Prosím o kontrolu logu HJT Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

standacich
Level 3
Level 3
Příspěvky: 514
Registrován: říjen 12
Bydliště: Hustopeče
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod standacich » 02 říj 2018 20:05

PUP.Optional.BazzSearch, C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh\2.0.0_0\background.js, V karanténě, [224], [470343],1.0.7139
Generic.Malware/Suspicious, C:\USERS\HAčíS\APPDATA\LOCAL\UNI-STRONG.EXE, V karanténě, [0], [392686],1.0.7139
PUP.Optional.AdvancedSystemCare, C:\PROGRAMDATA\IOBIT\ASCDOWNLOADER\AV11\ASCSETUP.EXE, V karanténě, [3813], [396386],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\0KGYV2KFM2\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\0KGYV2KFM2\7QU3QDSQV.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\0KGYV2KFM2\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\3R53S2AMRL\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\3R53S2AMRL\1UHJQMPDG.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\3R53S2AMRL\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\AVX5YY56EF\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\AVX5YY56EF\4AECQ2VO9.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\AVX5YY56EF\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\DJ15TYZDVN\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\DJ15TYZDVN\BJ8E07T2D.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\DJ15TYZDVN\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\FKVC9TSTBV\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\FKVC9TSTBV\FKVC9TSTB.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\FKVC9TSTBV\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\L66VGE4VML\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\L66VGE4VML\LBLHTK4I4.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\L66VGE4VML\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\OWAZXJJBA0\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\OWAZXJJBA0\OWAZXJJBA.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\OWAZXJJBA0\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\SIGNBOMHWV\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\SIGNBOMHWV\EV6065NWT.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\SIGNBOMHWV\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\V9XL9ERRN9\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\V9XL9ERRN9\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\V9XL9ERRN9\V9XL9ERRN.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\XYT52RJAE1\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\XYT52RJAE1\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\XYT52RJAE1\XYT52RJAE.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Linkury.Generic, C:\USERS\HAčíS\APPDATA\LOCAL\CONFIG.XML, V karanténě, [3742], [404859],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\2F9SY3F7ZH\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\2F9SY3F7ZH\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\2F9SY3F7ZH\WH0SB6JBM.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\5FBUGBOERS\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\5FBUGBOERS\5FBUGBOER.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\5FBUGBOERS\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\C7O4WXO36J\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\C7O4WXO36J\C7O4WXO36.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\C7O4WXO36J\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\E9CW6J3WN8\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\E9CW6J3WN8\4NPQMIFXL.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\E9CW6J3WN8\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\J4VN5FF2HJ\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\J4VN5FF2HJ\J4VN5FF2H.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\J4VN5FF2HJ\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\M3ZUWCIMUI\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\M3ZUWCIMUI\3DVCKGSTG.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\M3ZUWCIMUI\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\Q7J95IBMBZ\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\Q7J95IBMBZ\Q7J95IBMB.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\Q7J95IBMBZ\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\U8BBGSJOKK\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\U8BBGSJOKK\E4CJE66AL.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\U8BBGSJOKK\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\WQJ422295T\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\WQJ422295T\R7RUQD5KF.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\WQJ422295T\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\07HOD1SXMU\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\07HOD1SXMU\07HOD1SXM.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\07HOD1SXMU\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\381PFGVE4O\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\381PFGVE4O\381PFGVE4.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\381PFGVE4O\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YBGEECP6W3\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\YBGEECP6W3\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\YBGEECP6W3\YBGEECP6W.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\62JCB056T6\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\62JCB056T6\62JCB056T.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\62JCB056T6\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\D67YA31PNM\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\D67YA31PNM\D67YA31PN.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\D67YA31PNM\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\FFA2GH0BLF\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\FFA2GH0BLF\FFA2GH0BL.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\FFA2GH0BLF\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\KJB1IH1TDI\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\KJB1IH1TDI\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\KJB1IH1TDI\WH0SB6JBM.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\MD3QVWRBY7\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\MD3QVWRBY7\7QU3QDSQV.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\MD3QVWRBY7\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\QXLTZ94PRE\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\QXLTZ94PRE\QXLTZ94PR.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\QXLTZ94PRE\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\UAN8886QZT\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\UAN8886QZT\LBLHTK4I4.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\UAN8886QZT\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\WUW4ST7PGU\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\WUW4ST7PGU\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\WUW4ST7PGU\WUW4ST7PG.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YS07W6DPYF\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\YS07W6DPYF\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\YS07W6DPYF\YS07W6DPY.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\0FKE11MGDC\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\0FKE11MGDC\0FKE11MGD.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\0FKE11MGDC\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\3IYWN455V5\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\3IYWN455V5\3IYWN455V.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\3IYWN455V5\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\A8NY9QU47B\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\A8NY9QU47B\LW0MOZUUO.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\A8NY9QU47B\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\D9M89IOTK1\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\D9M89IOTK1\455VHOMX8.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\D9M89IOTK1\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\FKUVLP5PEG\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\FKUVLP5PEG\BJ8E07T2D.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\FKUVLP5PEG\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\KZHY6LA5AM\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\KZHY6LA5AM\OJ61MQEBX.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\KZHY6LA5AM\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\OQCODIQ1ZE\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\OQCODIQ1ZE\OQCODIQ1Z.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\OQCODIQ1ZE\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\RYCUU6Y6T9\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\RYCUU6Y6T9\RYCUU6Y6T.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\RYCUU6Y6T9\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\V719L8BZRI\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\V719L8BZRI\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\V719L8BZRI\V719L8BZR.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\XW94WI31P4\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\XW94WI31P4\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\XW94WI31P4\XW94WI31P.exe.config, V karanténě, [3706], [537395],1.0.7139
Generic.Malware/Suspicious, C:\USERS\HAčíS\APPDATA\LOCAL\BIOZENFAX.EXE, V karanténě, [0], [392686],1.0.7139
Adware.Neoreklami, C:\WINDOWS\SYSTEM32\TASKS\vsqrvYZkOOVdGo, V karanténě, [996], [569762],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\0CIFK5MLXI\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\0CIFK5MLXI\0CIFK5MLX.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\0CIFK5MLXI\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\3DVCKGSTG3\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\3DVCKGSTG3\AGJYKKOCA.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\3DVCKGSTG3\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\6EGTAV7XLE\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\6EGTAV7XLE\6EGTAV7XL.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\6EGTAV7XLE\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\D8G6CYSFYQ\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\D8G6CYSFYQ\D8G6CYSFY.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\D8G6CYSFYQ\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\FILBB4ET43\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\FILBB4ET43\9X2I384CZ.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\FILBB4ET43\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\KP4GDU2OHP\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\KP4GDU2OHP\KP4GDU2OH.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\KP4GDU2OHP\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\MW2GK8ELNH\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\MW2GK8ELNH\MW2GK8ELN.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\MW2GK8ELNH\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\RU4HJUVG4I\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\RU4HJUVG4I\KBJGEESFV.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\RU4HJUVG4I\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\UWHCJKHTO9\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\UWHCJKHTO9\7LORRJNUO.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\UWHCJKHTO9\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\XQRAUDNZ48\CAST.CONFIG, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\XQRAUDNZ48\uninstaller.exe.config, V karanténě, [3706], [537395],1.0.7139
Adware.Tuto4PC.Generic, C:\Program Files\XQRAUDNZ48\XQRAUDNZ4.exe.config, V karanténě, [3706], [537395],1.0.7139
Trojan.MalPack.VAK, C:\WINDOWS\SYSWOW64\WSFHYQUP\XJKEZVWT.EXE, V karanténě, [9890], [574533],1.0.7139
Adware.Neoreklami.Generic, C:\WINDOWS\SYSTEM32\TASKS\pQVZvbQbakOUK2, V karanténě, [10872], [526590],1.0.7139
Adware.Neoreklami, C:\WINDOWS\SYSTEM32\TASKS\DhLAWZsHfQsZBWkdQ2, V karanténě, [996], [569763],1.0.7139
Adware.Neoreklami, C:\WINDOWS\SYSTEM32\TASKS\hYPwlYRCmhawMCp2, V karanténě, [996], [569761],1.0.7139
Adware.Neoreklami, C:\WINDOWS\SYSTEM32\TASKS\qAYfjnTMJZeKjBNGsRT2, V karanténě, [996], [569760],1.0.7139
Adware.Tuto4PC, C:\USERS\HAčíS\APPDATA\ROAMING\25IKJ9G.EXE, V karanténě, [2782], [530248],1.0.7139
Trojan.Injector, C:\PROGRAMDATA\EDER.EXE, V karanténě, [626], [574393],1.0.7139
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\FORMATFACTORY\UNINST.EXE, V karanténě, [402], [387418],1.0.7139
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\FULL\6241765.EXE, V karanténě, [2782], [574556],1.0.7139
Adware.Linkury, C:\USERS\HAčíS\APPDATA\LOCAL\FINSING.BIN, V karanténě, [1121], [504848],1.0.7139
Generic.Malware/Suspicious, C:\USERS\HAčíS\APPDATA\LOCAL\TEMP\IS-5ADG2.TMP\L1OTEGGOPPN.TMP, V karanténě, [0], [392686],1.0.7139
Generic.Malware/Suspicious, C:\USERS\HAčíS\APPDATA\LOCAL\TEMP\IS-OJH4R.TMP\P2T2ZB2LRZW.TMP, V karanténě, [0], [392686],1.0.7139
Generic.Malware/Suspicious, C:\USERS\HAčíS\APPDATA\LOCAL\TEMP\IS-9J297.TMP\GZZS0GPGPEB.TMP, V karanténě, [0], [392686],1.0.7139
Generic.Malware/Suspicious, C:\USERS\HAčíS\APPDATA\LOCAL\TEMP\IS-8LL8S.TMP\SUXLXBN121I.TMP, V karanténě, [0], [392686],1.0.7139
Generic.Malware/Suspicious, C:\USERS\HAčíS\APPDATA\LOCAL\TEMP\IS-AEU9E.TMP\1CLSXOQHA1U.TMP, V karanténě, [0], [392686],1.0.7139

