Kontrola logu HJT a Malwarebytes Anti-Malware

[kurtkombajn]

Prosim o kontrolu kamaradova pocitace.
pri spusteni Chrome se mu otevrou panely search.ask.com a search.softonic.com
obcas mu spadne pocitac po BSOD. zkousel jsem bluescreen view ale nic to neukazalo.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:00:27, on 31.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Polar\WebSync\WebSync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10641A& ... =2-133&t=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Music Box Toolbar (Dist. by Musiclab, Inc.) - {104d74b8-67eb-4f25-8294-04eecfa292e4} - C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Music Box Toolbar (Dist. by Musiclab, Inc.) - {104d74b8-67eb-4f25-8294-04eecfa292e4} - C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll (file missing)
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: CineForm Status.lnk = C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
O4 - Global Startup: Polar WebSync.lnk = C:\Program Files (x86)\Polar\WebSync\WebSync.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9160C4CA-239E-456B-A6AB-5066D304F6C4}: NameServer =
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\mgrldr.dll C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BingBar Service (BBSvc) - Unknown owner - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe (file missing)
O23 - Service: BBUpdate - Unknown owner - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Unknown owner - C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (file missing)
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Polar Daemon - Unknown owner - C:\Program Files (x86)\Polar\Daemon\polard.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - c:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14376 bytes


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.08.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Ondra :: DELL [administrátor]

Ochrana: Povolena

31.8.2013 12:15:26
MBAM-log-2013-08-31 (13-04-58).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 410484
Uplynulý čas: 47 minut, 23 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 3
C:\Users\Ondra\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Ondra\AppData\Roaming\OpenCandy\A7A95CB09FB94A3EB57B0A4D8F53D939 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Ondra\AppData\Roaming\OpenCandy\OpenCandy_A7A95CB09FB94A3EB57B0A4D8F53D939 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 4
C:\Users\Ondra\Downloads\SuperMp3Download-4.9.0.8.Setup.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Users\Ondra\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Nebyla provedena žádná instrukce.
D:\Hry\Age of Empires 2\w7ddpatcher.exe (HackTool.Patch) -> Nebyla provedena žádná instrukce.
C:\Users\Ondra\AppData\Roaming\OpenCandy\A7A95CB09FB94A3EB57B0A4D8F53D939\PCSU_SL_3.1.2.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

(konec)

[Reklama]

[memphisto]

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[kurtkombajn]

pri testu ADW vyskoci BSOD 2x po sobe

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

AdwCleaner použij v nouz. režimu.

Stáhni si Junkware Removal Tool

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[kurtkombajn]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.08.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Ondra :: DELL [administrátor]

Ochrana: Povolena

1.9.2013 17:11:33
mbam-log-2013-09-01 (17-11-33).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 411661
Uplynulý čas: 46 minut, 56 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 3
C:\Users\Ondra\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Ondra\AppData\Roaming\OpenCandy\A7A95CB09FB94A3EB57B0A4D8F53D939 (PUP.Optional.OpenCandy) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Ondra\AppData\Roaming\OpenCandy\OpenCandy_A7A95CB09FB94A3EB57B0A4D8F53D939 (PUP.Optional.OpenCandy) -> Přesun do karantény a smazání se zdařilo.

Nalezené soubory: 4
C:\Users\Ondra\Downloads\SuperMp3Download-4.9.0.8.Setup.exe (PUP.Optional.Conduit.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Ondra\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Přesun do karantény a smazání se zdařilo.
D:\Hry\Age of Empires 2\w7ddpatcher.exe (HackTool.Patch) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Ondra\AppData\Roaming\OpenCandy\A7A95CB09FB94A3EB57B0A4D8F53D939\PCSU_SL_3.1.2.exe (PUP.Optional.OpenCandy) -> Přesun do karantény a smazání se zdařilo.

