Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:39:47, on 30.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Asc.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2790392
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit1.dll
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0004352 - {11111111-1111-1111-1111-110011431152} - C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit1.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~3\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit1.dll
O3 - Toolbar: (no name) - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "c:\program files (x86)\skype\phone\skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files (x86)\GameTracker\GSInGameService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 12054 bytes
Prosím o kontrolu logu
-
SpellboundCaves
- nováček
- Příspěvky: 13
- Registrován: říjen 12
- Pohlaví:
- Stav:
Offline
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Odinstaluj BitTorrent Bar
v logu fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2790392
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit1.dll
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0004352 - {11111111-1111-1111-1111-110011431152} - C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit1.dll
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit1.dll
O3 - Toolbar: (no name) - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
v logu fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2790392
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit1.dll
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0004352 - {11111111-1111-1111-1111-110011431152} - C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit1.dll
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit1.dll
O3 - Toolbar: (no name) - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
SpellboundCaves
- nováček
- Příspěvky: 13
- Registrován: říjen 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org
Verze databáze: v2012.11.04.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uživatel :: GAME-PC [administrátor]
Ochrana: Povolena
4.11.2012 14:23:16
mbam-log-2012-11-04 (14-27-22).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 258994
Uplynulý čas: 3 minut, 39 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponDropDown (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4352 (PUP.CrossFire.SA) -> Data: CouponDropDown -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 2
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
Nalezené soubory: 13
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Žádná instrukce nebyla provedena.
C:\Users\Uživatel\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.ini (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\ButtonUtil.dll (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown-bg.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.ico (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDownInstaller.log (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\Uninstall.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
(konec)
www.malwarebytes.org
Verze databáze: v2012.11.04.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uživatel :: GAME-PC [administrátor]
Ochrana: Povolena
4.11.2012 14:23:16
mbam-log-2012-11-04 (14-27-22).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 258994
Uplynulý čas: 3 minut, 39 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponDropDown (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4352 (PUP.CrossFire.SA) -> Data: CouponDropDown -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 2
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
Nalezené soubory: 13
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Žádná instrukce nebyla provedena.
C:\Users\Uživatel\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.ini (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\ButtonUtil.dll (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown-bg.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.ico (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDownInstaller.log (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\Uninstall.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
(konec)
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
- Takže spus znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Stáhni si TDSSKiller
Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Stáhni si TDSSKiller
Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
SpellboundCaves
- nováček
- Příspěvky: 13
- Registrován: říjen 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org
Verze databáze: v2012.11.04.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uživatel :: GAME-PC [administrátor]
Ochrana: Povolena
4.11.2012 15:02:22
mbam-log-2012-11-04 (15-03-23).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 258953
Uplynulý čas: 49 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponDropDown (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4352 (PUP.CrossFire.SA) -> Data: CouponDropDown -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 2
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
Nalezené soubory: 13
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Žádná instrukce nebyla provedena.
C:\Users\Uživatel\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.ini (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\ButtonUtil.dll (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown-bg.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.ico (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDownInstaller.log (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\Uninstall.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
(konec)
www.malwarebytes.org
Verze databáze: v2012.11.04.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uživatel :: GAME-PC [administrátor]
Ochrana: Povolena
4.11.2012 15:02:22
mbam-log-2012-11-04 (15-03-23).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 258953
Uplynulý čas: 49 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponDropDown (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4352 (PUP.CrossFire.SA) -> Data: CouponDropDown -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 2
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
Nalezené soubory: 13
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Žádná instrukce nebyla provedena.
C:\Users\Uživatel\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.ini (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\ButtonUtil.dll (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown-bg.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDown.ico (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\CouponDropDownInstaller.log (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\CouponDropDown\Uninstall.exe (PUP.CrossRider.CDD) -> Žádná instrukce nebyla provedena.