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Reklama
standacich
Level 3
Level 3
Příspěvky: 514
Registrován: říjen 12
Bydliště: Hustopeče
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod standacich » 02 říj 2018 20:06

RogueKiller V12.13.3.0 (x64) [Oct 1 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Ha?ís [Práva správce]
Started from : C:\Users\Ha?ís\Desktop\RogueKiller_portable64.exe
Mód : Prohledat -- Datum : 10/02/2018 19:40:19 (Duration : 00:17:18)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 2 ¤¤¤
[Adw.Optimizer] \2318eb85-8cd9-4be4-b23b-770dd6be44e0 -- "C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe" (--scan) -> Nalezeno
[Adw.Optimizer] \a9a8e7dc-ea7a-44b9-bfc5-667d578b9e8a -- "C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe" (-Notify) -> Nalezeno

¤¤¤ Soubory : 1 ¤¤¤
[PUP.OnlineIO][Složka] C:\Users\Ha?ís\AppData\Local\AdvinstAnalytics -> Nalezeno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.HomePage][Firefox:Config] liomqgv9.default-1524246403824 : user_pref("browser.startup.homepage", "file:///C:/ProgramData/Quoteexs/ff.HP"); -> Nalezeno
[PUM.NewTab][Firefox:Config] liomqgv9.default-1524246403824 : user_pref("browser.newtab.url", "file:///C:/ProgramData/Quoteexs/ff.NT"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EZRZ-00HTKB0 SATA Disk Device +++++
--- User ---
[MBR] ecfc4ff03b727fe7d4c19248d03c4b48
[BSP] 3b6b3762a2ce9af375fd35aade4ed1f5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 493767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1011441664 | Size: 160000 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1339121664 | Size: 299999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod jaro3 » 02 říj 2018 20:22

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.


Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe

klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

standacich
Level 3
Level 3
Příspěvky: 514
Registrován: říjen 12
Bydliště: Hustopeče
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod standacich » 02 říj 2018 22:07

RogueKiller V12.13.3.0 (x64) [Oct 1 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Ha?ís [Práva správce]
Started from : C:\Users\Ha?ís\Desktop\RogueKiller_portable64.exe
Mód : Smazat -- Datum : 10/02/2018 20:33:38 (Duration : 00:15:44)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 2 ¤¤¤
[Adw.Optimizer] \2318eb85-8cd9-4be4-b23b-770dd6be44e0 -- "C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe" (--scan) -> Smazáno
[Adw.Optimizer] \a9a8e7dc-ea7a-44b9-bfc5-667d578b9e8a -- "C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe" (-Notify) -> Smazáno

¤¤¤ Soubory : 1 ¤¤¤
[PUP.OnlineIO][Složka] C:\Users\Ha?ís\AppData\Local\AdvinstAnalytics -> Smazáno
[PUP.OnlineIO][Soubor] C:\Users\Ha?ís\AppData\Local\AdvinstAnalytics\57bec79515c1ec525f8858bf\2.7.0\tracking.ini -> Smazáno
[PUP.OnlineIO][Složka] C:\Users\Ha?ís\AppData\Local\AdvinstAnalytics\57bec79515c1ec525f8858bf\2.7.0 -> Smazáno
[PUP.OnlineIO][Složka] C:\Users\Ha?ís\AppData\Local\AdvinstAnalytics\57bec79515c1ec525f8858bf -> Smazáno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.HomePage][Firefox:Config] liomqgv9.default-1524246403824 : user_pref("browser.startup.homepage", "file:///C:/ProgramData/Quoteexs/ff.HP"); -> Nahrazeno (about:home)
[PUM.NewTab][Firefox:Config] liomqgv9.default-1524246403824 : user_pref("browser.newtab.url", "file:///C:/ProgramData/Quoteexs/ff.NT"); -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EZRZ-00HTKB0 SATA Disk Device +++++
--- User ---
[MBR] ecfc4ff03b727fe7d4c19248d03c4b48
[BSP] 3b6b3762a2ce9af375fd35aade4ed1f5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 493767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1011441664 | Size: 160000 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1339121664 | Size: 299999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

standacich
Level 3
Level 3
Příspěvky: 514
Registrován: říjen 12
Bydliště: Hustopeče
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod standacich » 02 říj 2018 22:08

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Haźˇs on Łt 02.10.2018 at 20:58:16,44.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HAS~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2.10.2018 21:00:26 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\DroidCam deleted successfully
C:\PROGRA~2\Outlast + DLC Whistleblower deleted successfully
C:\PROGRA~2\Wondershare deleted successfully
C:\PROGRA~2\COMMON~1\IObit deleted successfully
C:\PROGRA~2\COMMON~1\Wondershare deleted successfully
C:\Users\HAS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Haali Media Splitter deleted successfully
C:\PROGRA~3\Blogger deleted successfully
C:\PROGRA~3\GraphicsType deleted successfully
C:\PROGRA~3\{74E9F814-C737-42CC-B721-DBBC4059367A} deleted successfully
C:\Users\DTI~1\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2123216125-335965321-1693192355-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B548EFF-CE6F-4ADA-8F3A-2F321754CDAA} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4B548EFF-CE6F-4ADA-8F3A-2F321754CDAA} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\HAS~1\AppData\Roaming\Mozilla\Firefox\Profiles\liomqgv9.default-1524246403824\prefs.js:
user_pref("browser.startup.homepage", "about:home"about:home);

