Rogue Killer LOG
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : HP [Práva správce]
Mód : Smazat -- Datum : 12/17/2014 08:24:56
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1BE66320-334E-4830-82B2-B7EF84AA1A5F} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1BE66320-334E-4830-82B2-B7EF84AA1A5F} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1BE66320-334E-4830-82B2-B7EF84AA1A5F} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nevybráno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nevybráno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nevybráno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ATA TOSHIBA MK7559GS SCSI Disk Device +++++
--- User ---
[MBR] d17f12b6dbff0b6433f841e733ed3bc0
[BSP] e0ba46c533f1a94acc9ad102fd014d2d : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 692110 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1417850880 | Size: 22991 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_12172014_081656.log - RKreport_DEL_12172014_081700.log - RKreport_DEL_12172014_081707.log - RKreport_DEL_12172014_081711.log
RKreport_DEL_12172014_081714.log - RKreport_DEL_12172014_081721.log - RKreport_DEL_12172014_081725.log - RKreport_DEL_12172014_081727.log
RKreport_DEL_12172014_081733.log - RKreport_DEL_12172014_081808.log - RKreport_DEL_12172014_081810.log - RKreport_DEL_12172014_081811.log
RKreport_DEL_12172014_081813.log - RKreport_DEL_12172014_081816.log - RKreport_DEL_12172014_081817.log - RKreport_DEL_12172014_081818.log
RKreport_DEL_12172014_081819.log - RKreport_DEL_12172014_081821.log - RKreport_SCN_12162014_114200.log - RKreport_SCN_12172014_081550.log
RKreport_SCN_12172014_082438.log
Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
Zoek LOG
Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by HP on st 17.12.2014 at 8:26:30,62.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HP\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17.12.2014 8:29:04 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Artec deleted successfully
C:\PROGRA~2\Dyyno deleted successfully
C:\PROGRA~2\J A Formoso deleted successfully
C:\PROGRA~2\MSTS Shape Viewer deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\URUSoft deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Common Files\EasyInfo deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\HP\AppData\Roaming\AVI ReComp deleted successfully
C:\Users\HP\AppData\Roaming\freemkvtomp4converter deleted successfully
C:\Users\HP\AppData\Roaming\TP deleted successfully
C:\Users\HP\AppData\Roaming\uTorrent deleted successfully
C:\Users\HP\AppData\Roaming\Windows Live Writer deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CD133B3-D120-4031-BE45-9C315518B7A0} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21F44C78-9BCF-423F-92BC-D88227820D} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26B212C-82DE-413D-BECF-A48FA871BF9} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38750ABD-7D77-4384-8D7C-69C44E8FA29E} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A177EEB-BA8C-42E7-8C31-9F837CC7B73} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48CBF2DC-EFC5-4B69-911B-77AE5FFBD1E1} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{573D7EF6-C66B-4E6C-93D4-A782970C1C1} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58A5BDDF-8289-44B5-AFC0-DE467F79F68} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65A6C60-335D-4962-BF79-7CF24CBC50EF} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B1DB349-391D-4829-B09D-A0739AA3508E} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5E8E83-AF5C-4602-B08C-F5FF41A9016} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A07872A6-16E0-46CA-90E-FF4E42E4479} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A485F63F-4578-4DEA-A84-AFB0B45C01F} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9E8C794-8CD9-44BB-9C7E-88EC8A219BA0} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3F4529A-AF59-414A-8ADD-9121509D19} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D398EC0F-E15B-4B06-B870-907137FE4DBB} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE1A3580-ACFB-4697-845B-4C2AC68FC72B} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1EEDFBE-876B-4F5A-866D-32DDF2876A7} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAFD7A39-42A7-4E68-A0DE-2516D5B8F3F5} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE9636A7-B585-45C4-AB2A-FAF46D504B35} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\Users\HP\AppData\LocalLow\{5810C45B-6D46-92BD-5BB7-5E98F12F7ECD} deleted
