\mssphtb.dll
2017-07-14 15:29 . 2017-08-09 04:34 115200 ----a-w- c:\windows\system32\mssitlb.dll
2017-07-14 15:29 . 2017-08-09 04:34 75264 ----a-w- c:\windows\system32\msscntrs.dll
2017-07-14 15:29 . 2017-08-09 04:34 14336 ----a-w- c:\windows\system32\msshooks.dll
2017-07-14 15:12 . 2017-08-09 04:34 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-07-14 15:12 . 2017-08-09 04:34 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-07-14 15:11 . 2017-08-09 04:34 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-07-14 15:10 . 2017-08-09 04:34 382976 ----a-w- c:\windows\SysWow64\wer.dll
2017-07-14 15:10 . 2017-08-09 04:34 1549824 ----a-w- c:\windows\SysWow64\tquery.dll
2017-07-14 15:10 . 2017-08-09 04:34 1363968 ----a-w- c:\windows\SysWow64\Query.dll
2017-07-14 15:10 . 2017-08-09 04:34 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll
2017-07-14 15:10 . 2017-08-09 04:34 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2017-07-14 15:10 . 2017-08-09 04:34 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2017-07-14 15:10 . 2017-08-09 04:34 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2017-07-14 15:10 . 2017-08-09 04:34 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll
2017-07-14 15:10 . 2017-08-09 04:34 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2017-07-14 15:10 . 2017-08-09 04:34 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll
2017-07-14 15:00 . 2017-08-09 04:34 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00 . 2017-08-09 04:34 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59 . 2017-08-09 04:34 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59 . 2017-08-09 04:34 9728 ----a-w- c:\windows\SysWow64\msshooks.dll
2017-07-14 14:57 . 2017-08-09 04:34 50688 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-09 04:34 54272 ----a-w- c:\windows\SysWow64\wermgr.exe
2017-07-14 14:50 . 2017-08-09 04:34 28672 ----a-w- c:\windows\SysWow64\werdiagcontroller.dll
2017-07-08 15:34 . 2017-08-09 04:34 370920 ----a-w- c:\windows\system32\clfs.sys
2017-07-07 15:33 . 2017-08-09 04:34 363752 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2017-07-07 15:29 . 2017-08-09 04:34 149504 ----a-w- c:\windows\system32\t2embed.dll
2017-07-07 15:11 . 2017-08-09 04:34 109568 ----a-w- c:\windows\SysWow64\t2embed.dll
2017-07-06 04:56 . 2017-07-11 22:11 119296 ----a-w- c:\windows\system32\drivers\bthpan.sys
2017-07-01 13:05 . 2017-08-09 04:34 616448 ----a-w- c:\windows\SysWow64\msrepl40.dll
2017-07-01 13:05 . 2017-08-09 04:34 343552 ----a-w- c:\windows\SysWow64\msrd3x40.dll
2017-07-01 13:05 . 2017-08-09 04:34 310272 ----a-w- c:\windows\SysWow64\msrd2x40.dll
2017-07-01 13:05 . 2017-08-09 04:34 475648 ----a-w- c:\windows\SysWow64\msxbde40.dll
2017-07-01 13:05 . 2017-08-09 04:34 375808 ----a-w- c:\windows\SysWow64\mspbde40.dll
2017-07-01 13:05 . 2017-08-09 04:34 339968 ----a-w- c:\windows\SysWow64\msexcl40.dll
2017-07-01 13:05 . 2017-08-09 04:34 240640 ----a-w- c:\windows\SysWow64\msltus40.dll
2017-07-01 13:05 . 2017-08-09 04:34 1311744 ----a-w- c:\windows\SysWow64\msjet40.dll
2017-07-01 13:05 . 2017-08-09 04:34 866816 ----a-w- c:\windows\SysWow64\mswdat10.dll
2017-07-01 13:05 . 2017-08-09 04:34 83968 ----a-w- c:\windows\SysWow64\msjter40.dll
2017-07-01 13:05 . 2017-08-09 04:34 641536 ----a-w- c:\windows\SysWow64\mswstr10.dll
2017-07-01 13:05 . 2017-08-09 04:34 144896 ----a-w- c:\windows\SysWow64\msjint40.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2017-09-07 17:53 2586832 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-08-19 8455960]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"OneDrive"="c:\users\Alča\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2017-09-07 1674960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-10-16 291608]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
R2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-09-09 10:29 1429848 ----a-w- c:\program files (x86)\Google\Chrome\Application\60.0.3112.113\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12 15:08]
.
2017-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0cd64368279b8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d10d8bef525f65.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d12f91b8bbf48.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d8810347730.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ab0b875d2831.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2015-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d00113e651262.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0ec62ea68887f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d10d8bf04bfa2d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
2017-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d88122292cc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 07:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2017-09-07 17:54 2840272 ----a-w- c:\users\Alča\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-08-19 5617432]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2016-10-12 173672]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2016-10-12 401512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2016-10-12 444008]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.80.70.2 212.80.66.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MBAMChameleon
SafeBoot-MBAMSwissArmy
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_162.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-09-18 09:52:34
ComboFix-quarantined-files.txt 2017-09-18 07:52
ComboFix2.txt 2017-09-15 14:31
ComboFix3.txt 2017-09-13 19:03
.
Před spuštěním: Volných bajtů: 163 810 406 400
Po spuštění: Volných bajtů: 163 673 456 640
.
- - End Of File - - F376AEAB991B4D106D9E98B0D5B4A813
A36C5E4F47E84449FF07ED3517B43A31
MB MSI B250M Gaming Pro, CPU Intel Core i5-7500 3,4 GHz, RAM Kingstone 2x4GB 2133MHz, VGA MSI GeForce GTX 1050 Ti, SSD 120 GB, HDD 1 TB 7200 ot., Chladič CPU COOLER SilentiumPC Spartan 3 Pro, Zdroj Corsair VS650, CASE AeroCool V3X

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37096
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod jaro3 » 18 zář 2017 19:55

AV: Malwarebytes --- trvale vypni všechny štíty.
AV: Malwarebytes *Enabled/Updated*
neudělal si..

Script v combofixu udělej znovu v nouz. režimu.
neudělal si..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uhernaut
Level 1
Level 1
Příspěvky: 89
Registrován: říjen 15
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod Uhernaut » 18 zář 2017 21:20

Malwarebytes jsem vypnul a v nouzovem režimu jsem script také udělal...
MB MSI B250M Gaming Pro, CPU Intel Core i5-7500 3,4 GHz, RAM Kingstone 2x4GB 2133MHz, VGA MSI GeForce GTX 1050 Ti, SSD 120 GB, HDD 1 TB 7200 ot., Chladič CPU COOLER SilentiumPC Spartan 3 Pro, Zdroj Corsair VS650, CASE AeroCool V3X

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37096
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kotrolu logu

Příspěvekod jaro3 » 18 zář 2017 22:01

Tak to combofix nemaže , antiviry hlásí , že jsou zapnuté.

Tak to necháme , je to jen balast.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 1 host