Added to C:\Users\HAS~1\AppData\Roaming\Mozilla\Firefox\Profiles\liomqgv9.default-1524246403824\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\HAS~1\AppData\Roaming\Mozilla\Firefox\Profiles\rk8u8k6q.default-1538247061974\prefs.js:

Added to C:\Users\HAS~1\AppData\Roaming\Mozilla\Firefox\Profiles\rk8u8k6q.default-1538247061974\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\HAS~1\AppData\Roaming\Mozilla\Firefox\Profiles\liomqgv9.default-1524246403824

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_02.10.2018_2115_.backup

ProfilePath: C:\Users\HAS~1\AppData\Roaming\Mozilla\Firefox\Profiles\rk8u8k6q.default-1538247061974

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"addSearchEng
---- FireFox user.js and prefs.js backups ----

prefs_02.10.2018_2115_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\DroidCam not found
C:\PROGRA~2\Outlast + DLC Whistleblower not found
C:\PROGRA~2\Wondershare not found
C:\PROGRA~3\{74E9F814-C737-42CC-B721-DBBC4059367A} not found
C:\Users\HAS~1\AppData\Local\Wondershare deleted
C:\PROGRA~2\Alawarhry.cz deleted
C:\found.000 deleted
C:\PROGRA~3\{7F40DE3E-8294-4E24-B2EA-80F6C6BB173C} deleted
C:\PROGRA~3\{D76294E6-03B8-4971-AF2E-3F846161A690} deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AVAST Software deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\HAS~1\AppData\Roaming\Mozilla\Firefox\Profiles\liomqgv9.default-1524246403824
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\HAS~1\AppData\Roaming\Mozilla\Firefox\Profiles\rk8u8k6q.default-1538247061974
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 69.0.3497.100

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Chrome Media Router - DTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{2B82B6F4-6B2E-4DF7-84E1-E7690F824A84} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454

==== Reset Google Chrome ======================

C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\DTI~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2690 folders=118 2056278499 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DTI~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\HAS~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Łt 02.10.2018 at 21:28:28,67 ======================

standacich
Level 3
Level 3
Příspěvky: 514
Registrován: říjen 12
Bydliště: Hustopeče
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod standacich » 02 říj 2018 22:08

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2018.10.2
Operating System : Windows 7 64-bit
Processor : 2X AMD A6-6400K APU with Radeon(tm) HD Graphics
BIOS Mode : Legacy
CUID : 12541AA23ADE9C946AD8F9
Scan Type : Skenování systému
Duration : 11m 20s
Scanned Objects : 104780
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer Shortcut
Status : Skenováno
Object : www.studiobacklot.tv/videostudioX10
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Internet Explorer Shortcut

pcsx2.exe
Status : Skenováno
Object : %userprofile%\downloads\pcsx2.ps2.emulator.1.1.0.r5366\pcsx2.exe
MD5 : B41AB642DE2FA6D855026354F75F3BC5
Publisher : -
Size : 6057472
Version : -
Detection : Heur.Malicious!Pd
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\pcsx2.ps2.emulator.1.1.0.r5366\pcsx2.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 2
Reported as safe : 0
Failed : 0

standacich
Level 3
Level 3
Příspěvky: 514
Registrován: říjen 12
Bydliště: Hustopeče
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod standacich » 02 říj 2018 22:09