C:\Users\HP\AppData\Local\Packages\windows_ie_ac_001\AC\{5810C45B-6D46-92BD-5BB7-5E98F12F7ECD} deleted
C:\Program Files\Common Files\System\SysMenu.dll deleted
C:\Users\HP\AppData\Roaming\WinInstallFlashLog.ini deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3 deleted
C:\Users\HP\AppData\LocalLow\{067B3AFF-BC36-3A4F-DC2F-D8EB1725FD22} deleted
C:\Users\HP\AppData\LocalLow\{AD44A86E-E050-7FC3-115F-05F5873DB0F2} deleted
C:\Users\HP\AppData\LocalLow\{E63837C7-7614-BFE9-569D-7BDDA6D4BCE1} deleted
C:\Users\HP\AppData\LocalLow\ADSRemoval deleted
C:\windows\SysNative\tasks\UNELEVATE_32527 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
"C:\Program Files\Common Files\System\SysMenu64.dll" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"otis@digitalpersona.com"="C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt" [09.01.2014 12:23]
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HP\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HP\AppData\Local\Comodo\Dragon deleted
==== Chromium Look ======================
Angry Birds - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Seznam Lištička - Email - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam LištiÄŤka - SlovnĂk - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
AdBlock - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Seznam Lištička - Rychlá volba - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
==== Chromium Fix ======================
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.wonderfulsearches.info_0.localstorage deleted successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_luxor-amun-rising.en.softonic.com_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{093437F2-E260-4CA6-84EE-870F1098248A} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12"
{3874F428-FC53-4B35-AE4A-BEBB95B5DE44} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12"
{41EBB1F5-11D0-4EEE-AE8B-0F9526E6630A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{47D4311D-D3E0-4AB6-B2C4-66F975B7FDE7} Wikipedia Url="http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}"
{5BC67526-6924-4D5A-9CFE-8A2162E0783A} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12"
{B7797F8B-D335-4FD1-B14C-F2AB5AC6A4F5} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12"
{C2308914-9899-41B7-B772-E26CC71F6043} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12"
{D6E15A8A-5CD1-44E9-9181-6FB14BFECC7A} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12"
{EB89B249-53C6-4C3F-844C-913B6914F4FB} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12"
{FE1C9E37-8B42-48A1-8200-2152B6C77C4D} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12"
==== Reset Google Chrome ======================
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\c6034fcb-d79b-48c5-9ac3-b097ea9b7ae3 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=46 folders=24 13122220 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\HP\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\HP\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on st 17.12.2014 at 8:56:14,39 ======================
Díky :)
Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by HP on st 17.12.2014 at 8:26:30,62.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HP\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17.12.2014 8:29:04 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Artec deleted successfully
C:\PROGRA~2\Dyyno deleted successfully
C:\PROGRA~2\J A Formoso deleted successfully
C:\PROGRA~2\MSTS Shape Viewer deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\URUSoft deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Common Files\EasyInfo deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\HP\AppData\Roaming\AVI ReComp deleted successfully
C:\Users\HP\AppData\Roaming\freemkvtomp4converter deleted successfully
C:\Users\HP\AppData\Roaming\TP deleted successfully
C:\Users\HP\AppData\Roaming\uTorrent deleted successfully