(konec)
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Nic jsi nesmazal
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
SpellboundCaves
- nováček
- Příspěvky: 13
- Registrován: říjen 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Nic tam už nemám! Úplně čisté
-
SpellboundCaves
- nováček
- Příspěvky: 13
- Registrován: říjen 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
ComboFix 12-11-04.01 - Uživatel 04.11.2012 16:29:27.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.9213.6993 [GMT 1:00]
Spuštěný z: c:\users\U×ivatel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Uživatel\CFSetup291.exe
c:\windows\PFRO.log
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-04 do 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-11-04 15:34 . 2012-11-04 15:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-04 13:21 . 2012-11-04 13:21 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Malwarebytes
2012-11-04 13:21 . 2012-11-04 13:21 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 13:21 . 2012-11-04 13:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 13:21 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-03 20:06 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA09C3C6-34AC-4717-A183-00693FCE8474}\mpengine.dll
2012-11-02 19:22 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-30 18:39 . 2012-10-30 18:39 388096 ----a-r- c:\users\Uživatel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-30 18:39 . 2012-10-30 18:39 -------- d-----w- c:\program files (x86)\Trend Micro
2012-10-30 16:43 . 2012-11-04 14:18 -------- d-----w- c:\program files (x86)\Steam
2012-10-28 09:47 . 2012-10-28 09:47 -------- d-----w- c:\program files (x86)\Dokan
2012-10-26 16:21 . 2012-10-26 16:21 -------- d-----w- c:\program files (x86)\Red Sky
2012-10-26 09:50 . 2012-10-26 09:51 -------- d-----w- c:\users\Uživatel\AppData\Local\ArmA 2
2012-10-26 09:20 . 2012-10-26 09:20 -------- d-----w- c:\users\Uživatel\AppData\Local\DayZCommander
2012-10-26 09:20 . 2012-10-26 09:20 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2012-10-26 07:12 . 2012-10-26 09:11 -------- d-----w- c:\program files (x86)\ArmA 2
2012-10-25 11:21 . 2012-10-25 11:21 -------- d-----w- c:\users\Uživatel\IPChanger_3_0_15
2012-10-24 19:53 . 2012-10-24 19:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-24 19:53 . 2012-10-24 19:53 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-24 19:53 . 2012-10-24 19:53 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-24 19:53 . 2012-10-24 19:53 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-24 19:53 . 2012-10-24 19:53 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-24 19:53 . 2012-10-24 19:53 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-24 19:53 . 2012-10-24 19:53 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-24 19:53 . 2012-10-24 19:53 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-24 19:53 . 2012-10-24 19:53 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-24 15:30 . 2012-10-24 15:30 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Apple Computer
2012-10-23 13:59 . 2012-10-23 14:00 -------- d-----w- c:\program files (x86)\Euro Truck Simulator 2
2012-10-23 13:30 . 2012-10-23 13:30 -------- d-----w- c:\users\Uživatel\AppData\Roaming\BitTorren
2012-10-20 05:45 . 2012-10-04 14:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C344C996-C3EE-4D4C-B0E6-F5D9CB083698}\gapaengine.dll
2012-10-16 19:29 . 2012-10-16 19:29 -------- d-----w- C:\d18e31c918b6d500819c
2012-10-10 16:30 . 2012-10-10 16:30 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-10-10 16:30 . 2012-10-10 16:30 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-10-10 15:45 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 15:45 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 15:45 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 15:45 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-09 14:19 . 2012-10-09 14:19 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-07 19:17 . 2012-10-07 19:17 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-10-07 10:20 . 2012-10-07 10:20 -------- d-----w- c:\programdata\CENZURA
2012-10-07 10:14 . 2012-10-07 10:14 -------- d-----w- c:\programdata\YTD Video Downloader
2012-10-07 10:14 . 2012-10-07 10:14 -------- d-----w- c:\program files (x86)\GreenTree Applications
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 14:17 . 2012-04-09 05:55 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-11-04 14:17 . 2012-04-09 05:53 25640 ----a-w- c:\windows\gdrv.sys
2012-11-04 09:57 . 2012-04-09 05:56 25640 ----a-w- c:\windows\etdrv.sys
2012-10-30 18:39 . 2012-10-30 18:39 388096 ----a-r- c:\users\Uživatel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-30 18:39 . 2012-10-30 18:39 388096 ----a-r- c:\users\Uživatel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-28 13:22 . 2012-09-28 20:00 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-28 13:22 . 2012-03-23 16:45 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-24 19:53 . 2012-10-24 19:53 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-22 18:52 . 2012-09-28 20:00 183152 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-17 19:08 . 2012-04-08 09:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-17 19:08 . 2012-01-07 09:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 17:09 . 2012-08-29 11:14 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-10 17:17 . 2012-01-07 13:12 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-04 14:45 . 2012-02-10 13:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-29 19:26 . 2012-07-21 18:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-11 19:00 . 2012-09-11 19:00 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:00 . 2012-09-11 19:00 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:00 . 2012-09-11 19:00 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:00 . 2012-09-11 19:00 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 19:00 . 2012-09-11 19:00 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:00 . 2012-09-11 19:00 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 19:00 . 2012-09-11 19:00 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 14:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 23:15 . 2012-08-29 23:15 3782214 ----a-w- C:\chatzum_nt.exe