ComboFix 18-08-08.01 - Hačís 02.10.2018 21:51:12.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3256.1833 [GMT 2:00]
Spuštěný z: c:\users\HaŔÝs\Desktop\ComboFix.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-09-02 do 2018-10-02 )))))))))))))))))))))))))))))))
.
.
2018-10-02 19:57 . 2018-10-02 19:57 -------- d-----w- c:\users\Děti\AppData\Local\temp
2018-10-02 19:57 . 2018-10-02 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-10-02 19:54 . 2018-10-02 19:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14FDBB55-D48E-4047-80F8-5EA53C4C20DF}\offreg.3952.dll
2018-10-02 19:31 . 2018-10-02 19:31 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2018-10-02 19:31 . 2018-10-02 19:31 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2018-10-02 19:31 . 2018-10-02 19:31 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2018-10-02 19:31 . 2018-10-02 19:31 -------- d-----w- c:\users\Hačís\AppData\Local\Zemana
2018-10-02 19:21 . 2014-02-13 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2018-10-02 19:21 . 2018-10-02 19:57 -------- d-----w- c:\users\Hačís\AppData\Local\Temp
2018-10-02 18:58 . 2018-10-02 19:17 -------- d-----w- C:\zoek_backup
2018-10-02 17:40 . 2018-10-02 18:33 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-10-02 17:39 . 2018-10-02 18:01 -------- d-----w- c:\programdata\RogueKiller
2018-10-02 16:06 . 2018-10-02 16:06 -------- d-----w- c:\program files (x86)\Sophos
2018-10-02 01:12 . 2018-09-24 21:29 14652992 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14FDBB55-D48E-4047-80F8-5EA53C4C20DF}\mpengine.dll
2018-09-30 16:19 . 2018-09-30 16:19 -------- d-----w- c:\programdata\Sophos
2018-09-30 16:07 . 2018-09-30 16:07 -------- d-----w- c:\users\Děti\AppData\Roaming\Adobe
2018-09-30 15:56 . 2018-09-30 15:56 -------- d-----w- c:\users\Děti\AppData\Local\mbamtray
2018-09-30 15:45 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\hh3jieg1ucx
2018-09-30 15:38 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\3ce2ya4p240
2018-09-30 15:30 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\eygcxagbo4f
2018-09-30 15:29 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\00b4hxfzx5c
2018-09-30 15:07 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\lmrrdroejzg
2018-09-30 12:16 . 2018-09-30 16:34 -------- d-----w- c:\users\Hačís\AppData\Roaming\r3qw1xbhgw3
2018-09-30 12:07 . 2018-09-30 16:34 -------- d-----w- c:\users\Hačís\AppData\Roaming\130b0b4ocqy
2018-09-30 12:01 . 2018-09-30 12:01 -------- d-----w- c:\programdata\WjIOjGvJCfODeXVB
2018-09-30 11:56 . 2018-09-30 16:34 -------- d-----w- c:\users\Hačís\AppData\Roaming\omaefet3eym
2018-09-30 11:56 . 2018-09-30 16:34 -------- d-----w- c:\users\Hačís\AppData\Roaming\gormp5x0evs
2018-09-30 11:27 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\ovx0qblivpw
2018-09-30 11:16 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\dga0u5kmu5w
2018-09-30 11:11 . 2018-09-30 11:14 -------- d-----w- c:\program files\HJTWJO4U08
2018-09-30 11:11 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\aqmh13j20s2
2018-09-30 11:06 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\x2imgkjw3lb
2018-09-30 10:55 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\ygrox4kmpqc
2018-09-30 10:41 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\yzqlbva1lix
2018-09-30 10:26 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\3f4xgawjpai
2018-09-30 10:16 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\zpzdktybg4e
2018-09-30 10:06 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\4bhmymhmz3n
2018-09-30 09:56 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\nv4qwnmitzm
2018-09-30 09:55 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\1ueerqmk4fw
2018-09-30 09:41 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\0sx4xb2wkgg
2018-09-30 09:19 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\uqklxuq3bpp
2018-09-30 09:19 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\3eq5fibggzp
2018-09-30 09:19 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\wbneen3cakm
2018-09-30 09:19 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\mpnvprj33jn
2018-09-30 09:14 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\y2cdg30o154
2018-09-30 09:14 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\xdbjew0ebnw
2018-09-30 09:14 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\qfbolhfixhe
2018-09-30 09:11 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\kqtn35nyksr
2018-09-30 09:09 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\vlrxvmgpbfm
2018-09-30 09:09 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\2hlvkweizah
2018-09-30 09:08 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\daxshilvflw
2018-09-30 09:08 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\g2jgy3jy0cs
2018-09-30 09:08 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\ia1jho0rtou
2018-09-30 09:07 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\iwyddph33j3
2018-09-30 08:56 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\othmmklaufh
2018-09-30 08:56 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\szq0myifpwv
2018-09-30 08:56 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\slnv3c1pg4i
2018-09-30 08:56 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\4up0t3gnrhx
2018-09-30 08:55 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\xnikdioprop
2018-09-30 08:17 . 2018-09-30 08:17 -------- d-----w- c:\users\Hačís\AppData\Local\mbam
2018-09-30 08:15 . 2018-09-11 11:18 152688 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-09-30 08:15 . 2018-09-30 08:15 -------- d-----w- c:\programdata\Malwarebytes
2018-09-30 08:15 . 2018-09-30 08:15 -------- d-----w- c:\program files\Malwarebytes
2018-09-29 19:03 . 2018-10-02 15:27 -------- d-----w- C:\AdwCleaner
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\04dd3opwinq
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\pqjhlyaij4p
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\aiqxdp2j2ye
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\g2hgrrek4tl
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\chdk4rn0p2g
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\ccxld2btr4f
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\1rmxxtuxnj4
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\la2vlm5mouk
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\qubn023ut11
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\k4e0qdqdsxf
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\byoccsr5awv
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\egkvyuirmvt
2018-09-29 15:29 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\0gxeyae45l1
2018-09-29 15:29 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\vw51xgv3143
2018-09-29 15:29 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\ch4vifxsxp0
2018-09-29 15:29 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\xibjq0rh1na
2018-09-29 15:26 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\etjzn1nrftw
2018-09-29 15:26 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\rfey3c0k32z
2018-09-29 15:23 . 2018-09-29 15:25 -------- d-----w- c:\users\Hačís\AppData\Roaming\0syghxusskg
2018-09-29 15:23 . 2018-09-29 15:25 -------- d-----w- c:\users\Hačís\AppData\Roaming\vlh3hsob5q0
2018-09-29 15:17 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\tfnjc2nuxqe
2018-09-29 15:17 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\tiod5uanl5r
2018-09-29 15:17 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\14a5ops3r2f
2018-09-29 15:12 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\lijia2u2as3
2018-09-29 15:11 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\wuyfuwi44yu
2018-09-29 15:11 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\osrhd1xyczz
2018-09-29 15:04 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\smstnl4t1xt
2018-09-29 15:04 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\okoapnjjegc
2018-09-29 15:04 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\np5iak5homj
2018-09-29 14:57 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\rar3a24r3eo
2018-09-29 14:56 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\gnnzspdulls
2018-09-29 14:56 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\lprqgv2eica
2018-09-29 14:50 . 2018-09-29 14:50 -------- d-----w- c:\users\Hačís\AppData\Local\Xara
2018-09-29 14:50 . 2018-09-29 14:50 -------- d-----w- c:\users\Hačís\AppData\Roaming\MAGIX
2018-09-29 14:50 . 2018-09-29 14:50 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2018-09-29 14:50 . 2018-09-29 14:50 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2018-09-29 14:46 . 2018-09-30 10:16 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2018-09-29 14:46 . 2018-09-30 09:15 -------- d-----w- c:\programdata\MAGIX
2018-09-29 14:41 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\ldflgbpnfdu
2018-09-29 14:41 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\zywez53rmgy
2018-09-29 14:41 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\22mxecvpjl5
2018-09-29 14:40 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\f1a11uuevi4
2018-09-29 14:40 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\4eqkwtq5byl
2018-09-29 14:40 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\aqdu3wnpf4z
2018-09-29 14:40 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\wow3hira2wg
2018-09-29 14:39 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\wj2bqs25opr
2018-09-29 14:39 . 2018-10-02 15:49 -------- d-----w- c:\program files (x86)\Full
2018-09-29 14:35 . 2018-10-02 15:49 -------- d-----w- c:\windows\SysWow64\wsfhyqup
2018-09-29 14:33 . 2018-09-29 14:33 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2018-09-29 14:25 . 2018-09-29 14:25 -------- d-----w- c:\programdata\AVS4YOU
2018-09-29 14:24 . 2018-09-29 14:24 -------- d-----w- c:\users\Hačís\AppData\Roaming\AVS4YOU
2018-09-29 14:22 . 2018-09-29 14:23 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2018-09-29 14:22 . 2018-09-29 14:23 -------- d-----w- c:\program files (x86)\AVS4YOU
2018-09-29 14:22 . 2011-06-23 10:26 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2018-09-29 14:22 . 2011-06-23 10:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2018-09-29 14:10 . 2018-09-29 14:10 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2018-09-29 14:10 . 2018-09-29 14:10 -------- d-----w- c:\program files (x86)\Corel
2018-09-29 14:06 . 2018-09-29 14:10 -------- d-----w- c:\program files\Corel
2018-09-29 07:37 . 2018-09-29 07:37 -------- d-----w- c:\program files (x86)\Ecru
2018-09-29 07:35 . 2018-09-29 07:35 -------- d-----w- c:\users\Hačís\AppData\Roaming\Ecru
2018-09-27 18:16 . 2018-09-27 18:16 -------- d-----w- c:\program files\Common Files\DESIGNER
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-10-02 19:27 . 2017-11-19 02:20 65536 ----a-w- c:\windows\system32\spu_storage.bin
2018-09-27 18:12 . 2018-03-31 17:29 5731920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2018-09-13 18:19 . 2017-11-19 02:02 139184408 -c--a-w- c:\windows\system32\MRT.exe
2018-09-11 17:37 . 2017-11-16 20:12 120208 ----a-w- c:\windows\system32\RTNUninst64.dll
2018-09-11 16:31 . 2017-11-16 21:10 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-09-11 16:31 . 2017-11-16 21:10 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-08-26 16:41 . 2018-08-26 16:41 89248 ----a-w- c:\windows\system32\vcruntime140.dll
2018-08-26 16:41 . 2018-08-26 16:41 87352 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2018-08-26 16:41 . 2018-08-26 16:41 675984 ----a-w- c:\windows\system32\msvcp140.dll
2018-08-26 16:41 . 2018-08-26 16:41 457512 ----a-w- c:\windows\SysWow64\msvcp140.dll
2018-08-26 16:41 . 2018-08-26 16:41 386712 ----a-w- c:\windows\system32\vccorlib140.dll
2018-08-26 16:41 . 2018-08-26 16:41 343192 ----a-w- c:\windows\system32\concrt140.dll
2018-08-26 16:41 . 2018-08-26 16:41 31896 ----a-w- c:\windows\system32\msvcp140_1.dll
2018-08-26 16:41 . 2018-08-26 16:41 28472 ----a-w- c:\windows\SysWow64\msvcp140_1.dll
2018-08-26 16:41 . 2018-08-26 16:41 274072 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2018-08-26 16:41 . 2018-08-26 16:41 248624 ----a-w- c:\windows\SysWow64\concrt140.dll
2018-08-10 15:54 . 2018-09-13 12:20 345600 ----a-w- c:\windows\system32\schannel.dll
2018-08-10 15:54 . 2018-09-13 12:20 190464 ----a-w- c:\windows\system32\rpchttp.dll
2018-08-10 15:41 . 2018-09-13 12:20 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2018-08-10 15:41 . 2018-09-13 12:20 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2018-08-10 15:39 . 2018-09-13 12:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2018-07-29 15:55 . 2018-09-13 12:20 1110528 ----a-w- c:\windows\system32\schedsvc.dll
2018-07-07 16:01 . 2018-09-13 12:20 316928 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2018-07-07 15:46 . 2018-09-13 12:20 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2018-07-07 15:46 . 2018-09-13 12:20 2182656 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
c:\users\Hačís\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Poslat do aplikace OneNote.lnk - c:\program files\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2018-3-31 184600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 cpuz143;cpuz143;c:\windows\temp\cpuz143\cpuz143_x64.sys;c:\windows\temp\cpuz143\cpuz143_x64.sys [x]
R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\DRIVERS\droidcam.sys;c:\windows\SYSNATIVE\DRIVERS\droidcam.sys [x]
R3 DroidCamVideo;DroidCam Source 3;c:\windows\system32\DRIVERS\droidcamvideo.sys;c:\windows\SYSNATIVE\DRIVERS\droidcamvideo.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Metin2\GameGuard\dump_wmimmc.sys;c:\program files (x86)\Metin2\GameGuard\dump_wmimmc.sys [x]
R3 iobit_monitor_server;iobit_monitor_server;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win7_x64.sys;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win7_x64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe;c:\program files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 nfstat;nfstat;c:\windows\System32\drivers\nfstat.sys;c:\windows\SYSNATIVE\drivers\nfstat.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - ZAM
*NewlyCreated* - ZAM_GUARD
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
MicroServiceGroup REG_MULTI_SZ MicroService
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2018-09-11 18388936]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{2e085fd2-a3e4-4b39-8e10-6b8d35f55244} - c:\programdata\Package Cache\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}\VC_redist.x86.exe
AddRemove-{323dad84-0974-4d90-a1c1-e006c7fdbb7d} - c:\programdata\Package Cache\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}\VC_redist.x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
AddRemove-Dědictví: Zajatec. Sběratelská edice - c:\program files (x86)\Alawarhry.cz\The Legacy Prisoner Collectors Edition\Uninstall.exe
AddRemove-Tma a Plamen: Ztrácené Vzpomínky. Sběratelská Edice - c:\program files (x86)\Alawarhry.cz\Darkness and Flame Missing Memories Collectors Edition\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2123216125-335965321-1693192355-1000\Software\SecuROM\License information*]
"datasecu"=hex:ab,92,58,ec,a5,54,86,40,8a,3a,63,7b,25,73,00,20,ab,74,e4,36,3c,
3b,cc,0b,86,c3,d6,85,87,90,f2,44,75,b1,56,1c,3a,fe,cd,5b,10,08,48,48,f9,12,\
"rkeysecu"=hex:8c,bc,74,a4,7d,67,37,53,c9,b9,e2,a5,16,49,07,f8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_31_0_0_108_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_31_0_0_108_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_31_0_0_108_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_31_0_0_108_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.31"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2018-10-02 21:59:03
ComboFix-quarantined-files.txt 2018-10-02 19:59
.
Před spuštěním: Volných bajtů: 215 733 182 464
Po spuštění: Volných bajtů: 215 198 949 376
.
- - End Of File - - 21C97C9BAE49209DFB4CAD0C05B7AA9A
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod jaro3 » 02 říj 2018 22:41