(konec)


RogueKiller V8.6.7 [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Ondra [Práva správce]
Mód : Kontrola -- Datum : 09/01/2013 20:37:40
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] Badoo.Desktop.exe -- C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] DellSystemDetect.exe -- C:\Users\Ondra\AppData\Local\Apps\2.0\V07CQ34R.M8M\LJAK6ZYK.OR7\dell..tion_0f612f649c4a10af_0005.0001_240bd831ade3aeac\DellSystemDetect.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Badoo Desktop (C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : DellSystemDetect (C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [-]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3375209559-534785693-731467756-1001\[...]\Run : Badoo Desktop (C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3375209559-534785693-731467756-1001\[...]\Run : DellSystemDetect (C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [-]) -> NALEZENO
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 activation.cloud.techsmith.com


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] d895156159f2f005d899487594b2b74c
[BSP] bc8bbc3e3660dfcd705e56f4e81277a8 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15514 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31854592 | Size: 350405 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 749484032 | Size: 349444 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST9750420AS +++++
--- User ---
[MBR] 43783ee03dded9d3e6b63bf019dec503
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15299 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_S_09012013_203740.txt >>






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.3 (08.04.2013:1)
OS: Windows 7 Professional x64
Ran by Ondra on ne 01.09.2013 at 20:25:30,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3375209559-534785693-731467756-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{35122AD4-8FE6-45FC-9016-7A171A47C67D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DE7B1D83-2809-4B0C-9A88-F0304A70AEF8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F0426EC7-4FF2-4D10-A845-AD450946DE83}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ondra\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Ondra\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Ondra\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Ondra\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Ondra\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Ondra\appdata\local\{81A4D23C-9DEC-4D99-9036-8274B3B8F41F}
Successfully deleted: [Empty Folder] C:\Users\Ondra\appdata\local\{A5AD31BE-25B9-444C-BFF5-AFF18E09E056}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 01.09.2013 at 20:30:02,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[memphisto]

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller


Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

[kurtkombajn]

RogueKiller V8.6.7 [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Ondra [Práva správce]
Mód : Kontrola -- Datum : 09/02/2013 09:25:51
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Badoo Desktop (C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : DellSystemDetect (C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [-]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3375209559-534785693-731467756-1001\[...]\Run : Badoo Desktop (C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3375209559-534785693-731467756-1001\[...]\Run : DellSystemDetect (C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [-]) -> NALEZENO
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 activation.cloud.techsmith.com


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] d895156159f2f005d899487594b2b74c
[BSP] bc8bbc3e3660dfcd705e56f4e81277a8 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15514 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31854592 | Size: 350405 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 749484032 | Size: 349444 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_09022013_092551.txt >>
RKreport[0]_S_09012013_203740.txt