2012-08-29 11:15 . 2012-08-29 11:15 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-29 11:15 . 2012-08-29 11:15 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-24 11:15 . 2012-09-22 08:38 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 08:38 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 08:39 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 08:39 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 08:38 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 08:39 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 08:39 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 08:38 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 08:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 08:38 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 08:38 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 08:38 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 08:39 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 08:39 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 08:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 08:39 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 08:38 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 08:39 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 08:39 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 08:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 08:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 08:39 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 20:22 . 2012-08-22 20:22 209269 ----a-w- C:\torrent.exe
2012-08-21 21:01 . 2012-09-26 12:37 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 15:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-14 07:11 . 2012-08-14 07:11 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-08-14 07:11 . 2012-08-14 07:11 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-21 17:51 220608 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-21 17:51 220608 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-21 17:51 220608 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\skype\phone\skype.exe" [2012-07-13 17420464]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-10-23 1398680]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-30 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-11-28 217256]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\users\Správce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-10-26 8704]
R2 hshld;Hotspot Shield Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 EagleX64;EagleX64; [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-11-04 25640]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-24 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-24 57856]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [2012-03-19 1454896]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2012-03-05 2639976]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-07 279616]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2012-01-07 16384]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-10-10 41704]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2011-11-09 1677072]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [2011-12-02 4913608]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-11-04 30528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-11-25 38992]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\Drivers\V0350Afx.sys [2007-06-11 214240]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 12288]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [2007-08-29 214976]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AODDRIVER
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 19:08]
.
2012-11-04 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2012-01-08 17:51]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 19:07]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-21 17:51 244672 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-21 17:51 244672 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-21 17:51 244672 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\
FF - prefs.js: browser.search.selectedEngine - Search Safer
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - ExtSQL: 2012-09-05 15:29; crossriderapp4352@crossrider.com; c:\users\UĂ…Âľivatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\extensions\crossriderapp4352@crossrider.com
FF - ExtSQL: 2012-09-21 17:35; {ADFA33FD-16F5-4355-8504-DF4D664CFE83}; c:\users\UĂ…Âľivatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
FF - ExtSQL: 2012-10-07 15:32; 50714fda5119b@50714fda511ab.com; c:\users\UĂ…Âľivatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\extensions\50714fda5119b@50714fda511ab.com
FF - ExtSQL: 2012-10-24 19:30; ascsurfingprotection@iobit.com; c:\users\UĂ…Âľivatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2012-10-25 19:14; afurladvisor@anchorfree.com; c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Free Audio Mixer_is1 - c:\program files (x86)\SoftwarePile.com\Free Audio Mixer\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=hex:51,66,7a,6c,4c,1d,38,12,c4,f1,d4,
8c,0d,b7,42,06,f0,18,f4,98,5c,39,e1,33
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:27,6f,f8,6f,6f,5f,cd,01
.
[HKEY_USERS\S-1-5-21-3930708126-1560378701-884621134-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,d0,0e,5e,ef,f1,d4,e7,44,57,af,28,98,11,c5,32,d7,45,64,b5,73,
d9,6f,39,b3,8a,13,c2,b8,e9,c1,f5,03,88,15,5b,d1,37,c5,ff,60,31,22,ae,d2,ce,\
"rkeysecu"=hex:49,0f,fe,1c,f2,0c,5b,4c,d0,68,a3,9f,98,16,cf,ba
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f1,d3,dc,87,35,aa,dc,59,9d,f2,2a,68,c7,0f,da,94,37,7e,4d,3d,fb,
8e,be,09,9a,4f,8c,98,4a,ed,ac,64,9e,68,fd,d6,7d,d6,5f,5c,2b,f2,ab,76,8e,d9,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-11-04 16:40:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-04 15:40
.
Před spuštěním: Volných bajtů: 168 611 119 104
Po spuštění: Volných bajtů: 168 367 697 920
.