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\users\Hačís\AppData\Roaming\hh3jieg1ucx
c:\users\Hačís\AppData\Roaming\3ce2ya4p240
c:\users\Hačís\AppData\Roaming\eygcxagbo4f
c:\users\Hačís\AppData\Roaming\00b4hxfzx5c
c:\users\Hačís\AppData\Roaming\lmrrdroejzg
c:\users\Hačís\AppData\Roaming\r3qw1xbhgw3
c:\users\Hačís\AppData\Roaming\130b0b4ocqy
c:\programdata\WjIOjGvJCfODeXVB
c:\users\Hačís\AppData\Roaming\omaefet3eym
c:\users\Hačís\AppData\Roaming\gormp5x0evs
c:\users\Hačís\AppData\Roaming\ovx0qblivpw
c:\users\Hačís\AppData\Roaming\dga0u5kmu5w
c:\program files\HJTWJO4U08
c:\users\Hačís\AppData\Roaming\aqmh13j20s2
c:\users\Hačís\AppData\Roaming\x2imgkjw3lb
c:\users\Hačís\AppData\Roaming\ygrox4kmpqc
c:\users\Hačís\AppData\Roaming\yzqlbva1lix
c:\users\Hačís\AppData\Roaming\3f4xgawjpai
c:\users\Hačís\AppData\Roaming\zpzdktybg4e
c:\users\Hačís\AppData\Roaming\4bhmymhmz3n
c:\users\Hačís\AppData\Roaming\nv4qwnmitzm
c:\users\Hačís\AppData\Roaming\1ueerqmk4fw
c:\users\Hačís\AppData\Roaming\0sx4xb2wkgg
c:\users\Hačís\AppData\Roaming\uqklxuq3bpp
c:\users\Hačís\AppData\Roaming\3eq5fibggzp
c:\users\Hačís\AppData\Roaming\wbneen3cakm
c:\users\Hačís\AppData\Roaming\mpnvprj33jn
c:\users\Hačís\AppData\Roaming\y2cdg30o154
c:\users\Hačís\AppData\Roaming\xdbjew0ebnw
c:\users\Hačís\AppData\Roaming\qfbolhfixhe
c:\users\Hačís\AppData\Roaming\kqtn35nyksr
c:\users\Hačís\AppData\Roaming\vlrxvmgpbfm
c:\users\Hačís\AppData\Roaming\2hlvkweizah
c:\users\Hačís\AppData\Roaming\daxshilvflw
c:\users\Hačís\AppData\Roaming\g2jgy3jy0cs
c:\users\Hačís\AppData\Roaming\ia1jho0rtou
c:\users\Hačís\AppData\Roaming\iwyddph33j3
c:\users\Hačís\AppData\Roaming\othmmklaufh
c:\users\Hačís\AppData\Roaming\szq0myifpwv
c:\users\Hačís\AppData\Roaming\slnv3c1pg4i
c:\users\Hačís\AppData\Roaming\4up0t3gnrhx
c:\users\Hačís\AppData\Roaming\xnikdioprop
c:\users\Hačís\AppData\Roaming\04dd3opwinq
c:\users\Hačís\AppData\Roaming\pqjhlyaij4p
c:\users\Hačís\AppData\Roaming\aiqxdp2j2ye
c:\users\Hačís\AppData\Roaming\g2hgrrek4tl
c:\users\Hačís\AppData\Roaming\chdk4rn0p2g
c:\users\Hačís\AppData\Roaming\ccxld2btr4f
c:\users\Hačís\AppData\Roaming\1rmxxtuxnj4
c:\users\Hačís\AppData\Roaming\la2vlm5mouk
c:\users\Hačís\AppData\Roaming\qubn023ut11
c:\users\Hačís\AppData\Roaming\k4e0qdqdsxf
c:\users\Hačís\AppData\Roaming\byoccsr5awv
c:\users\Hačís\AppData\Roaming\egkvyuirmvt
c:\users\Hačís\AppData\Roaming\0gxeyae45l1
c:\users\Hačís\AppData\Roaming\vw51xgv3143
c:\users\Hačís\AppData\Roaming\ch4vifxsxp0
c:\users\Hačís\AppData\Roaming\xibjq0rh1na
c:\users\Hačís\AppData\Roaming\etjzn1nrftw
c:\users\Hačís\AppData\Roaming\rfey3c0k32z
c:\users\Hačís\AppData\Roaming\0syghxusskg
c:\users\Hačís\AppData\Roaming\vlh3hsob5q0
c:\users\Hačís\AppData\Roaming\tfnjc2nuxqe
c:\users\Hačís\AppData\Roaming\tiod5uanl5r
c:\users\Hačís\AppData\Roaming\14a5ops3r2f
c:\users\Hačís\AppData\Roaming\lijia2u2as3
c:\users\Hačís\AppData\Roaming\wuyfuwi44yu
c:\users\Hačís\AppData\Roaming\osrhd1xyczz
c:\users\Hačís\AppData\Roaming\smstnl4t1xt
c:\users\Hačís\AppData\Roaming\okoapnjjegc
c:\users\Hačís\AppData\Roaming\np5iak5homj
c:\users\Hačís\AppData\Roaming\rar3a24r3eo
c:\users\Hačís\AppData\Roaming\gnnzspdulls
c:\users\Hačís\AppData\Roaming\lprqgv2eica
c:\users\Hačís\AppData\Roaming\ldflgbpnfdu
c:\users\Hačís\AppData\Roaming\zywez53rmgy
c:\users\Hačís\AppData\Roaming\22mxecvpjl5
c:\users\Hačís\AppData\Roaming\f1a11uuevi4
c:\users\Hačís\AppData\Roaming\4eqkwtq5byl
c:\users\Hačís\AppData\Roaming\aqdu3wnpf4z
c:\users\Hačís\AppData\Roaming\wow3hira2wg
c:\users\Hačís\AppData\Roaming\wj2bqs25opr
c:\windows\SysWow64\wsfhyqup