ComboFix 13-09-01.02 - Ondra 02.09.2013 9:37.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8050.5918 [GMT 2:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Dell\Dell Stage\plugins\{6dedbe25-1baa-49d5-a314-3524143af6f7}.umj
c:\programdata\Dell\DellJanus_Installer.log
c:\programdata\Dell\Digital Delivery\Logs\Service.Log
c:\users\Ondra\AppData\Roaming\Dell
c:\users\Ondra\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\chassis.txt
c:\users\Ondra\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\messagesFeed.xml
c:\users\Ondra\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\status.txt
c:\users\Ondra\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\tile_event.xml
c:\users\Ondra\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\tile_hover_images.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-02 do 2013-09-02 )))))))))))))))))))))))))))))))
.
.
2013-09-02 07:41 . 2013-09-02 07:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-02 07:41 . 2013-09-02 07:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-01 17:06 . 2013-09-01 17:06 -------- d-----w- c:\windows\ERUNT
2013-09-01 16:05 . 2013-09-01 16:05 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{148F656E-0FC0-4CA1-B288-B7C38B616E06}\offreg.dll
2013-09-01 09:17 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{148F656E-0FC0-4CA1-B288-B7C38B616E06}\mpengine.dll
2013-09-01 05:18 . 2013-09-01 05:18 -------- d-----w- C:\found.000
2013-08-31 10:13 . 2013-08-31 10:13 -------- d-----w- c:\users\Ondra\AppData\Roaming\Malwarebytes
2013-08-31 10:13 . 2013-08-31 10:13 -------- d-----w- c:\programdata\Malwarebytes
2013-08-31 10:12 . 2013-08-31 10:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-31 10:12 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-31 06:58 . 2013-08-31 06:48 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{116F9C3A-C6FB-4A4B-943D-D6BAD228459B}\gapaengine.dll
2013-08-31 06:49 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-30 20:50 . 2013-08-30 20:50 -------- d-----w- c:\program files (x86)\AMP WinOFF
2013-08-30 18:23 . 2013-08-30 18:23 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 18:23 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 18:23 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 18:23 . 2013-08-30 18:23 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 18:23 . 2013-08-30 18:23 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 18:23 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 18:23 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 18:23 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 18:22 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 17:11 . 2013-08-30 17:11 -------- d-----w- c:\users\Ondra\AppData\Roaming\Anvisoft
2013-08-30 17:11 . 2013-08-30 17:11 -------- d-----w- c:\programdata\Anvisoft
2013-08-30 17:11 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys
2013-08-30 17:11 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys
2013-08-30 17:11 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys
2013-08-30 17:11 . 2013-08-30 17:11 -------- d-----w- c:\program files (x86)\Anvisoft
2013-08-30 17:10 . 2013-08-30 17:10 -------- d-----w- c:\users\Ondra\AppData\Local\Programs
2013-08-30 13:53 . 2013-08-30 13:53 -------- d-----w- c:\program files (x86)\NirSoft
2013-08-14 04:46 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-07 12:01 . 2013-08-15 06:16 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 06:14 . 2012-10-31 17:11 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-18 16:33 . 2013-07-18 16:33 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-18 16:33 . 2012-10-26 10:35 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-18 16:33 . 2012-10-26 10:35 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-18 15:21 . 2012-11-29 07:19 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-14 04:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-22 01:05 . 2013-06-22 01:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-22 01:05 . 2013-06-22 01:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-22 01:05 . 2013-06-22 01:05 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-22 01:05 . 2013-06-22 01:05 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-22 01:05 . 2013-06-22 01:05 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-22 01:05 . 2013-06-22 01:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-22 01:05 . 2013-06-22 01:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-22 01:05 . 2013-06-22 01:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-22 01:05 . 2013-06-22 01:05 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-22 01:05 . 2013-06-22 01:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-22 01:05 . 2013-06-22 01:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-22 01:05 . 2013-06-22 01:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-22 01:05 . 2013-06-22 01:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-22 01:05 . 2013-06-22 01:05 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-22 01:05 . 2013-06-22 01:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-22 01:05 . 2013-06-22 01:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-22 01:05 . 2013-06-22 01:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-22 01:05 . 2013-06-22 01:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-22 01:05 . 2013-06-22 01:05 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-22 01:05 . 2013-06-22 01:05 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-22 01:05 . 2013-06-22 01:05 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-22 01:05 . 2013-06-22 01:05 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-22 01:05 . 2013-06-22 01:05 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-22 01:05 . 2013-06-22 01:05 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-22 01:05 . 2013-06-22 01:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-22 01:05 . 2013-06-22 01:05 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-22 01:05 . 2013-06-22 01:05 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-22 01:05 . 2013-06-22 01:05 441856 ----a-w- c:\windows\system32\html.iec
2013-06-22 01:05 . 2013-06-22 01:05 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-22 01:05 . 2013-06-22 01:05 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-22 01:05 . 2013-06-22 01:05 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-22 01:05 . 2013-06-22 01:05 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-22 01:05 . 2013-06-22 01:05 235008 ----a-w- c:\windows\system32\url.dll
