Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 27. 10. 2014
Cas skenování: 15:59:59
Protokol: log.txt
Správce: Ano
Verze: 2.00.3.1025
Databáze malwaru: v2014.10.27.03
Databáze rootkitu: v2014.10.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto
OS: Windows 8
CPU: x86
Souborový systém: NTFS
Uživatel: Radek
Typ skenu: Sken hrozeb
Výsledek: Dokonceno
Prohledaných objektu: 356495
Uplynulý cas: 46 min, 25 sek
Pamet: Zapnuto
Po spuštení: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjišteny položek)
Moduly: 0
(Žádné zákerné zjišteny položek)
Klíce registru: 11
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, , [a20d45d46814f73fda06eeb41de44bb5],
PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SEARCHPROTECTION.EXE, , [139c8792e696e353e541288933ce17e9],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3534537208-2187551088-1508768168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [8b241108275570c69e2773339072fa06],
PUP.Optional.Spigot, HKU\S-1-5-21-3534537208-2187551088-1508768168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Protection, , [a20d55c45c2061d5e53f2c85d52cef11],
PUP.Optional.VOPackage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [505f33e614687abcbd96200307fcad53],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [b6f95cbd81fb40f6c5fb3b597c88b34d],
PUP.Optional.SafetyNut.A, HKLM\SOFTWARE\SAFETYNUT, , [1897fd1cb5c7b77f52b39cda0cf86898],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT, , [4e6176a3bebe8fa70016e552847fa759],
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-3534537208-2187551088-1508768168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [6e41a970730989ad2fffc492986b09f7],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3534537208-2187551088-1508768168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [525dde3ba7d58ea884091039b94a867a],
Hodnoty registru: 4
PUP.Optional.Spigot, HKU\S-1-5-21-3534537208-2187551088-1508768168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtection, "C:\Users\Radek\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart, , [139c8792e696e353e541288933ce17e9]
PUP.Optional.VOPackage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Users\Radek\AppData\Roaming\VOPackage\uninstall.exe", , [9d12f32669131b1b5c0cfb37f310d32d]
PUP.Optional.SafetyNut.A, HKLM\SOFTWARE\SAFETYNUT|browser, cr, , [1897fd1cb5c7b77f52b39cda0cf86898]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT|InstallDir, C:\PROGRA~1\SearchProtect, , [4e6176a3bebe8fa70016e552847fa759]
Data registru: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-3534537208-2187551088-1508768168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT332219 ... C699&SSPV=, Dobré: (www.google.com), Špatné: (http://www.trovi.com/?gd=&ctid=CT332219 ... C699&SSPV=),,[743b9485afcd1b1b7e7648db24e19c64]
Složky: 32
PUP.Optional.VOPackage.A, C:\Users\Radek\AppData\Roaming\VOPackage, , [505f33e614687abcbd96200307fcad53],
PUP.Optional.VOPackage, C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage, , [317e71a8c9b3e452eb7ed85a28dbe818],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\rep, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\rep, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.OpenCandy, C:\Users\Radek\AppData\Roaming\OpenCandy, , [8c23a970b9c31224f2a4e21143bf48b8],
PUP.Optional.OpenCandy, C:\Users\Radek\AppData\Roaming\OpenCandy\75FF1FECCFC845ECA5BBF179B0F1340D, , [8c23a970b9c31224f2a4e21143bf48b8],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect, , [337c77a20478a690978ef11873909f61],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect\SearchProtect, , [337c77a20478a690978ef11873909f61],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect\SearchProtect\rep, , [337c77a20478a690978ef11873909f61],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect\SearchProtect\STG, , [337c77a20478a690978ef11873909f61],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect\UI, , [337c77a20478a690978ef11873909f61],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect\UI\rep, , [337c77a20478a690978ef11873909f61],
PUP.Optional.Extutil.A, C:\Users\Radek\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [6649ba5fd7a5e74fc4b357b44bb8c838],
PUP.Optional.Managera.A, C:\Users\Radek\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [664969b0bac261d5a1d7da31679c659b],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut, , [6b443adf2f4d2115b86067a8e122748c],
Soubory: 125
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe, , [a20d45d46814f73fda06eeb41de44bb5],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe, , [f2bd43d687f5290d8060c1e1c04107f9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin\cltmngui.exe, , [416edc3d4c3061d51fc1b5ed1be6c43c],
PUP.Optional.Spigot, C:\Users\Radek\AppData\Roaming\Search Protection\SearchProtection.exe, , [139c8792e696e353e541288933ce17e9],
PUP.Optional.Spigot, C:\Users\Radek\AppData\Roaming\Search Protection\Uninstall.exe, , [a20d55c45c2061d5e53f2c85d52cef11],
Malware.Packer.Gen, C:\Program Files\Windows Movie Maker\WMM2EXT.dll, , [09a6d4452458d36302f82b363bc5b749],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\Temp\nsp1400.tmp, , [f3bc0019cfad3bfb70707e248e73c63a],
PUP.Optional.Conduit.A, C:\Users\Radek\AppData\Local\Temp\nsu4925.exe, , [1e91ff1a4a324fe7e2dea2f60ef3649c],
PUP.Optional.Conduit.A, C:\Users\Radek\AppData\Local\Temp\nsu96DB.exe, , [a40b31e8017b70c6853be1b7669b768a],
PUP.Optional.Somoto, C:\Users\Radek\AppData\Local\Temp\nsc7CC2.tmp, , [3e7164b5bcc0b77f5080e3cd0bf65aa6],
PUP.Optional.Conduit.A, C:\Users\Radek\AppData\Local\Temp\nsj40AB.exe, , [edc2fc1ddba19b9b1ea260384eb31de3],
PUP.Optional.Conduit.A, C:\Users\Radek\AppData\Local\Temp\nsk8CDC.exe, , [7e3193862458fc3af9c7edab7a87cc34],
PUP.Optional.Spigot, C:\Users\Radek\AppData\Local\Temp\~sp3A26.tmp, , [1897d742eb91ce682202733e29d854ac],
PUP.Optional.Somoto, C:\Users\Radek\AppData\Local\Temp\bitool.dll, , [f9b6ef2ae8946ec85ef0db9990728080],
PUP.Optional.Softonic.A, C:\Users\Radek\AppData\Local\Temp\Softonic_EN_1-5-11_EN-Production_10_CleanRelease.exe, , [f8b7af6a5e1e54e2ffe7d9dd3fc2f60a],
PUP.Optional.OpenCandy, C:\Users\Radek\AppData\Local\Temp\nsm6930.tmp\OCSetupHlp.dll, , [99168a8fa5d769cd9dbf4f05b3520cf4],
PUP.Optional.OpenCandy, C:\Users\Radek\AppData\Local\Temp\nsc676C.tmp\DTLite.exe, , [ab04031603799c9a23392e26dc296799],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsh516D.exe, , [07a8e039403c92a4318f7820a55c2cd4],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsh877B.exe, , [783789900b71f4425c643e5ab34e5ca4],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsh94C8.exe, , [0ea1f821b7c585b111af2870f60bd52b],
PUP.Optional.Conduit.A, C:\Windows\Temp\nshA289.exe, , [b4fb0910215b8babd8e822764cb57c84],
PUP.Optional.Conduit.A, C:\Windows\Temp\nshDBD2.exe, , [fab5e1384834cc6a10b0e7b1a8594db3],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsmA961.exe, , [208fca4f99e3a98d9927d8c0a55c1ae6],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsmCFC0.exe, , [545b0e0b7a02b77f0eb2b2e6827fbe42],
PUP.Optional.Conduit.A, C:\Windows\Temp\nssF205.exe, , [c3ec23f6fb815ed890307c1cb74af010],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsx85A7.exe, , [baf5180188f477bf843c01971fe224dc],
PUP.Optional.Conduit.A, C:\Windows\Temp\nscA5C9.exe, , [dbd44bce8af256e0269a4652dd24af51],
PUP.Optional.VOPackage.A, C:\Users\Radek\AppData\Roaming\VOPackage\Uninstall.exe, , [505f33e614687abcbd96200307fcad53],
PUP.Optional.VOPackage.A, C:\Users\Radek\AppData\Roaming\VOPackage\VOPackage.exe, , [505f33e614687abcbd96200307fcad53],
PUP.Optional.VOPackage, C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk, , [317e71a8c9b3e452eb7ed85a28dbe818],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\EULA.txt, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\SPTool.dll, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\uninstall.exe, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings.html, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\style.css, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.css, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.html, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\defaults.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def-grey.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-dia.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-uninstall.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\button-bg.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\v.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\x.png, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\main.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js, , [06a9cd4c92eae650375de298768e28d8],
PUP.Optional.OpenCandy, C:\Users\Radek\AppData\Roaming\OpenCandy\75FF1FECCFC845ECA5BBF179B0F1340D\avg_tuht_stf_cs_2014_206_CZ.exe, , [8c23a970b9c31224f2a4e21143bf48b8],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, , [337c77a20478a690978ef11873909f61],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [337c77a20478a690978ef11873909f61],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [337c77a20478a690978ef11873909f61],
PUP.Optional.SearchProtect.A, C:\Users\Radek\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [337c77a20478a690978ef11873909f61],
PUP.Optional.Extutil.A, C:\Users\Radek\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [6649ba5fd7a5e74fc4b357b44bb8c838],
PUP.Optional.Extutil.A, C:\Users\Radek\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [6649ba5fd7a5e74fc4b357b44bb8c838],
PUP.Optional.Extutil.A, C:\Users\Radek\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [6649ba5fd7a5e74fc4b357b44bb8c838],
PUP.Optional.Managera.A, C:\Users\Radek\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [664969b0bac261d5a1d7da31679c659b],
PUP.Optional.Managera.A, C:\Users\Radek\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [664969b0bac261d5a1d7da31679c659b],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\configmgrc1.cfg, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\del_DM_LL_nsa43E.dll, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\favicon.ico, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\safetyChrome.dll, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\safetycrt.dll, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\safetyldr.dll, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\safetyldr_u.dll, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\safetynut.dll, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\safetynut.exe, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe, , [6b443adf2f4d2115b86067a8e122748c],
PUP.Optional.Ask.A, C:\Program Files\Browser Tab Search by Ask\SafetyNut\safetynut_ie.dll, , [6b443adf2f4d2115b86067a8e122748c],
Fyzické sektory: 0
(Žádné zákerné zjišteny položek)
(end)
nález v mbam a lagy
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nález v mbam a lagy
Vlož log z HJT:
viewtopic.php?f=70&t=5119
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
viewtopic.php?f=70&t=5119
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
- Ghost27
- Level 1
- Příspěvky: 52
- Registrován: listopad 13
- Bydliště: Prague
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: nález v mbam a lagy
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 29. 10. 2014
Cas skenování: 7:13:21
Protokol: mbam.txt
Správce: Ano
Verze: 2.00.3.1025
Databáze malwaru: v2014.10.29.03
Databáze rootkitu: v2014.10.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto
OS: Windows 8
CPU: x86
Souborový systém: NTFS
Uživatel: Radek
Typ skenu: Sken hrozeb
Výsledek: Dokonceno
Prohledaných objektu: 356660
Uplynulý cas: 26 min, 20 sek
Pamet: Zapnuto
Po spuštení: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjišteny položek)
Moduly: 0
(Žádné zákerné zjišteny položek)
Klíce registru: 0
(Žádné zákerné zjišteny položek)
Hodnoty registru: 0
(Žádné zákerné zjišteny položek)
Data registru: 0
(Žádné zákerné zjišteny položek)
Složky: 0
(Žádné zákerné zjišteny položek)
Soubory: 0
(Žádné zákerné zjišteny položek)