Folder::
c:\users\Hačís\AppData\Roaming\hh3jieg1ucx
c:\users\Hačís\AppData\Roaming\3ce2ya4p240
c:\users\Hačís\AppData\Roaming\eygcxagbo4f
c:\users\Hačís\AppData\Roaming\00b4hxfzx5c
c:\users\Hačís\AppData\Roaming\lmrrdroejzg
c:\users\Hačís\AppData\Roaming\r3qw1xbhgw3
c:\users\Hačís\AppData\Roaming\130b0b4ocqy
c:\programdata\WjIOjGvJCfODeXVB
c:\users\Hačís\AppData\Roaming\omaefet3eym
c:\users\Hačís\AppData\Roaming\gormp5x0evs
c:\users\Hačís\AppData\Roaming\ovx0qblivpw
c:\users\Hačís\AppData\Roaming\dga0u5kmu5w
c:\program files\HJTWJO4U08
c:\users\Hačís\AppData\Roaming\aqmh13j20s2
c:\users\Hačís\AppData\Roaming\x2imgkjw3lb
c:\users\Hačís\AppData\Roaming\ygrox4kmpqc
c:\users\Hačís\AppData\Roaming\yzqlbva1lix
c:\users\Hačís\AppData\Roaming\3f4xgawjpai
c:\users\Hačís\AppData\Roaming\zpzdktybg4e
c:\users\Hačís\AppData\Roaming\4bhmymhmz3n
c:\users\Hačís\AppData\Roaming\nv4qwnmitzm
c:\users\Hačís\AppData\Roaming\1ueerqmk4fw
c:\users\Hačís\AppData\Roaming\0sx4xb2wkgg
c:\users\Hačís\AppData\Roaming\uqklxuq3bpp
c:\users\Hačís\AppData\Roaming\3eq5fibggzp
c:\users\Hačís\AppData\Roaming\wbneen3cakm
c:\users\Hačís\AppData\Roaming\mpnvprj33jn
c:\users\Hačís\AppData\Roaming\y2cdg30o154
c:\users\Hačís\AppData\Roaming\xdbjew0ebnw
c:\users\Hačís\AppData\Roaming\qfbolhfixhe
c:\users\Hačís\AppData\Roaming\kqtn35nyksr
c:\users\Hačís\AppData\Roaming\vlrxvmgpbfm
c:\users\Hačís\AppData\Roaming\2hlvkweizah
c:\users\Hačís\AppData\Roaming\daxshilvflw
c:\users\Hačís\AppData\Roaming\g2jgy3jy0cs
c:\users\Hačís\AppData\Roaming\ia1jho0rtou
c:\users\Hačís\AppData\Roaming\iwyddph33j3
c:\users\Hačís\AppData\Roaming\othmmklaufh
c:\users\Hačís\AppData\Roaming\szq0myifpwv
c:\users\Hačís\AppData\Roaming\slnv3c1pg4i
c:\users\Hačís\AppData\Roaming\4up0t3gnrhx
c:\users\Hačís\AppData\Roaming\xnikdioprop
c:\users\Hačís\AppData\Roaming\04dd3opwinq
c:\users\Hačís\AppData\Roaming\pqjhlyaij4p
c:\users\Hačís\AppData\Roaming\aiqxdp2j2ye
c:\users\Hačís\AppData\Roaming\g2hgrrek4tl
c:\users\Hačís\AppData\Roaming\chdk4rn0p2g
c:\users\Hačís\AppData\Roaming\ccxld2btr4f
c:\users\Hačís\AppData\Roaming\1rmxxtuxnj4
c:\users\Hačís\AppData\Roaming\la2vlm5mouk
c:\users\Hačís\AppData\Roaming\qubn023ut11
c:\users\Hačís\AppData\Roaming\k4e0qdqdsxf
c:\users\Hačís\AppData\Roaming\byoccsr5awv
c:\users\Hačís\AppData\Roaming\egkvyuirmvt
c:\users\Hačís\AppData\Roaming\0gxeyae45l1
c:\users\Hačís\AppData\Roaming\vw51xgv3143
c:\users\Hačís\AppData\Roaming\ch4vifxsxp0
c:\users\Hačís\AppData\Roaming\xibjq0rh1na
c:\users\Hačís\AppData\Roaming\etjzn1nrftw
c:\users\Hačís\AppData\Roaming\rfey3c0k32z
c:\users\Hačís\AppData\Roaming\0syghxusskg
c:\users\Hačís\AppData\Roaming\vlh3hsob5q0
c:\users\Hačís\AppData\Roaming\tfnjc2nuxqe
c:\users\Hačís\AppData\Roaming\tiod5uanl5r
c:\users\Hačís\AppData\Roaming\14a5ops3r2f
c:\users\Hačís\AppData\Roaming\lijia2u2as3
c:\users\Hačís\AppData\Roaming\wuyfuwi44yu
c:\users\Hačís\AppData\Roaming\osrhd1xyczz
c:\users\Hačís\AppData\Roaming\smstnl4t1xt
c:\users\Hačís\AppData\Roaming\okoapnjjegc
c:\users\Hačís\AppData\Roaming\np5iak5homj
c:\users\Hačís\AppData\Roaming\rar3a24r3eo
c:\users\Hačís\AppData\Roaming\gnnzspdulls
c:\users\Hačís\AppData\Roaming\lprqgv2eica
c:\users\Hačís\AppData\Roaming\ldflgbpnfdu
c:\users\Hačís\AppData\Roaming\zywez53rmgy
c:\users\Hačís\AppData\Roaming\22mxecvpjl5
c:\users\Hačís\AppData\Roaming\f1a11uuevi4
c:\users\Hačís\AppData\Roaming\4eqkwtq5byl
c:\users\Hačís\AppData\Roaming\aqdu3wnpf4z
c:\users\Hačís\AppData\Roaming\wow3hira2wg
c:\users\Hačís\AppData\Roaming\wj2bqs25opr
c:\windows\SysWow64\wsfhyqup

DDS::
uInternet Settings,ProxyOverride = *.local

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_31_0_0_108_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_31_0_0_108_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_31_0_0_108_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_31_0_0_108_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.31"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.