C:\Users\HP\AppData\Roaming\Windows Live Writer deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CD133B3-D120-4031-BE45-9C315518B7A0} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21F44C78-9BCF-423F-92BC-D88227820D} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26B212C-82DE-413D-BECF-A48FA871BF9} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38750ABD-7D77-4384-8D7C-69C44E8FA29E} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A177EEB-BA8C-42E7-8C31-9F837CC7B73} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48CBF2DC-EFC5-4B69-911B-77AE5FFBD1E1} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{573D7EF6-C66B-4E6C-93D4-A782970C1C1} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58A5BDDF-8289-44B5-AFC0-DE467F79F68} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65A6C60-335D-4962-BF79-7CF24CBC50EF} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B1DB349-391D-4829-B09D-A0739AA3508E} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5E8E83-AF5C-4602-B08C-F5FF41A9016} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A07872A6-16E0-46CA-90E-FF4E42E4479} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A485F63F-4578-4DEA-A84-AFB0B45C01F} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9E8C794-8CD9-44BB-9C7E-88EC8A219BA0} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3F4529A-AF59-414A-8ADD-9121509D19} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D398EC0F-E15B-4B06-B870-907137FE4DBB} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE1A3580-ACFB-4697-845B-4C2AC68FC72B} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1EEDFBE-876B-4F5A-866D-32DDF2876A7} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAFD7A39-42A7-4E68-A0DE-2516D5B8F3F5} deleted successfully
HKEY_USERS\S-1-5-21-2374477524-2188761272-489237530-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE9636A7-B585-45C4-AB2A-FAF46D504B35} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\Users\HP\AppData\LocalLow\{5810C45B-6D46-92BD-5BB7-5E98F12F7ECD} deleted
C:\Users\HP\AppData\Local\Packages\windows_ie_ac_001\AC\{5810C45B-6D46-92BD-5BB7-5E98F12F7ECD} deleted
C:\Program Files\Common Files\System\SysMenu.dll deleted
C:\Users\HP\AppData\Roaming\WinInstallFlashLog.ini deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3 deleted
C:\Users\HP\AppData\LocalLow\{067B3AFF-BC36-3A4F-DC2F-D8EB1725FD22} deleted
C:\Users\HP\AppData\LocalLow\{AD44A86E-E050-7FC3-115F-05F5873DB0F2} deleted
C:\Users\HP\AppData\LocalLow\{E63837C7-7614-BFE9-569D-7BDDA6D4BCE1} deleted
C:\Users\HP\AppData\LocalLow\ADSRemoval deleted
C:\windows\SysNative\tasks\UNELEVATE_32527 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
"C:\Program Files\Common Files\System\SysMenu64.dll" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"otis@digitalpersona.com"="C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt" [09.01.2014 12:23]
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HP\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HP\AppData\Local\Comodo\Dragon deleted
==== Chromium Look ======================
Angry Birds - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Seznam Lištička - Email - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam LištiÄŤka - SlovnĂk - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
AdBlock - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Seznam Lištička - Rychlá volba - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
==== Chromium Fix ======================
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.wonderfulsearches.info_0.localstorage deleted successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_luxor-amun-rising.en.softonic.com_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{093437F2-E260-4CA6-84EE-870F1098248A} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12"
{3874F428-FC53-4B35-AE4A-BEBB95B5DE44} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12"
{41EBB1F5-11D0-4EEE-AE8B-0F9526E6630A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{47D4311D-D3E0-4AB6-B2C4-66F975B7FDE7} Wikipedia Url="http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}"
{5BC67526-6924-4D5A-9CFE-8A2162E0783A} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12"
{B7797F8B-D335-4FD1-B14C-F2AB5AC6A4F5} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12"
{C2308914-9899-41B7-B772-E26CC71F6043} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12"