Fyzické sektory: 0
(Žádné zákerné zjišteny položek)
(end)
# AdwCleaner v4.002 - Report created 29/10/2014 at 12:12:30
# Updated 27/10/2014 by Xplode
# Database : 2014-10-26.6
# Operating System : Windows 8 Enterprise Evaluation (32 bits)
# Username : Radek - HOME
# Running from : C:\Users\Radek\Downloads\adwcleaner_4.002.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files\GreenTree Applications
Folder Found : C:\Program Files\PANDORA.TV
Folder Found : C:\ProgramData\SafetyNut
Folder Found : C:\Users\Radek\AppData\Roaming\Search Protection
Folder Found : C:\Users\Radek\AppData\Roaming\VOPackage
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : HKCU\Software\SafetyNut
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtection]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17116
-\\ Mozilla Firefox v
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [4457 octets] - [29/10/2014 12:12:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4517 octets] ##########
www.malwarebytes.org
Datum skenování: 29. 10. 2014
Cas skenování: 7:13:21
Protokol: mbam.txt
Správce: Ano
Verze: 2.00.3.1025
Databáze malwaru: v2014.10.29.03
Databáze rootkitu: v2014.10.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto
OS: Windows 8
CPU: x86
Souborový systém: NTFS
Uživatel: Radek
Typ skenu: Sken hrozeb
Výsledek: Dokonceno
Prohledaných objektu: 356660
Uplynulý cas: 26 min, 20 sek
Pamet: Zapnuto
Po spuštení: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjišteny položek)
Moduly: 0
(Žádné zákerné zjišteny položek)
Klíce registru: 0
(Žádné zákerné zjišteny položek)
Hodnoty registru: 0
(Žádné zákerné zjišteny položek)
Data registru: 0
(Žádné zákerné zjišteny položek)
Složky: 0
(Žádné zákerné zjišteny položek)
Soubory: 0
(Žádné zákerné zjišteny položek)
Fyzické sektory: 0
(Žádné zákerné zjišteny položek)
(end)
# AdwCleaner v4.002 - Report created 29/10/2014 at 12:12:30
# Updated 27/10/2014 by Xplode
# Database : 2014-10-26.6
# Operating System : Windows 8 Enterprise Evaluation (32 bits)
# Username : Radek - HOME
# Running from : C:\Users\Radek\Downloads\adwcleaner_4.002.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files\GreenTree Applications
Folder Found : C:\Program Files\PANDORA.TV
Folder Found : C:\ProgramData\SafetyNut
Folder Found : C:\Users\Radek\AppData\Roaming\Search Protection
Folder Found : C:\Users\Radek\AppData\Roaming\VOPackage
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : HKCU\Software\SafetyNut
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtection]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17116
-\\ Mozilla Firefox v
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [4457 octets] - [29/10/2014 12:12:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4517 octets] ##########
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nález v mbam a lagy
Vlož log z HJT:
viewtopic.php?f=70&t=5119
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
viewtopic.php?f=70&t=5119
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
- Ghost27
- Level 1
- Příspěvky: 52
- Registrován: listopad 13
- Bydliště: Prague
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: nález v mbam a lagy
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:38:44, on 2. 11. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17116)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhostex.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Optimizer\avasts.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Radek\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Call of Duty - Black Ops\BlackOps.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera_crashreporter.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Windows\system32\wwahost.exe
C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4396.311_x86__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Radek\Downloads\HijackThis.exe
C:\Users\Radek\Desktop\Czechboy - pc help\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Radek\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Radek\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SearchProtection] "C:\Users\Radek\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Radek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\KMPService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: Windows Virtual Network (WindowsVNT) - MicroStudio - C:\Program Files\Windows Network Accelerater\winvxm.exe
O23 - Service: Windows Optimizer (Windows_Optimizer) - MicroTools - C:\Program Files\Windows Optimizer\optimizer.exe
--
End of file - 7208 bytes
# AdwCleaner v4.002 - Report created 02/11/2014 at 10:13:30
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 8 Enterprise Evaluation (32 bits)
# Username : Radek - HOME
# Running from : C:\Users\Radek\Desktop\Czechboy - pc help\adwcleaner_4.002.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\ProgramData\SafetyNut
Folder Deleted : C:\Users\Radek\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Radek\AppData\Roaming\VOPackage
Folder Deleted : C:\Program Files\PANDORA.TV
Folder Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtection]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKCU\Software\SafetyNut
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17116
-\\ Mozilla Firefox v
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [4597 octets] - [29/10/2014 12:12:30]
AdwCleaner[R1].txt - [4795 octets] - [02/11/2014 09:39:15]
AdwCleaner[R2].txt - [4855 octets] - [02/11/2014 09:50:31]
AdwCleaner[S0].txt - [4428 octets] - [02/11/2014 10:13:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4488 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 8 Enterprise Evaluation x86
Ran by Radek on ne 02. 11. 2014 at 10:24:19,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3534537208-2187551088-1508768168-1001
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 02. 11. 2014 at 10:36:54,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan saved at 9:38:44, on 2. 11. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17116)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhostex.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Optimizer\avasts.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Radek\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Call of Duty - Black Ops\BlackOps.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera_crashreporter.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Program Files\Opera\25.0.1614.68\opera.exe
C:\Windows\system32\wwahost.exe
C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4396.311_x86__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Radek\Downloads\HijackThis.exe
C:\Users\Radek\Desktop\Czechboy - pc help\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Radek\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Radek\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SearchProtection] "C:\Users\Radek\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Radek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\KMPService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: Windows Virtual Network (WindowsVNT) - MicroStudio - C:\Program Files\Windows Network Accelerater\winvxm.exe
O23 - Service: Windows Optimizer (Windows_Optimizer) - MicroTools - C:\Program Files\Windows Optimizer\optimizer.exe
--
End of file - 7208 bytes
# AdwCleaner v4.002 - Report created 02/11/2014 at 10:13:30
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 8 Enterprise Evaluation (32 bits)
# Username : Radek - HOME
# Running from : C:\Users\Radek\Desktop\Czechboy - pc help\adwcleaner_4.002.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\ProgramData\SafetyNut
Folder Deleted : C:\Users\Radek\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Radek\AppData\Roaming\VOPackage
Folder Deleted : C:\Program Files\PANDORA.TV
Folder Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtection]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKCU\Software\SafetyNut
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17116
-\\ Mozilla Firefox v
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [4597 octets] - [29/10/2014 12:12:30]
AdwCleaner[R1].txt - [4795 octets] - [02/11/2014 09:39:15]
AdwCleaner[R2].txt - [4855 octets] - [02/11/2014 09:50:31]
AdwCleaner[S0].txt - [4428 octets] - [02/11/2014 10:13:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4488 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 8 Enterprise Evaluation x86
Ran by Radek on ne 02. 11. 2014 at 10:24:19,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3534537208-2187551088-1508768168-1001
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 02. 11. 2014 at 10:36:54,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nález v mbam a lagy
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
- Ghost27
- Level 1
- Příspěvky: 52
- Registrován: listopad 13
- Bydliště: Prague
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: nález v mbam a lagy
RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8 (6.2.9200 ) 32 bits version
Spuštěno : Normální režim
Uživatel : Radek [Práva správce]
Mód : Prohledat -- Datum : 11/02/2014 12:51:32
¤¤¤ Procesy : 2 ¤¤¤
[Suspicious.Path] s_inst.exe -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] HWMonitor.exe -- C:\Users\Radek\Desktop\Czechboy - pc help\HWMonitor.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Radek\AppData\Local\Temp\catchme.sys) -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TsUsbFlt (System32\drivers\tsusbflt.sys) -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VerifierExt (system32\drivers\VerifierExt.sys) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Radek\AppData\Local\Temp\catchme.sys) -> Nalezeno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-3534537208-2187551088-1508768168-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nalezeno
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] newSI_504.job -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe (--continue) -> Nalezeno
[Suspicious.Path] \\newSI_504 -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe (--continue) -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 142 (Driver: Nahrán) ¤¤¤
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-mrmcorer-resmanager-l1-1-0.dll - ResourceManagerQueueIsResourceReference : C:\Windows\System32\MrmCoreR.dll @ 0x6f180a5d
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-mrmcorer-resmanager-l1-1-0.dll - ResourceManagerQueueGetString : C:\Windows\System32\MrmCoreR.dll @ 0x6f17b132
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\Windows\SYSTEM32\clbcatq.dll @ 0x77a52622
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\Windows\SYSTEM32\clbcatq.dll @ 0x77a51f51
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a204
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetCallerTID : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017acb5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CLSIDFromString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017acbf
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetStdMarshalEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010425f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoEnableCallCancellation : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70109f0e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCancelCall : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017acc9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - StringFromGUID2 : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a29e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a20e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a218
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a222
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoDisableCallCancellation : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70109f18
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetApartmentType : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x701141f0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010ac23