- - End Of File - - 978516A429CE922B12A71BBDB6ABA18C
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.9213.6993 [GMT 1:00]
Spuštěný z: c:\users\U×ivatel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Uživatel\CFSetup291.exe
c:\windows\PFRO.log
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-04 do 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-11-04 15:34 . 2012-11-04 15:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-04 13:21 . 2012-11-04 13:21 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Malwarebytes
2012-11-04 13:21 . 2012-11-04 13:21 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 13:21 . 2012-11-04 13:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 13:21 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-03 20:06 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA09C3C6-34AC-4717-A183-00693FCE8474}\mpengine.dll
2012-11-02 19:22 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-30 18:39 . 2012-10-30 18:39 388096 ----a-r- c:\users\Uživatel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-30 18:39 . 2012-10-30 18:39 -------- d-----w- c:\program files (x86)\Trend Micro
2012-10-30 16:43 . 2012-11-04 14:18 -------- d-----w- c:\program files (x86)\Steam
2012-10-28 09:47 . 2012-10-28 09:47 -------- d-----w- c:\program files (x86)\Dokan
2012-10-26 16:21 . 2012-10-26 16:21 -------- d-----w- c:\program files (x86)\Red Sky
2012-10-26 09:50 . 2012-10-26 09:51 -------- d-----w- c:\users\Uživatel\AppData\Local\ArmA 2
2012-10-26 09:20 . 2012-10-26 09:20 -------- d-----w- c:\users\Uživatel\AppData\Local\DayZCommander
2012-10-26 09:20 . 2012-10-26 09:20 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2012-10-26 07:12 . 2012-10-26 09:11 -------- d-----w- c:\program files (x86)\ArmA 2
2012-10-25 11:21 . 2012-10-25 11:21 -------- d-----w- c:\users\Uživatel\IPChanger_3_0_15
2012-10-24 19:53 . 2012-10-24 19:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-24 19:53 . 2012-10-24 19:53 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-24 19:53 . 2012-10-24 19:53 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-24 19:53 . 2012-10-24 19:53 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-24 19:53 . 2012-10-24 19:53 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-24 19:53 . 2012-10-24 19:53 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-24 19:53 . 2012-10-24 19:53 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-24 19:53 . 2012-10-24 19:53 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-24 19:53 . 2012-10-24 19:53 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-24 15:30 . 2012-10-24 15:30 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Apple Computer
2012-10-23 13:59 . 2012-10-23 14:00 -------- d-----w- c:\program files (x86)\Euro Truck Simulator 2
2012-10-23 13:30 . 2012-10-23 13:30 -------- d-----w- c:\users\Uživatel\AppData\Roaming\BitTorren
2012-10-20 05:45 . 2012-10-04 14:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C344C996-C3EE-4D4C-B0E6-F5D9CB083698}\gapaengine.dll
2012-10-16 19:29 . 2012-10-16 19:29 -------- d-----w- C:\d18e31c918b6d500819c
2012-10-10 16:30 . 2012-10-10 16:30 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-10-10 16:30 . 2012-10-10 16:30 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-10-10 15:45 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 15:45 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 15:45 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 15:45 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-09 14:19 . 2012-10-09 14:19 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-07 19:17 . 2012-10-07 19:17 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-10-07 10:20 . 2012-10-07 10:20 -------- d-----w- c:\programdata\CENZURA
2012-10-07 10:14 . 2012-10-07 10:14 -------- d-----w- c:\programdata\YTD Video Downloader
2012-10-07 10:14 . 2012-10-07 10:14 -------- d-----w- c:\program files (x86)\GreenTree Applications
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 14:17 . 2012-04-09 05:55 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-11-04 14:17 . 2012-04-09 05:53 25640 ----a-w- c:\windows\gdrv.sys
2012-11-04 09:57 . 2012-04-09 05:56 25640 ----a-w- c:\windows\etdrv.sys
2012-10-30 18:39 . 2012-10-30 18:39 388096 ----a-r- c:\users\Uživatel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-30 18:39 . 2012-10-30 18:39 388096 ----a-r- c:\users\Uživatel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-28 13:22 . 2012-09-28 20:00 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-28 13:22 . 2012-03-23 16:45 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-24 19:53 . 2012-10-24 19:53 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-22 18:52 . 2012-09-28 20:00 183152 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-17 19:08 . 2012-04-08 09:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-17 19:08 . 2012-01-07 09:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 17:09 . 2012-08-29 11:14 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-10 17:17 . 2012-01-07 13:12 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-04 14:45 . 2012-02-10 13:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-29 19:26 . 2012-07-21 18:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-11 19:00 . 2012-09-11 19:00 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:00 . 2012-09-11 19:00 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:00 . 2012-09-11 19:00 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:00 . 2012-09-11 19:00 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 19:00 . 2012-09-11 19:00 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:00 . 2012-09-11 19:00 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 19:00 . 2012-09-11 19:00 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 14:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 23:15 . 2012-08-29 23:15 3782214 ----a-w- C:\chatzum_nt.exe