{D6E15A8A-5CD1-44E9-9181-6FB14BFECC7A} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12"
{EB89B249-53C6-4C3F-844C-913B6914F4FB} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12"
{FE1C9E37-8B42-48A1-8200-2152B6C77C4D} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12"
==== Reset Google Chrome ======================
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\c6034fcb-d79b-48c5-9ac3-b097ea9b7ae3 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=46 folders=24 13122220 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\HP\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\HP\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on st 17.12.2014 at 8:56:14,39 ======================
Díky :)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vlož nový log z HJT + info o problémech.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vlož nový log z HJT + info o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
RK LOG
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : HP [Práva správce]
Mód : Smazat -- Datum : 12/17/2014 18:31:16
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1BE66320-334E-4830-82B2-B7EF84AA1A5F} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1BE66320-334E-4830-82B2-B7EF84AA1A5F} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1BE66320-334E-4830-82B2-B7EF84AA1A5F} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost -> Smazáno
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ATA TOSHIBA MK7559GS SCSI Disk Device +++++
--- User ---
[MBR] d17f12b6dbff0b6433f841e733ed3bc0
[BSP] e0ba46c533f1a94acc9ad102fd014d2d : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 692110 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1417850880 | Size: 22991 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_12172014_081656.log - RKreport_DEL_12172014_081700.log - RKreport_DEL_12172014_081707.log - RKreport_DEL_12172014_081711.log
RKreport_DEL_12172014_081714.log - RKreport_DEL_12172014_081721.log - RKreport_DEL_12172014_081725.log - RKreport_DEL_12172014_081727.log
RKreport_DEL_12172014_081733.log - RKreport_DEL_12172014_081808.log - RKreport_DEL_12172014_081810.log - RKreport_DEL_12172014_081811.log
RKreport_DEL_12172014_081813.log - RKreport_DEL_12172014_081816.log - RKreport_DEL_12172014_081817.log - RKreport_DEL_12172014_081818.log
RKreport_DEL_12172014_081819.log - RKreport_DEL_12172014_081821.log - RKreport_DEL_12172014_082456.log - RKreport_SCN_12162014_114200.log
RKreport_SCN_12172014_081550.log - RKreport_SCN_12172014_082438.log - RKreport_SCN_12172014_182927.log
HJT log pošlu za chvilku.
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : HP [Práva správce]
Mód : Smazat -- Datum : 12/17/2014 18:31:16
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1BE66320-334E-4830-82B2-B7EF84AA1A5F} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1BE66320-334E-4830-82B2-B7EF84AA1A5F} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1BE66320-334E-4830-82B2-B7EF84AA1A5F} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost -> Smazáno
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ATA TOSHIBA MK7559GS SCSI Disk Device +++++
--- User ---
[MBR] d17f12b6dbff0b6433f841e733ed3bc0
[BSP] e0ba46c533f1a94acc9ad102fd014d2d : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 692110 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1417850880 | Size: 22991 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_12172014_081656.log - RKreport_DEL_12172014_081700.log - RKreport_DEL_12172014_081707.log - RKreport_DEL_12172014_081711.log
RKreport_DEL_12172014_081714.log - RKreport_DEL_12172014_081721.log - RKreport_DEL_12172014_081725.log - RKreport_DEL_12172014_081727.log
RKreport_DEL_12172014_081733.log - RKreport_DEL_12172014_081808.log - RKreport_DEL_12172014_081810.log - RKreport_DEL_12172014_081811.log
RKreport_DEL_12172014_081813.log - RKreport_DEL_12172014_081816.log - RKreport_DEL_12172014_081817.log - RKreport_DEL_12172014_081818.log
RKreport_DEL_12172014_081819.log - RKreport_DEL_12172014_081821.log - RKreport_DEL_12172014_082456.log - RKreport_SCN_12162014_114200.log
RKreport_SCN_12172014_081550.log - RKreport_SCN_12172014_082438.log - RKreport_SCN_12172014_182927.log
HJT log pošlu za chvilku.