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCreateGuid : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a289
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetCallContext : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7011346a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a26a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoRevertToSelf : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a3d1
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCopyProxy : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a260
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoMarshalInterface : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a256
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70111d45
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - PropVariantClear : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70111d3b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoUninitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a24c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoImpersonateClient : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a3c7
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoInitializeEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a242
[IAT:Addr] (explorer.exe @ InputSwitch.dll) netutils.dll - NetApiBufferFree : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70107618
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-security-lsalookup-l2-1-0.dll - LookupAccountSidW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70107648
[IAT:Addr] (explorer.exe @ InputSwitch.dll) samcli.dll - NetUserGetInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70107660
[IAT:Addr] (explorer.exe @ InputSwitch.dll) logoncli.dll - DsGetDcNameW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a2cb
[IAT:Addr] (explorer.exe @ InputSwitch.dll) USERENV.dll - CreateAppContainerProfile : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a3af
[IAT:Addr] (explorer.exe @ InputSwitch.dll) ole32.dll - CreateBindCtx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a41d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) ole32.dll - CoAllowSetForegroundWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70115389
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoActivateInstance : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a432
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoUninitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a451
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoInitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a44a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoGetActivationFactory : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a458
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDuplicateString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a487
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDeleteString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a491
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCompareStringOrdinal : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a49b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a47d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateStringReference : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a473
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsGetStringRawBuffer : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x701047c5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsIsStringEmpty : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a45f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsStringHasEmbeddedNull : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a469
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoTransformError : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4c4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoOriginateErrorW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4bd
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - GetRestrictedErrorInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4d2
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - SetRestrictedErrorInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4cb
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoOriginateError : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4a5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Read : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010424b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHCreateMemStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70104255
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Copy : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a574
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Size : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a55f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Reset : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70104c2c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHOpenRegStream2W : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a555
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHCreateStreamOnFileEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a540
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Write : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70104c22
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_QueryService : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4d9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_Set : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4f1
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_SetSite : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a50c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHCreateThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4f8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHGetThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70106c6c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHSetThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a502
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHCreateThread : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a513
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHDeleteKeyW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a594
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHRegGetValueW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a528
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHDeleteValueW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a59b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHParseDisplayName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a76c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetPropertyStoreForWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a645
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetIDListFromObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a663
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemFromIDList : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a66d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemInKnownFolder : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a682
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemFromParsingName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a68c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetNameFromIDList : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a6ab
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetKnownFolderPath : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a6c9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHChangeNotify : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a6f3
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a6fd
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateDirectoryExW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a707
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHSetLocalizedName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a711
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetFolderPathEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70112419
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateRectRgn : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010ac37
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetStockObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a796
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CombineRgn : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010ac2d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateSolidBrush : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7a0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateCompatibleDC : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7aa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SelectObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7b4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - DeleteDC : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7be
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetObjectW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7c8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - StretchBlt : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7d2
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetDIBits : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7dc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - BitBlt : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7e6
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateDIBSection : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70111d86
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SetStretchBltMode : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7f0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SetDIBitsToDevice : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7fa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - StretchDIBits : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a804
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFCORE.dll - MFCreateTopologyNode : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a80e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFCORE.dll - MFCreateMediaSession : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a826
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateMediaType : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a861
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFStartup : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a82d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFShutdown : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a845
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateMFByteStreamOnStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a84c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateSourceResolver : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a853
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateAttributes : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a85a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFTranscode.dll - MFCreateTranscodeProfile : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a868
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFTranscode.dll - MFCreateTranscodeTopologyFromByteStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a880
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaLookupId : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70113474
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaClientsAreListening : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x701141fa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaRaiseAutomationEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70109f22
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaHostProviderFromHwnd : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70105170
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaRaiseStructureChangedEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a887