2012-08-29 11:15 . 2012-08-29 11:15 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-29 11:15 . 2012-08-29 11:15 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-24 11:15 . 2012-09-22 08:38 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 08:38 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 08:39 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 08:39 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 08:38 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 08:39 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 08:39 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 08:38 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 08:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 08:38 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 08:38 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 08:38 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 08:39 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 08:39 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 08:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 08:39 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 08:38 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 08:39 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 08:39 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 08:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 08:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 08:39 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 20:22 . 2012-08-22 20:22 209269 ----a-w- C:\torrent.exe
2012-08-21 21:01 . 2012-09-26 12:37 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 15:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-14 07:11 . 2012-08-14 07:11 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-08-14 07:11 . 2012-08-14 07:11 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-21 17:51 220608 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-21 17:51 220608 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-21 17:51 220608 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\skype\phone\skype.exe" [2012-07-13 17420464]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-10-23 1398680]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-30 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-11-28 217256]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\users\Správce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-10-26 8704]
R2 hshld;Hotspot Shield Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 EagleX64;EagleX64; [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-11-04 25640]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-24 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-24 57856]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [2012-03-19 1454896]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2012-03-05 2639976]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-07 279616]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2012-01-07 16384]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-10-10 41704]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2011-11-09 1677072]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [2011-12-02 4913608]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-11-04 30528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-11-25 38992]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\Drivers\V0350Afx.sys [2007-06-11 214240]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 12288]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [2007-08-29 214976]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AODDRIVER
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 19:08]
.
2012-11-04 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2012-01-08 17:51]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 19:07]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-21 17:51 244672 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-21 17:51 244672 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-21 17:51 244672 ----a-w- c:\users\Uživatel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\
FF - prefs.js: browser.search.selectedEngine - Search Safer
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - ExtSQL: 2012-09-05 15:29; crossriderapp4352@crossrider.com; c:\users\UĂ…Âľivatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\extensions\crossriderapp4352@crossrider.com
FF - ExtSQL: 2012-09-21 17:35; {ADFA33FD-16F5-4355-8504-DF4D664CFE83}; c:\users\UĂ…Âľivatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
FF - ExtSQL: 2012-10-07 15:32; 50714fda5119b@50714fda511ab.com; c:\users\UĂ…Âľivatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\extensions\50714fda5119b@50714fda511ab.com
FF - ExtSQL: 2012-10-24 19:30; ascsurfingprotection@iobit.com; c:\users\UĂ…Âľivatel\AppData\Roaming\Mozilla\Firefox\Profiles\4h7ay9gh.default-1346319506238\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2012-10-25 19:14; afurladvisor@anchorfree.com; c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Free Audio Mixer_is1 - c:\program files (x86)\SoftwarePile.com\Free Audio Mixer\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=hex:51,66,7a,6c,4c,1d,38,12,c4,f1,d4,
8c,0d,b7,42,06,f0,18,f4,98,5c,39,e1,33
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:27,6f,f8,6f,6f,5f,cd,01
.
[HKEY_USERS\S-1-5-21-3930708126-1560378701-884621134-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,d0,0e,5e,ef,f1,d4,e7,44,57,af,28,98,11,c5,32,d7,45,64,b5,73,
d9,6f,39,b3,8a,13,c2,b8,e9,c1,f5,03,88,15,5b,d1,37,c5,ff,60,31,22,ae,d2,ce,\
"rkeysecu"=hex:49,0f,fe,1c,f2,0c,5b,4c,d0,68,a3,9f,98,16,cf,ba
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f1,d3,dc,87,35,aa,dc,59,9d,f2,2a,68,c7,0f,da,94,37,7e,4d,3d,fb,
8e,be,09,9a,4f,8c,98,4a,ed,ac,64,9e,68,fd,d6,7d,d6,5f,5c,2b,f2,ab,76,8e,d9,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-11-04 16:40:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-04 15:40
.
Před spuštěním: Volných bajtů: 168 611 119 104
Po spuštění: Volných bajtů: 168 367 697 920
.
- - End Of File - - 978516A429CE922B12A71BBDB6ABA18C
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
TDSS je kde?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
-
SpellboundCaves
- nováček
- Příspěvky: 13
- Registrován: říjen 12
- Pohlaví:
- Stav:
Offline
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
memphisto píše:Stáhni si TDSSKiller
Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 117 hostů