2013-06-22 01:05 . 2013-06-22 01:05 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-22 01:05 . 2013-06-22 01:05 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-22 01:05 . 2013-06-22 01:05 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-22 01:05 . 2013-06-22 01:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-22 01:05 . 2013-06-22 01:05 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-22 01:05 . 2013-06-22 01:05 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-22 01:05 . 2013-06-22 01:05 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-22 01:05 . 2013-06-22 01:05 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-22 01:05 . 2013-06-22 01:05 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-22 01:05 . 2013-06-22 01:05 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-22 01:05 . 2013-06-22 01:05 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-22 01:05 . 2013-06-22 01:05 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-22 01:05 . 2013-06-22 01:05 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-22 01:05 . 2013-06-22 01:05 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-22 01:05 . 2013-06-22 01:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-22 01:05 . 2013-06-22 01:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-22 01:04 . 2013-06-22 01:04 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-22 01:04 . 2013-06-22 01:04 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-22 01:04 . 2013-06-22 01:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-22 01:04 . 2013-06-22 01:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-22 01:04 . 2013-06-22 01:04 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-22 01:04 . 2013-06-22 01:04 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-22 01:04 . 2013-06-22 01:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-22 01:04 . 2013-06-22 01:04 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-22 01:04 . 2013-06-22 01:04 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-22 01:04 . 2013-06-22 01:04 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-22 01:04 . 2013-06-22 01:04 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-22 01:04 . 2013-06-22 01:04 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-06-22 01:04 . 2013-06-22 01:04 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-06-22 01:04 . 2013-06-22 01:04 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 01:04 . 2013-06-22 01:04 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-06-22 01:04 . 2013-06-22 01:04 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-22 01:04 . 2013-06-22 01:04 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-22 01:04 . 2013-06-22 01:04 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-22 01:04 . 2013-06-22 01:04 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-22 01:04 . 2013-06-22 01:04 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-22 01:04 . 2013-06-22 01:04 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-22 01:04 . 2013-06-22 01:04 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-22 01:04 . 2013-06-22 01:04 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-22 01:04 . 2013-06-22 01:04 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-22 01:04 . 2013-06-22 01:04 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-22 01:04 . 2013-06-22 01:04 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-22 01:04 . 2013-06-22 01:04 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-22 01:04 . 2013-06-22 01:04 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe" [2012-12-24 1067232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2012-03-06 577024]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-3-6 1389856]
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
Polar WebSync.lnk - c:\program files (x86)\Polar\WebSync\WebSync.exe -normal [2013-2-26 6227512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DatamngrCoordinator;Datamngr Coordinator;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\DRIVERS\MosIrUsb.sys;c:\windows\SYSNATIVE\DRIVERS\MosIrUsb.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 stus2x64;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys;c:\windows\SYSNATIVE\DRIVERS\stusb2ir.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TDKLIB;TDKLIB;c:\users\Ondra\AppData\Local\Temp\TdkLib64.sys;c:\users\Ondra\AppData\Local\Temp\TdkLib64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe;c:\program files (x86)\Polar\Daemon\polard.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 22:58]
.
2013-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3375209559-534785693-731467756-1001Core.job
- c:\users\Ondra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-11 19:11]
.
2013-09-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3375209559-534785693-731467756-1001UA.job
- c:\users\Ondra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-11 19:11]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 21:07]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 21:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-04-09 626552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-05 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-05 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-05 439064]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-09-08 1628288]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-04-27 7520768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{104d74b8-67eb-4f25-8294-04eecfa292e4} - c:\progra~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
BHO-{1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
Toolbar-Locked - (no file)
Toolbar-{104d74b8-67eb-4f25-8294-04eecfa292e4} - c:\progra~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Polar Sync - (no file)
Wow6432Node-HKCU-Run-Facebook Update - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-BSPlayerp - c:\program files (x86)\Webteh\BSplayerPro\uninstall.exe
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\setup.exe
AddRemove-{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1 - d:\hry\MyProg\unins000.exe
AddRemove-{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31} - c:\program files (x86)\InstallShield Installation Information\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-09-02 09:43:09
ComboFix-quarantined-files.txt 2013-09-02 07:43
.
Před spuštěním: Volných bajtů: 60 746 219 520
Po spuštění: Volných bajtů: 60 652 457 984
.
- - End Of File - - 39E9317734B06EA7625485F86A1447DC

[jaro3]

adwcleaner nejde ani v nouz. režimu?

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
zvol si jeden antivir a druhý odinstaluj ,pak nový Combofix.