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaReturnRawElementProvider : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010517a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PSCreateMemoryPropertyStore : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8c5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - InitVariantFromInt32Array : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a891
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PropVariantToStringAlloc : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8b0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PropVariantToUInt32 : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8b7
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PSPropertyBag_WriteDWORD : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8be
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UxTheme.dll - IsCompositionActive : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010fe9f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UxTheme.dll - GetCurrentThemeName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8cc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetStyle : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017acde
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetHardwareDeviceUsage : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010f3fc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetFlags : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010bcb8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetBufferInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017ace8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetTransitionVisualProperties : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010f411
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetWindowResizeFlag : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010e0fc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InvalidateGadget : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8d6
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InvalidateLayeredDescendants : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8e0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - DeleteHandle : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8fe
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - DUserPostEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8f4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InitGadgets : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8ea
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - AddLayeredRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010bcae
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmUnregisterThumbnail : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a93a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmUpdateThumbnailProperties : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a94e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmGetWindowAttribute : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a930
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmFlush : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a926
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmTransitionOwnedWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a912
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmRegisterThumbnail : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a944
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmSetWindowAttribute : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a908
[IAT:Addr] (explorer.exe @ InputSwitch.dll) NTDSAPI.dll - DsBindW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017ac44
[IAT:Addr] (explorer.exe @ InputSwitch.dll) Bcp47Langs.dll - GetApplicationLayoutDirection : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010c7a7
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] nahd6ha2.default : user_pref("browser.startup.homepage", "http://www.yandex.ru/?win=135&clid=1989595"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++
--- User ---
[MBR] 5f1aa31adacdb11782dba491e9b257e7
[BSP] ec6a8d6f773b4c9ee06ddc615d818d5c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 488376000 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8 (6.2.9200 ) 32 bits version
Spuštěno : Normální režim
Uživatel : Radek [Práva správce]
Mód : Prohledat -- Datum : 11/02/2014 12:51:32
¤¤¤ Procesy : 2 ¤¤¤
[Suspicious.Path] s_inst.exe -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] HWMonitor.exe -- C:\Users\Radek\Desktop\Czechboy - pc help\HWMonitor.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Radek\AppData\Local\Temp\catchme.sys) -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TsUsbFlt (System32\drivers\tsusbflt.sys) -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VerifierExt (system32\drivers\VerifierExt.sys) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Radek\AppData\Local\Temp\catchme.sys) -> Nalezeno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-3534537208-2187551088-1508768168-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nalezeno
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] newSI_504.job -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe (--continue) -> Nalezeno
[Suspicious.Path] \\newSI_504 -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe (--continue) -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 142 (Driver: Nahrán) ¤¤¤
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-mrmcorer-resmanager-l1-1-0.dll - ResourceManagerQueueIsResourceReference : C:\Windows\System32\MrmCoreR.dll @ 0x6f180a5d
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-mrmcorer-resmanager-l1-1-0.dll - ResourceManagerQueueGetString : C:\Windows\System32\MrmCoreR.dll @ 0x6f17b132
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\Windows\SYSTEM32\clbcatq.dll @ 0x77a52622
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\Windows\SYSTEM32\clbcatq.dll @ 0x77a51f51
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a204
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetCallerTID : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017acb5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CLSIDFromString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017acbf
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetStdMarshalEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010425f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoEnableCallCancellation : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70109f0e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCancelCall : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017acc9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - StringFromGUID2 : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a29e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a20e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a218
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a222
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoDisableCallCancellation : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70109f18
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetApartmentType : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x701141f0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010ac23
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCreateGuid : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a289
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetCallContext : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7011346a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a26a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoRevertToSelf : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a3d1
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCopyProxy : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a260
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoMarshalInterface : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a256
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70111d45
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - PropVariantClear : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70111d3b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoUninitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a24c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoImpersonateClient : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a3c7
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoInitializeEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a242
[IAT:Addr] (explorer.exe @ InputSwitch.dll) netutils.dll - NetApiBufferFree : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70107618
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-security-lsalookup-l2-1-0.dll - LookupAccountSidW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70107648
[IAT:Addr] (explorer.exe @ InputSwitch.dll) samcli.dll - NetUserGetInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70107660
[IAT:Addr] (explorer.exe @ InputSwitch.dll) logoncli.dll - DsGetDcNameW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a2cb
[IAT:Addr] (explorer.exe @ InputSwitch.dll) USERENV.dll - CreateAppContainerProfile : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a3af
[IAT:Addr] (explorer.exe @ InputSwitch.dll) ole32.dll - CreateBindCtx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a41d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) ole32.dll - CoAllowSetForegroundWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70115389
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoActivateInstance : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a432
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoUninitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a451
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoInitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a44a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoGetActivationFactory : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a458
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDuplicateString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a487
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDeleteString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a491
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCompareStringOrdinal : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a49b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a47d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateStringReference : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a473
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsGetStringRawBuffer : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x701047c5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsIsStringEmpty : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a45f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsStringHasEmbeddedNull : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a469
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoTransformError : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4c4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoOriginateErrorW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4bd
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - GetRestrictedErrorInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4d2
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - SetRestrictedErrorInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4cb
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoOriginateError : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4a5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Read : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010424b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHCreateMemStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70104255
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Copy : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a574