Re: Prosím o kontrolu logu
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:58, on 15.12.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Users\HP\AppData\Roaming\ICQM\icq.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... R2J62PF&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... R2J62PF&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Adblocker - {5810C45B-6D46-92BD-5BB7-5E98F12F7ECD} - C:\Program Files (x86)\Adblocker\N.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\HP\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [icq] C:\Users\HP\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [HP Deskjet 5520 series (NET)] "C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN43S7C4NX05SX:NW" -scfn "HP Deskjet 5520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1418647171
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 5520 series (Síť).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\HP\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\HP\AppData\Roaming\ICQM\icq.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Anvi Slim Toolbar Guard Service (astsvr) - Anvisoft - C:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolBarService.exe
O23 - Service: Bluetooth Device Manager - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Workflow Manager Spatial Notification Service - ESRI - C:\Program Files (x86)\WMX\Desktop10.2\Bin\WMXSpatialNotificationService.exe
--
End of file - 17964 bytes
No, s problémy to bude trochu horší :)
1. Nejvíce akutní problém mám s tím, že mi Windows hlásí že mám nelegální kopii viz.: http://nemesisup.cz/files/975/aktivace.png a http://nemesisup.cz/files/975/mses.png i když lde vlastností OS mám originální (žádná černá obrazovka, žádný text vpravo dole na ploše) viz. http://nemesisup.cz/files/975/os.png, tento problém nastal na den přesně rok poté co mi byl počítač navrácen ze servisu s novým HDD a nainstalovaným OS. Dle vyjádření servisu mi tam byl nainstalován legální OS, takže by problém mohl být zapříčiněn virem (malware atd.), nějakým SW. Doporučili mi tedy antivirovou kontrolu, případně vrátit NTB do továrního nastavení (nevím jak).
2. Již cca. 1 měsíc se mi po přihlášení k účtu dlouho zapíná účet (černá obrazovka) po chvilce naběhne a za nějaký čas se teprve spolu se skypem přehraje uvítací zvuk Windows.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:58, on 15.12.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Users\HP\AppData\Roaming\ICQM\icq.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... R2J62PF&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... R2J62PF&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Adblocker - {5810C45B-6D46-92BD-5BB7-5E98F12F7ECD} - C:\Program Files (x86)\Adblocker\N.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\HP\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [icq] C:\Users\HP\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [HP Deskjet 5520 series (NET)] "C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN43S7C4NX05SX:NW" -scfn "HP Deskjet 5520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1418647171
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 5520 series (Síť).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\HP\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\HP\AppData\Roaming\ICQM\icq.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Anvi Slim Toolbar Guard Service (astsvr) - Anvisoft - C:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolBarService.exe
O23 - Service: Bluetooth Device Manager - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Workflow Manager Spatial Notification Service - ESRI - C:\Program Files (x86)\WMX\Desktop10.2\Bin\WMXSpatialNotificationService.exe
--
End of file - 17964 bytes
No, s problémy to bude trochu horší :)
1. Nejvíce akutní problém mám s tím, že mi Windows hlásí že mám nelegální kopii viz.: http://nemesisup.cz/files/975/aktivace.png a http://nemesisup.cz/files/975/mses.png i když lde vlastností OS mám originální (žádná černá obrazovka, žádný text vpravo dole na ploše) viz. http://nemesisup.cz/files/975/os.png, tento problém nastal na den přesně rok poté co mi byl počítač navrácen ze servisu s novým HDD a nainstalovaným OS. Dle vyjádření servisu mi tam byl nainstalován legální OS, takže by problém mohl být zapříčiněn virem (malware atd.), nějakým SW. Doporučili mi tedy antivirovou kontrolu, případně vrátit NTB do továrního nastavení (nevím jak).
2. Již cca. 1 měsíc se mi po přihlášení k účtu dlouho zapíná účet (černá obrazovka) po chvilce naběhne a za nějaký čas se teprve spolu se skypem přehraje uvítací zvuk Windows.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Pravděpodobně bych navštívil ten servis , nejspíš Ti tam pravý windows nedali..
Viry ta "nelegalizace" nebude.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Viry ta "nelegalizace" nebude.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... R2J62PF&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... R2J62PF&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\HP\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O13 - Gopher Prefix:
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Tak bohužel, mnohé věci co jsi mi výše vypsal, nemohu fixnout, jelikož se v daném logu v HJT nenachází... Zítra jdu do toho servisu.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Tak jo , kdyby to potom ještě jevilo problémy , udělej Combofix.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Ahoj, tak jsem ještě před návštěvou servisu dal Windows do továrního nastavení a jede v pohodě, dokonce se už nehlásí jako nelegální :). Díky všem za čas
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu Vyřešeno
Ok, potom můžeš téma odfajkovat jako vyřešené.
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 81 hostů