V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na https://www.virustotal.com/#/home/uploadVirustotal
c:\windows\SYSNATIVE\drivers\nfstat.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

standacich
Level 3
Level 3
Příspěvky: 514
Registrován: říjen 12
Bydliště: Hustopeče
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod standacich » 02 říj 2018 23:13

c:\windows\SYSNATIVE\drivers\nfstat.sys

nemůžu najít v pc

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod jaro3 » 03 říj 2018 19:21

Tak ho zkusíme najít , zatím udělej ten script.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

standacich
Level 3
Level 3
Příspěvky: 514
Registrován: říjen 12
Bydliště: Hustopeče
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod standacich » 03 říj 2018 22:22

ComboFix 18-08-08.01 - Hačís 02.10.2018 22:57:21.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3256.2130 [GMT 2:00]
Spuštěný z: c:\users\HaŔÝs\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\HaŔÝs\Desktop\CFScript.txt
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\PFRO.log
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-09-02 do 2018-10-02 )))))))))))))))))))))))))))))))
.
.
2018-10-02 21:02 . 2018-10-02 21:02 -------- d-----w- c:\users\HAS~2\AppData\Local\temp
2018-10-02 21:02 . 2018-10-02 21:02 -------- d-----w- c:\users\Děti\AppData\Local\temp
2018-10-02 21:02 . 2018-10-02 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-10-02 19:31 . 2018-10-02 19:31 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2018-10-02 19:31 . 2018-10-02 19:31 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2018-10-02 19:31 . 2018-10-02 19:31 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2018-10-02 19:31 . 2018-10-02 19:31 -------- d-----w- c:\users\Hačís\AppData\Local\Zemana
2018-10-02 19:21 . 2014-02-13 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2018-10-02 19:21 . 2018-10-02 21:02 -------- d-----w- c:\users\Hačís\AppData\Local\Temp
2018-10-02 18:58 . 2018-10-02 19:17 -------- d-----w- C:\zoek_backup
2018-10-02 17:40 . 2018-10-02 18:33 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-10-02 17:39 . 2018-10-02 18:01 -------- d-----w- c:\programdata\RogueKiller
2018-10-02 16:06 . 2018-10-02 16:06 -------- d-----w- c:\program files (x86)\Sophos
2018-10-02 01:12 . 2018-09-24 21:29 14652992 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14FDBB55-D48E-4047-80F8-5EA53C4C20DF}\mpengine.dll
2018-09-30 16:19 . 2018-09-30 16:19 -------- d-----w- c:\programdata\Sophos
2018-09-30 16:07 . 2018-09-30 16:07 -------- d-----w- c:\users\Děti\AppData\Roaming\Adobe
2018-09-30 15:56 . 2018-09-30 15:56 -------- d-----w- c:\users\Děti\AppData\Local\mbamtray
2018-09-30 15:45 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\hh3jieg1ucx
2018-09-30 15:38 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\3ce2ya4p240
2018-09-30 15:30 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\eygcxagbo4f
2018-09-30 15:29 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\00b4hxfzx5c
2018-09-30 15:07 . 2018-10-02 15:31 -------- d-----w- c:\users\Hačís\AppData\Roaming\lmrrdroejzg
2018-09-30 12:16 . 2018-09-30 16:34 -------- d-----w- c:\users\Hačís\AppData\Roaming\r3qw1xbhgw3
2018-09-30 12:07 . 2018-09-30 16:34 -------- d-----w- c:\users\Hačís\AppData\Roaming\130b0b4ocqy
2018-09-30 12:01 . 2018-09-30 12:01 -------- d-----w- c:\programdata\WjIOjGvJCfODeXVB
2018-09-30 11:56 . 2018-09-30 16:34 -------- d-----w- c:\users\Hačís\AppData\Roaming\omaefet3eym
2018-09-30 11:56 . 2018-09-30 16:34 -------- d-----w- c:\users\Hačís\AppData\Roaming\gormp5x0evs
2018-09-30 11:27 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\ovx0qblivpw
2018-09-30 11:16 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\dga0u5kmu5w
2018-09-30 11:11 . 2018-09-30 11:14 -------- d-----w- c:\program files\HJTWJO4U08
2018-09-30 11:11 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\aqmh13j20s2
2018-09-30 11:06 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\x2imgkjw3lb
2018-09-30 10:55 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\ygrox4kmpqc
2018-09-30 10:41 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\yzqlbva1lix
2018-09-30 10:26 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\3f4xgawjpai
2018-09-30 10:16 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\zpzdktybg4e
2018-09-30 10:06 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\4bhmymhmz3n
2018-09-30 09:56 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\nv4qwnmitzm
2018-09-30 09:55 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\1ueerqmk4fw
2018-09-30 09:41 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\0sx4xb2wkgg
2018-09-30 09:19 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\uqklxuq3bpp
2018-09-30 09:19 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\3eq5fibggzp
2018-09-30 09:19 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\wbneen3cakm
2018-09-30 09:19 . 2018-09-30 16:33 -------- d-----w- c:\users\Hačís\AppData\Roaming\mpnvprj33jn
2018-09-30 09:14 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\y2cdg30o154
2018-09-30 09:14 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\xdbjew0ebnw
2018-09-30 09:14 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\qfbolhfixhe
2018-09-30 09:11 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\kqtn35nyksr
2018-09-30 09:09 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\vlrxvmgpbfm
2018-09-30 09:09 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\2hlvkweizah
2018-09-30 09:08 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\daxshilvflw
2018-09-30 09:08 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\g2jgy3jy0cs
2018-09-30 09:08 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\ia1jho0rtou
2018-09-30 09:07 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\iwyddph33j3
2018-09-30 08:56 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\othmmklaufh
2018-09-30 08:56 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\szq0myifpwv
2018-09-30 08:56 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\slnv3c1pg4i
2018-09-30 08:56 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\4up0t3gnrhx
2018-09-30 08:55 . 2018-09-30 16:32 -------- d-----w- c:\users\Hačís\AppData\Roaming\xnikdioprop
2018-09-30 08:17 . 2018-09-30 08:17 -------- d-----w- c:\users\Hačís\AppData\Local\mbam
2018-09-30 08:15 . 2018-09-11 11:18 152688 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-09-30 08:15 . 2018-09-30 08:15 -------- d-----w- c:\programdata\Malwarebytes
2018-09-30 08:15 . 2018-09-30 08:15 -------- d-----w- c:\program files\Malwarebytes
2018-09-29 19:03 . 2018-10-02 15:27 -------- d-----w- C:\AdwCleaner
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\04dd3opwinq
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\pqjhlyaij4p
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\aiqxdp2j2ye
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\g2hgrrek4tl
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\chdk4rn0p2g
2018-09-29 15:40 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\ccxld2btr4f
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\1rmxxtuxnj4
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\la2vlm5mouk
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\qubn023ut11
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\k4e0qdqdsxf
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\byoccsr5awv
2018-09-29 15:34 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\egkvyuirmvt
2018-09-29 15:29 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\0gxeyae45l1
2018-09-29 15:29 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\vw51xgv3143
2018-09-29 15:29 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\ch4vifxsxp0
2018-09-29 15:29 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\xibjq0rh1na
2018-09-29 15:26 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\etjzn1nrftw
2018-09-29 15:26 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\rfey3c0k32z
2018-09-29 15:23 . 2018-09-29 15:25 -------- d-----w- c:\users\Hačís\AppData\Roaming\0syghxusskg
2018-09-29 15:23 . 2018-09-29 15:25 -------- d-----w- c:\users\Hačís\AppData\Roaming\vlh3hsob5q0
2018-09-29 15:17 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\tfnjc2nuxqe
2018-09-29 15:17 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\tiod5uanl5r
2018-09-29 15:17 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\14a5ops3r2f
2018-09-29 15:12 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\lijia2u2as3
2018-09-29 15:11 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\wuyfuwi44yu