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Size : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a55f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Reset : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70104c2c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHOpenRegStream2W : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a555
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHCreateStreamOnFileEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a540
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Write : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70104c22
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_QueryService : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4d9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_Set : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4f1
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_SetSite : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a50c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHCreateThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a4f8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHGetThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70106c6c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHSetThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a502
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHCreateThread : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a513
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHDeleteKeyW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a594
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHRegGetValueW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a528
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHDeleteValueW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a59b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHParseDisplayName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a76c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetPropertyStoreForWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a645
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetIDListFromObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a663
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemFromIDList : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a66d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemInKnownFolder : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a682
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemFromParsingName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a68c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetNameFromIDList : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a6ab
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetKnownFolderPath : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a6c9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHChangeNotify : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a6f3
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a6fd
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateDirectoryExW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a707
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHSetLocalizedName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a711
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetFolderPathEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70112419
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateRectRgn : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010ac37
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetStockObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a796
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CombineRgn : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010ac2d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateSolidBrush : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7a0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateCompatibleDC : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7aa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SelectObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7b4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - DeleteDC : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7be
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetObjectW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7c8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - StretchBlt : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7d2
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetDIBits : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7dc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - BitBlt : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7e6
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateDIBSection : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70111d86
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SetStretchBltMode : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7f0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SetDIBitsToDevice : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a7fa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - StretchDIBits : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a804
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFCORE.dll - MFCreateTopologyNode : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a80e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFCORE.dll - MFCreateMediaSession : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a826
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateMediaType : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a861
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFStartup : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a82d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFShutdown : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a845
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateMFByteStreamOnStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a84c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateSourceResolver : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a853
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateAttributes : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a85a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFTranscode.dll - MFCreateTranscodeProfile : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a868
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFTranscode.dll - MFCreateTranscodeTopologyFromByteStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a880
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaLookupId : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70113474
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaClientsAreListening : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x701141fa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaRaiseAutomationEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70109f22
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaHostProviderFromHwnd : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x70105170
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaRaiseStructureChangedEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a887
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaReturnRawElementProvider : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010517a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PSCreateMemoryPropertyStore : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8c5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - InitVariantFromInt32Array : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a891
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PropVariantToStringAlloc : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8b0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PropVariantToUInt32 : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8b7
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PSPropertyBag_WriteDWORD : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8be
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UxTheme.dll - IsCompositionActive : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010fe9f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UxTheme.dll - GetCurrentThemeName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8cc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetStyle : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017acde
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetHardwareDeviceUsage : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010f3fc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetFlags : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010bcb8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetBufferInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017ace8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetTransitionVisualProperties : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010f411
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetWindowResizeFlag : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010e0fc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InvalidateGadget : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8d6
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InvalidateLayeredDescendants : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8e0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - DeleteHandle : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8fe
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - DUserPostEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8f4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InitGadgets : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a8ea
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - AddLayeredRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010bcae
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmUnregisterThumbnail : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a93a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmUpdateThumbnailProperties : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a94e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmGetWindowAttribute : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a930
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmFlush : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a926
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmTransitionOwnedWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a912
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmRegisterThumbnail : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a944
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmSetWindowAttribute : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017a908
[IAT:Addr] (explorer.exe @ InputSwitch.dll) NTDSAPI.dll - DsBindW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7017ac44
[IAT:Addr] (explorer.exe @ InputSwitch.dll) Bcp47Langs.dll - GetApplicationLayoutDirection : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x7010c7a7
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] nahd6ha2.default : user_pref("browser.startup.homepage", "http://www.yandex.ru/?win=135&clid=1989595"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++
--- User ---
[MBR] 5f1aa31adacdb11782dba491e9b257e7
[BSP] ec6a8d6f773b4c9ee06ddc615d818d5c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 488376000 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: nález v mbam a lagy
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
====================================================
Stáhni
Zoek.exe
a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.
Do okna programu vlož skript níže:
Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
rogram nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
====================================================
Stáhni
Zoek.exe
a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
rogram nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.

Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
- Ghost27
- Level 1
- Příspěvky: 52
- Registrován: listopad 13
- Bydliště: Prague
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: nález v mbam a lagy
RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8 (6.2.9200 ) 32 bits version
Spuštěno : Normální režim
Uživatel : Radek [Práva správce]
Mód : Smazat -- Datum : 11/08/2014 08:24:13
¤¤¤ Procesy : 3 ¤¤¤
[Suspicious.Path] GameRanger.exe -- C:\Users\Radek\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] samp.exe -- C:\Users\Radek\Desktop\GTA-San-Andreas\GTA San Andreas\samp.exe[-] -> Zastaveno [TermProc]
[Suspicious.Path] HWMonitor.exe -- C:\Users\Radek\Desktop\Czechboy - pc help\HWMonitor.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> Smazáno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TsUsbFlt -> Smazáno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub -> Smazáno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VerifierExt -> Smazáno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> Smazáno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3534537208-2187551088-1508768168-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] newSI_504.job -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe (--continue) -> Smazáno
[Suspicious.Path] \\newSI_504 -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe (--continue) -> Smazáno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 171 (Driver: Nahrán) ¤¤¤
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-mrmcorer-resmanager-l1-1-0.dll - ResourceManagerQueueIsResourceReference : C:\Windows\System32\MrmCoreR.dll @ 0x6e940a5d
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-mrmcorer-resmanager-l1-1-0.dll - ResourceManagerQueueGetString : C:\Windows\System32\MrmCoreR.dll @ 0x6e93b132
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\Windows\SYSTEM32\clbcatq.dll @ 0x777f2622
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\Windows\SYSTEM32\clbcatq.dll @ 0x777f1f51
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a204
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetCallerTID : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80acb5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CLSIDFromString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80acbf
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetStdMarshalEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79425f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoEnableCallCancellation : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e799f0e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCancelCall : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80acc9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - StringFromGUID2 : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a29e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a20e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a218
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a222
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoDisableCallCancellation : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e799f18
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetApartmentType : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a41f0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79ac23
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCreateGuid : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a289
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetCallContext : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a346a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a26a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoRevertToSelf : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a3d1
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCopyProxy : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a260
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoMarshalInterface : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a256
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a1d45
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - PropVariantClear : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a1d3b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoUninitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a24c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoImpersonateClient : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a3c7
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoInitializeEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a242
[IAT:Addr] (explorer.exe @ InputSwitch.dll) netutils.dll - NetApiBufferFree : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e797618
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-security-lsalookup-l2-1-0.dll - LookupAccountSidW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e797648
[IAT:Addr] (explorer.exe @ InputSwitch.dll) samcli.dll - NetUserGetInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e797660
[IAT:Addr] (explorer.exe @ InputSwitch.dll) logoncli.dll - DsGetDcNameW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a2cb
[IAT:Addr] (explorer.exe @ InputSwitch.dll) USERENV.dll - CreateAppContainerProfile : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a3af
[IAT:Addr] (explorer.exe @ InputSwitch.dll) ole32.dll - CreateBindCtx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a41d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) ole32.dll - CoAllowSetForegroundWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a5389
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoActivateInstance : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a432
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoUninitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a451
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoInitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a44a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoGetActivationFactory : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a458
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDuplicateString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a487
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDeleteString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a491
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCompareStringOrdinal : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a49b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a47d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateStringReference : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a473
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsGetStringRawBuffer : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7947c5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsIsStringEmpty : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a45f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsStringHasEmbeddedNull : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a469
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoTransformError : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4c4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoOriginateErrorW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4bd
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - GetRestrictedErrorInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4d2
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - SetRestrictedErrorInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4cb
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoOriginateError : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4a5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Read : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79424b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHCreateMemStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e794255
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Copy : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a574
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Size : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a55f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Reset : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e794c2c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHOpenRegStream2W : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a555
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHCreateStreamOnFileEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a540
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Write : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e794c22
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_QueryService : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4d9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_Set : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4f1
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_SetSite : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a50c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHCreateThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4f8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHGetThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e796c6c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHSetThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a502
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHCreateThread : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a513
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHDeleteKeyW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a594
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHRegGetValueW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a528
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHDeleteValueW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a59b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHParseDisplayName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a76c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetPropertyStoreForWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a645
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetIDListFromObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a663
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemFromIDList : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a66d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemInKnownFolder : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a682
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemFromParsingName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a68c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetNameFromIDList : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a6ab
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetKnownFolderPath : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a6c9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHChangeNotify : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a6f3
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a6fd
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateDirectoryExW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a707
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHSetLocalizedName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a711
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetFolderPathEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a2419
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateRectRgn : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79ac37
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetStockObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a796
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CombineRgn : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79ac2d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateSolidBrush : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7a0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateCompatibleDC : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7aa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SelectObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7b4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - DeleteDC : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7be
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetObjectW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7c8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - StretchBlt : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7d2
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetDIBits : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7dc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - BitBlt : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7e6
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateDIBSection : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a1d86
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SetStretchBltMode : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7f0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SetDIBitsToDevice : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7fa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - StretchDIBits : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a804
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFCORE.dll - MFCreateTopologyNode : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a80e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFCORE.dll - MFCreateMediaSession : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a826
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateMediaType : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a861
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFStartup : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a82d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFShutdown : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a845
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateMFByteStreamOnStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a84c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateSourceResolver : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a853
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateAttributes : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a85a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFTranscode.dll - MFCreateTranscodeProfile : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a868
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFTranscode.dll - MFCreateTranscodeTopologyFromByteStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a880
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaLookupId : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a3474
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaClientsAreListening : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a41fa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaRaiseAutomationEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e799f22
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaHostProviderFromHwnd : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e795170
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaRaiseStructureChangedEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a887
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaReturnRawElementProvider : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79517a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PSCreateMemoryPropertyStore : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8c5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - InitVariantFromInt32Array : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a891
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PropVariantToStringAlloc : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8b0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PropVariantToUInt32 : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8b7
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PSPropertyBag_WriteDWORD : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8be
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UxTheme.dll - IsCompositionActive : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79fe9f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UxTheme.dll - GetCurrentThemeName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8cc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetStyle : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80acde
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetHardwareDeviceUsage : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79f3fc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetFlags : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79bcb8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetBufferInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80ace8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetTransitionVisualProperties : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79f411
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetWindowResizeFlag : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79e0fc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InvalidateGadget : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8d6
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InvalidateLayeredDescendants : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8e0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - DeleteHandle : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8fe
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - DUserPostEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8f4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InitGadgets : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8ea
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - AddLayeredRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79bcae
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmUnregisterThumbnail : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a93a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmUpdateThumbnailProperties : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a94e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmGetWindowAttribute : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a930
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmFlush : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a926
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmTransitionOwnedWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a912
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmRegisterThumbnail : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a944
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmSetWindowAttribute : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a908
[IAT:Addr] (explorer.exe @ InputSwitch.dll) NTDSAPI.dll - DsBindW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80ac44
[IAT:Addr] (explorer.exe @ InputSwitch.dll) Bcp47Langs.dll - GetApplicationLayoutDirection : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79c7a7
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanDisconnect : C:\Windows\System32\pnidui.dll @ 0x673b2eb4
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanCloseHandle : C:\Windows\System32\pnidui.dll @ 0x673b2ebe
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanQueryInterface : C:\Windows\System32\pnidui.dll @ 0x673b2ec8
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanFreeMemory : C:\Windows\System32\pnidui.dll @ 0x673b2ed2
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanOpenHandle : C:\Windows\System32\pnidui.dll @ 0x673b2eaa
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) WININET.dll - InternetCrackUrlW : C:\Windows\System32\pnidui.dll @ 0x673b2f1a
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiEnumDeviceInfo : C:\Windows\System32\pnidui.dll @ 0x673b2f51
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiOpenDeviceInterfaceW : C:\Windows\System32\pnidui.dll @ 0x673b2f4a
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiDestroyDeviceInfoList : C:\Windows\System32\pnidui.dll @ 0x673b2f5f
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiOpenDevRegKey : C:\Windows\System32\pnidui.dll @ 0x673b2f58
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiCreateDeviceInfoList : C:\Windows\System32\pnidui.dll @ 0x673b2f32
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptCreateHash : C:\Windows\System32\pnidui.dll @ 0x673b2faa
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptGetProperty : C:\Windows\System32\pnidui.dll @ 0x673b2fb1
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptFinishHash : C:\Windows\System32\pnidui.dll @ 0x673b2f9c
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptDestroyHash : C:\Windows\System32\pnidui.dll @ 0x673b2f8e
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptOpenAlgorithmProvider : C:\Windows\System32\pnidui.dll @ 0x673b2f76
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptCloseAlgorithmProvider : C:\Windows\System32\pnidui.dll @ 0x673b2fa3
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptHashData : C:\Windows\System32\pnidui.dll @ 0x673b2f95
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) CRYPT32.dll - CryptProtectData : C:\Windows\System32\pnidui.dll @ 0x673b2fd0
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) CRYPT32.dll - CryptUnprotectData : C:\Windows\System32\pnidui.dll @ 0x673b2fb8
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) api-ms-win-shcore-obsolete-l1-1-0.dll - SHStrDupW : C:\Windows\System32\pnidui.dll @ 0x673b2fe2
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_QueryService : C:\Windows\System32\pnidui.dll @ 0x673b3012
[IAT:Addr] (explorer.exe @ wer.dll) ADVAPI32.dll - GetUserNameW : C:\Windows\System32\hgcpl.dll @ 0x677f0049
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - StrToID : C:\Windows\System32\hgcpl.dll @ 0x677f1e7f
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - InitProcessPriv : C:\Windows\System32\hgcpl.dll @ 0x677f2529
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - UnInitProcessPriv : C:\Windows\System32\hgcpl.dll @ 0x677f253e
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - InitThread : C:\Windows\System32\hgcpl.dll @ 0x677f2553
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - UnInitThread : C:\Windows\System32\hgcpl.dll @ 0x677f2568
[IAT:Addr] (explorer.exe @ wer.dll) WindowsCodecs.dll - WICCreateImagingFactory_Proxy : C:\Windows\System32\hgcpl.dll @ 0x677f2624
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] nahd6ha2.default : user_pref("browser.startup.homepage", "http://www.yandex.ru/?win=135&clid=1989595"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++
--- User ---
[MBR] 5f1aa31adacdb11782dba491e9b257e7
[BSP] ec6a8d6f773b4c9ee06ddc615d818d5c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 488376000 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: UFD 2.0 Silicon-Power16G USB Device +++++
--- User ---
[MBR] 0c6804d4dcffb9d6eac7af922637c4f0
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 112 | Size: 15334 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
============================================
RKreport_SCN_11022014_125132.log - RKreport_SCN_11082014_081613.log
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8 (6.2.9200 ) 32 bits version
Spuštěno : Normální režim
Uživatel : Radek [Práva správce]
Mód : Smazat -- Datum : 11/08/2014 08:24:13
¤¤¤ Procesy : 3 ¤¤¤
[Suspicious.Path] GameRanger.exe -- C:\Users\Radek\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] samp.exe -- C:\Users\Radek\Desktop\GTA-San-Andreas\GTA San Andreas\samp.exe[-] -> Zastaveno [TermProc]
[Suspicious.Path] HWMonitor.exe -- C:\Users\Radek\Desktop\Czechboy - pc help\HWMonitor.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> Smazáno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TsUsbFlt -> Smazáno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub -> Smazáno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VerifierExt -> Smazáno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> Smazáno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3534537208-2187551088-1508768168-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] newSI_504.job -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe (--continue) -> Smazáno
[Suspicious.Path] \\newSI_504 -- C:\Users\Radek\AppData\Roaming\newSI_504\s_inst.exe (--continue) -> Smazáno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 171 (Driver: Nahrán) ¤¤¤
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-mrmcorer-resmanager-l1-1-0.dll - ResourceManagerQueueIsResourceReference : C:\Windows\System32\MrmCoreR.dll @ 0x6e940a5d
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-mrmcorer-resmanager-l1-1-0.dll - ResourceManagerQueueGetString : C:\Windows\System32\MrmCoreR.dll @ 0x6e93b132
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\Windows\SYSTEM32\clbcatq.dll @ 0x777f2622
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\Windows\SYSTEM32\clbcatq.dll @ 0x777f1f51
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a204
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetCallerTID : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80acb5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CLSIDFromString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80acbf
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetStdMarshalEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79425f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoEnableCallCancellation : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e799f0e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCancelCall : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80acc9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - StringFromGUID2 : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a29e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a20e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a218
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a222
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoDisableCallCancellation : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e799f18
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetApartmentType : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a41f0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79ac23
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCreateGuid : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a289
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoGetCallContext : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a346a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a26a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoRevertToSelf : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a3d1
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoCopyProxy : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a260
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoMarshalInterface : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a256
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a1d45
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - PropVariantClear : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a1d3b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoUninitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a24c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoImpersonateClient : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a3c7
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-com-l1-1-0.dll - CoInitializeEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a242
[IAT:Addr] (explorer.exe @ InputSwitch.dll) netutils.dll - NetApiBufferFree : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e797618
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-security-lsalookup-l2-1-0.dll - LookupAccountSidW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e797648
[IAT:Addr] (explorer.exe @ InputSwitch.dll) samcli.dll - NetUserGetInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e797660
[IAT:Addr] (explorer.exe @ InputSwitch.dll) logoncli.dll - DsGetDcNameW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a2cb
[IAT:Addr] (explorer.exe @ InputSwitch.dll) USERENV.dll - CreateAppContainerProfile : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a3af
[IAT:Addr] (explorer.exe @ InputSwitch.dll) ole32.dll - CreateBindCtx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a41d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) ole32.dll - CoAllowSetForegroundWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a5389
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoActivateInstance : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a432
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoUninitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a451
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoInitialize : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a44a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-l1-1-0.dll - RoGetActivationFactory : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a458
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDuplicateString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a487
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDeleteString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a491
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCompareStringOrdinal : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a49b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateString : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a47d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateStringReference : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a473
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsGetStringRawBuffer : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7947c5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsIsStringEmpty : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a45f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsStringHasEmbeddedNull : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a469
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoTransformError : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4c4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoOriginateErrorW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4bd
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - GetRestrictedErrorInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4d2
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - SetRestrictedErrorInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4cb
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-core-winrt-error-l1-1-0.dll - RoOriginateError : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4a5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Read : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79424b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHCreateMemStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e794255
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Copy : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a574
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Size : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a55f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Reset : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e794c2c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHOpenRegStream2W : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a555
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - SHCreateStreamOnFileEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a540
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-stream-l1-1-0.dll - IStream_Write : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e794c22
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_QueryService : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4d9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_Set : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4f1
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_SetSite : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a50c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHCreateThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a4f8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHGetThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e796c6c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHSetThreadRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a502
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-thread-l1-1-0.dll - SHCreateThread : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a513
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHDeleteKeyW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a594
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHRegGetValueW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a528
[IAT:Addr] (explorer.exe @ InputSwitch.dll) api-ms-win-shcore-registry-l1-1-0.dll - SHDeleteValueW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a59b
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHParseDisplayName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a76c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetPropertyStoreForWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a645
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetIDListFromObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a663
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemFromIDList : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a66d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemInKnownFolder : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a682
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateItemFromParsingName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a68c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetNameFromIDList : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a6ab
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetKnownFolderPath : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a6c9
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHChangeNotify : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a6f3
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a6fd
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHCreateDirectoryExW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a707
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHSetLocalizedName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a711
[IAT:Addr] (explorer.exe @ InputSwitch.dll) SHELL32.dll - SHGetFolderPathEx : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a2419
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateRectRgn : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79ac37
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetStockObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a796
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CombineRgn : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79ac2d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateSolidBrush : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7a0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateCompatibleDC : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7aa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SelectObject : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7b4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - DeleteDC : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7be
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetObjectW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7c8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - StretchBlt : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7d2
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - GetDIBits : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7dc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - BitBlt : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7e6
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - CreateDIBSection : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a1d86
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SetStretchBltMode : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7f0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - SetDIBitsToDevice : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a7fa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) GDI32.dll - StretchDIBits : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a804
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFCORE.dll - MFCreateTopologyNode : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a80e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFCORE.dll - MFCreateMediaSession : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a826
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateMediaType : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a861
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFStartup : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a82d
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFShutdown : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a845
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateMFByteStreamOnStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a84c
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateSourceResolver : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a853
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFPlat.DLL - MFCreateAttributes : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a85a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFTranscode.dll - MFCreateTranscodeProfile : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a868
[IAT:Addr] (explorer.exe @ InputSwitch.dll) MFTranscode.dll - MFCreateTranscodeTopologyFromByteStream : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a880
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaLookupId : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a3474
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaClientsAreListening : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e7a41fa
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaRaiseAutomationEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e799f22
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaHostProviderFromHwnd : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e795170
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaRaiseStructureChangedEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a887
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UIAutomationCore.DLL - UiaReturnRawElementProvider : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79517a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PSCreateMemoryPropertyStore : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8c5
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - InitVariantFromInt32Array : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a891
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PropVariantToStringAlloc : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8b0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PropVariantToUInt32 : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8b7
[IAT:Addr] (explorer.exe @ InputSwitch.dll) PROPSYS.dll - PSPropertyBag_WriteDWORD : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8be
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UxTheme.dll - IsCompositionActive : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79fe9f
[IAT:Addr] (explorer.exe @ InputSwitch.dll) UxTheme.dll - GetCurrentThemeName : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8cc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetStyle : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80acde
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetHardwareDeviceUsage : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79f3fc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetFlags : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79bcb8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetGadgetBufferInfo : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80ace8
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetTransitionVisualProperties : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79f411
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - SetWindowResizeFlag : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79e0fc
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InvalidateGadget : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8d6
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InvalidateLayeredDescendants : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8e0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - DeleteHandle : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8fe
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - DUserPostEvent : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8f4
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - InitGadgets : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a8ea
[IAT:Addr] (explorer.exe @ InputSwitch.dll) DUser.dll - AddLayeredRef : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79bcae
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmUnregisterThumbnail : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a93a
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmUpdateThumbnailProperties : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a94e
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmGetWindowAttribute : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a930
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmFlush : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a926
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmTransitionOwnedWindow : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a912
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmRegisterThumbnail : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a944
[IAT:Addr] (explorer.exe @ InputSwitch.dll) dwmapi.dll - DwmSetWindowAttribute : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80a908
[IAT:Addr] (explorer.exe @ InputSwitch.dll) NTDSAPI.dll - DsBindW : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e80ac44
[IAT:Addr] (explorer.exe @ InputSwitch.dll) Bcp47Langs.dll - GetApplicationLayoutDirection : C:\Windows\System32\Windows.UI.Immersive.dll @ 0x6e79c7a7
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanDisconnect : C:\Windows\System32\pnidui.dll @ 0x673b2eb4
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanCloseHandle : C:\Windows\System32\pnidui.dll @ 0x673b2ebe
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanQueryInterface : C:\Windows\System32\pnidui.dll @ 0x673b2ec8
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanFreeMemory : C:\Windows\System32\pnidui.dll @ 0x673b2ed2
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) wlanapi.dll - WlanOpenHandle : C:\Windows\System32\pnidui.dll @ 0x673b2eaa
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) WININET.dll - InternetCrackUrlW : C:\Windows\System32\pnidui.dll @ 0x673b2f1a
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiEnumDeviceInfo : C:\Windows\System32\pnidui.dll @ 0x673b2f51
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiOpenDeviceInterfaceW : C:\Windows\System32\pnidui.dll @ 0x673b2f4a
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiDestroyDeviceInfoList : C:\Windows\System32\pnidui.dll @ 0x673b2f5f
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiOpenDevRegKey : C:\Windows\System32\pnidui.dll @ 0x673b2f58
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) SETUPAPI.dll - SetupDiCreateDeviceInfoList : C:\Windows\System32\pnidui.dll @ 0x673b2f32
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptCreateHash : C:\Windows\System32\pnidui.dll @ 0x673b2faa
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptGetProperty : C:\Windows\System32\pnidui.dll @ 0x673b2fb1
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptFinishHash : C:\Windows\System32\pnidui.dll @ 0x673b2f9c
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptDestroyHash : C:\Windows\System32\pnidui.dll @ 0x673b2f8e
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptOpenAlgorithmProvider : C:\Windows\System32\pnidui.dll @ 0x673b2f76
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptCloseAlgorithmProvider : C:\Windows\System32\pnidui.dll @ 0x673b2fa3
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) bcrypt.dll - BCryptHashData : C:\Windows\System32\pnidui.dll @ 0x673b2f95
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) CRYPT32.dll - CryptProtectData : C:\Windows\System32\pnidui.dll @ 0x673b2fd0
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) CRYPT32.dll - CryptUnprotectData : C:\Windows\System32\pnidui.dll @ 0x673b2fb8
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) api-ms-win-shcore-obsolete-l1-1-0.dll - SHStrDupW : C:\Windows\System32\pnidui.dll @ 0x673b2fe2
[IAT:Addr] (explorer.exe @ Windows.Networking.Sockets.PushEnabledApplication.dll) api-ms-win-shcore-comhelpers-l1-1-0.dll - IUnknown_QueryService : C:\Windows\System32\pnidui.dll @ 0x673b3012
[IAT:Addr] (explorer.exe @ wer.dll) ADVAPI32.dll - GetUserNameW : C:\Windows\System32\hgcpl.dll @ 0x677f0049
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - StrToID : C:\Windows\System32\hgcpl.dll @ 0x677f1e7f
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - InitProcessPriv : C:\Windows\System32\hgcpl.dll @ 0x677f2529
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - UnInitProcessPriv : C:\Windows\System32\hgcpl.dll @ 0x677f253e
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - InitThread : C:\Windows\System32\hgcpl.dll @ 0x677f2553
[IAT:Addr] (explorer.exe @ wer.dll) DUI70.dll - UnInitThread : C:\Windows\System32\hgcpl.dll @ 0x677f2568
[IAT:Addr] (explorer.exe @ wer.dll) WindowsCodecs.dll - WICCreateImagingFactory_Proxy : C:\Windows\System32\hgcpl.dll @ 0x677f2624
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] nahd6ha2.default : user_pref("browser.startup.homepage", "http://www.yandex.ru/?win=135&clid=1989595"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++
--- User ---
[MBR] 5f1aa31adacdb11782dba491e9b257e7
[BSP] ec6a8d6f773b4c9ee06ddc615d818d5c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 488376000 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: UFD 2.0 Silicon-Power16G USB Device +++++
--- User ---
[MBR] 0c6804d4dcffb9d6eac7af922637c4f0
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 112 | Size: 15334 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
============================================
RKreport_SCN_11022014_125132.log - RKreport_SCN_11082014_081613.log
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nález v mbam a lagy
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 34 hostů