2018-09-29 15:11 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\osrhd1xyczz
2018-09-29 15:04 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\smstnl4t1xt
2018-09-29 15:04 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\okoapnjjegc
2018-09-29 15:04 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\np5iak5homj
2018-09-29 14:57 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\rar3a24r3eo
2018-09-29 14:56 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\gnnzspdulls
2018-09-29 14:56 . 2018-09-30 08:49 -------- d-----w- c:\users\Hačís\AppData\Roaming\lprqgv2eica
2018-09-29 14:50 . 2018-09-29 14:50 -------- d-----w- c:\users\Hačís\AppData\Local\Xara
2018-09-29 14:50 . 2018-09-29 14:50 -------- d-----w- c:\users\Hačís\AppData\Roaming\MAGIX
2018-09-29 14:50 . 2018-09-29 14:50 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2018-09-29 14:50 . 2018-09-29 14:50 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2018-09-29 14:46 . 2018-09-30 10:16 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2018-09-29 14:46 . 2018-09-30 09:15 -------- d-----w- c:\programdata\MAGIX
2018-09-29 14:41 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\ldflgbpnfdu
2018-09-29 14:41 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\zywez53rmgy
2018-09-29 14:41 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\22mxecvpjl5
2018-09-29 14:40 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\f1a11uuevi4
2018-09-29 14:40 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\4eqkwtq5byl
2018-09-29 14:40 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\aqdu3wnpf4z
2018-09-29 14:40 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\wow3hira2wg
2018-09-29 14:39 . 2018-09-30 08:48 -------- d-----w- c:\users\Hačís\AppData\Roaming\wj2bqs25opr
2018-09-29 14:39 . 2018-10-02 15:49 -------- d-----w- c:\program files (x86)\Full
2018-09-29 14:35 . 2018-10-02 15:49 -------- d-----w- c:\windows\SysWow64\wsfhyqup
2018-09-29 14:33 . 2018-09-29 14:33 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2018-09-29 14:25 . 2018-09-29 14:25 -------- d-----w- c:\programdata\AVS4YOU
2018-09-29 14:24 . 2018-09-29 14:24 -------- d-----w- c:\users\Hačís\AppData\Roaming\AVS4YOU
2018-09-29 14:22 . 2018-09-29 14:23 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2018-09-29 14:22 . 2018-09-29 14:23 -------- d-----w- c:\program files (x86)\AVS4YOU
2018-09-29 14:22 . 2011-06-23 10:26 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2018-09-29 14:22 . 2011-06-23 10:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2018-09-29 14:10 . 2018-09-29 14:10 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2018-09-29 14:10 . 2018-09-29 14:10 -------- d-----w- c:\program files (x86)\Corel
2018-09-29 14:06 . 2018-09-29 14:10 -------- d-----w- c:\program files\Corel
2018-09-29 07:37 . 2018-09-29 07:37 -------- d-----w- c:\program files (x86)\Ecru
2018-09-29 07:35 . 2018-09-29 07:35 -------- d-----w- c:\users\Hačís\AppData\Roaming\Ecru
2018-09-27 18:16 . 2018-09-27 18:16 -------- d-----w- c:\program files\Common Files\DESIGNER
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-10-02 20:05 . 2017-11-19 02:20 65536 ----a-w- c:\windows\system32\spu_storage.bin
2018-09-27 18:12 . 2018-03-31 17:29 5731920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2018-09-13 18:19 . 2017-11-19 02:02 139184408 -c--a-w- c:\windows\system32\MRT.exe
2018-09-11 17:37 . 2017-11-16 20:12 120208 ----a-w- c:\windows\system32\RTNUninst64.dll
2018-09-11 16:31 . 2017-11-16 21:10 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-09-11 16:31 . 2017-11-16 21:10 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-08-26 16:41 . 2018-08-26 16:41 89248 ----a-w- c:\windows\system32\vcruntime140.dll
2018-08-26 16:41 . 2018-08-26 16:41 87352 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2018-08-26 16:41 . 2018-08-26 16:41 675984 ----a-w- c:\windows\system32\msvcp140.dll
2018-08-26 16:41 . 2018-08-26 16:41 457512 ----a-w- c:\windows\SysWow64\msvcp140.dll
2018-08-26 16:41 . 2018-08-26 16:41 386712 ----a-w- c:\windows\system32\vccorlib140.dll
2018-08-26 16:41 . 2018-08-26 16:41 343192 ----a-w- c:\windows\system32\concrt140.dll
2018-08-26 16:41 . 2018-08-26 16:41 31896 ----a-w- c:\windows\system32\msvcp140_1.dll
2018-08-26 16:41 . 2018-08-26 16:41 28472 ----a-w- c:\windows\SysWow64\msvcp140_1.dll
2018-08-26 16:41 . 2018-08-26 16:41 274072 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2018-08-26 16:41 . 2018-08-26 16:41 248624 ----a-w- c:\windows\SysWow64\concrt140.dll
2018-08-10 15:54 . 2018-09-13 12:20 345600 ----a-w- c:\windows\system32\schannel.dll
2018-08-10 15:54 . 2018-09-13 12:20 190464 ----a-w- c:\windows\system32\rpchttp.dll
2018-08-10 15:41 . 2018-09-13 12:20 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2018-08-10 15:41 . 2018-09-13 12:20 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2018-08-10 15:39 . 2018-09-13 12:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2018-07-29 15:55 . 2018-09-13 12:20 1110528 ----a-w- c:\windows\system32\schedsvc.dll
2018-07-07 16:01 . 2018-09-13 12:20 316928 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2018-07-07 15:46 . 2018-09-13 12:20 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2018-07-07 15:46 . 2018-09-13 12:20 2182656 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-03-31 17:39 1602248 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
c:\users\Hačís\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Poslat do aplikace OneNote.lnk - c:\program files\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2018-3-31 184600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 cpuz143;cpuz143;c:\windows\temp\cpuz143\cpuz143_x64.sys;c:\windows\temp\cpuz143\cpuz143_x64.sys [x]
R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\DRIVERS\droidcam.sys;c:\windows\SYSNATIVE\DRIVERS\droidcam.sys [x]
R3 DroidCamVideo;DroidCam Source 3;c:\windows\system32\DRIVERS\droidcamvideo.sys;c:\windows\SYSNATIVE\DRIVERS\droidcamvideo.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Metin2\GameGuard\dump_wmimmc.sys;c:\program files (x86)\Metin2\GameGuard\dump_wmimmc.sys [x]
R3 iobit_monitor_server;iobit_monitor_server;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win7_x64.sys;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win7_x64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe;c:\program files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 nfstat;nfstat;c:\windows\System32\drivers\nfstat.sys;c:\windows\SYSNATIVE\drivers\nfstat.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - WS2IFSL
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
MicroServiceGroup REG_MULTI_SZ MicroService
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-03-31 17:39 1659072 ----a-w- c:\users\Hačís\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2018-09-11 18388936]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{2e085fd2-a3e4-4b39-8e10-6b8d35f55244} - c:\programdata\Package Cache\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}\VC_redist.x86.exe
AddRemove-{323dad84-0974-4d90-a1c1-e006c7fdbb7d} - c:\programdata\Package Cache\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}\VC_redist.x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2123216125-335965321-1693192355-1000\Software\SecuROM\License information*]
"datasecu"=hex:ab,92,58,ec,a5,54,86,40,8a,3a,63,7b,25,73,00,20,ab,74,e4,36,3c,
3b,cc,0b,86,c3,d6,85,87,90,f2,44,75,b1,56,1c,3a,fe,cd,5b,10,08,48,48,f9,12,\
"rkeysecu"=hex:8c,bc,74,a4,7d,67,37,53,c9,b9,e2,a5,16,49,07,f8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_31_0_0_108_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_31_0_0_108_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_31_0_0_108_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_31_0_0_108_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.31"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2018-10-02 23:04:52
ComboFix-quarantined-files.txt 2018-10-02 21:04
ComboFix2.txt 2018-10-02 19:59
.
Před spuštěním: Volných bajtů: 214 868 946 944
Po spuštění: Volných bajtů: 214 539 259 904
.
- - End Of File - - 4B2A32301B31A13B6A400AF89A0C3E09
A36C5E4F47E84449FF07ED3517B43A31

standacich
Level 3
Level 3
Příspěvky: 514
Registrován: říjen 12
Bydliště: Hustopeče
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod standacich » 03 říj 2018 22:22

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:20:59, on 3.10.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.19104)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\Hačís\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 8480 bytes


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů