Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
Použij Windows Firewall, COMODO není bezpečný.
Re: Prosím o kontrolu logu
věřím ale potřebuji zablokovat odchozí spojení u některých bez toho bych byl nahraný
Re: Prosím o kontrolu logu
To umí i Windows Firewall...
Pokud ale tedy COMODO potřebuješ, použij jiný fixlist:
Pokud ale tedy COMODO potřebuješ, použij jiný fixlist:
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
Task: {3E23B9AA-1BB8-4482-823A-0EBE1C225D12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {6BC4C977-72B9-4F32-A516-A16E84466D85} - System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734} => pcalua.exe -a "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files\setup.exe" -d "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files"
FirewallRules: [{826BBE69-A0D7-4B0B-B483-3678F1D94B71}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
FirewallRules: [{448F0124-F357-4B74-9A5E-80D654AB7F59}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)
Startup: C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013-07-26] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
C:\Windows\Tasks\*.job
C:\ProgramData\RogueKiller
C:\Windows\rundll16.exe
C:\Program Files\CCleaner
C:\ProgramData\DP45977C.lfl
C:\ProgramData\PKP_DLdu.DAT
C:\Windows\RUNDL132.EXE
C:\Windows\SysWOW64\runouce.exe
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
Folder: C:\Windows\system32\NDF
CMD: bitsadmin /reset /allusers
CMD: dir %appdata%
CMD: dir %programdata%
RemoveProxy:
EmptyTemp:
EndRe: Prosím o kontrolu logu
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by Lubos at 2015-05-03 11:17:00 Run:1
Running from C:\Users\Lubos\Desktop
Loaded Profiles: Lubos (Available profiles: Lubos)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Task: {3E23B9AA-1BB8-4482-823A-0EBE1C225D12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {6BC4C977-72B9-4F32-A516-A16E84466D85} - System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734} => pcalua.exe -a "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files\setup.exe" -d "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files"
FirewallRules: [{826BBE69-A0D7-4B0B-B483-3678F1D94B71}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
FirewallRules: [{448F0124-F357-4B74-9A5E-80D654AB7F59}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)
Startup: C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013-07-26] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
C:\Windows\Tasks\*.job
C:\ProgramData\RogueKiller
C:\Windows\rundll16.exe
C:\Program Files\CCleaner
C:\ProgramData\DP45977C.lfl
C:\ProgramData\PKP_DLdu.DAT
C:\Windows\RUNDL132.EXE
C:\Windows\SysWOW64\runouce.exe
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
Folder: C:\Windows\system32\NDF
CMD: bitsadmin /reset /allusers
CMD: dir %appdata%
CMD: dir %programdata%
RemoveProxy:
EmptyTemp:
End
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E23B9AA-1BB8-4482-823A-0EBE1C225D12} => Key not found.
C:\Windows\System32\Tasks\CCleanerSkipUAC not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BC4C977-72B9-4F32-A516-A16E84466D85}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BC4C977-72B9-4F32-A516-A16E84466D85}" => Key deleted successfully.
Could not move "C:\Windows\System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734}" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BA3372F-87FE-45BA-89C2-FA4F2F672734}" => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{826BBE69-A0D7-4B0B-B483-3678F1D94B71} => Value could not be deleted.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{448F0124-F357-4B74-9A5E-80D654AB7F59} => Value could not be deleted.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Internet Security => Value could not be deleted.
"C:\Windows\System32\guard64.dll" => Error removing Value Data.
"C:\Windows\SysWOW64\guard32.dll" => Error removing Value Data.
"C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled" => Could not move.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Value could not be deleted.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
"HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key could not be deleted. Access denied.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCR\PROTOCOLS\Handler\skypec2c => Key could not be deleted. Access denied.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => Key not found.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat" => Key deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => Moved successfully.
c2cautoupdatesvc => Service not found.
c2cpnrsvc => Service not found.
Could not move "C:\Windows\Tasks\*.job" => Scheduled to move on reboot.
"C:\ProgramData\RogueKiller" => File/Directory not found.
"C:\Windows\rundll16.exe" directory move:
Could not move "C:\Windows\rundll16.exe" directory. => Scheduled to move on reboot.
"C:\Program Files\CCleaner" => File/Directory not found.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
"C:\Windows\RUNDL132.EXE" directory move:
Could not move "C:\Windows\RUNDL132.EXE" directory. => Scheduled to move on reboot.
"C:\Windows\SysWOW64\runouce.exe" directory move:
Could not move "C:\Windows\SysWOW64\runouce.exe" directory. => Scheduled to move on reboot.
"C:\Windows\logo1_.exe" directory move:
Could not move "C:\Windows\logo1_.exe" directory. => Scheduled to move on reboot.
"C:\Windows\logo_1.exe" directory move:
Could not move "C:\Windows\logo_1.exe" directory. => Scheduled to move on reboot.
========================= Folder: C:\Windows\system32\NDF ========================
2012-08-10 09:42 - 2015-05-01 23:14 - 0655360 _____ () C:\Windows\system32\NDF\eventlog.etl
====== End of Folder: ======
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= dir %appdata% =========
Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 2A88-DFBC.
V�pis adres��e C:\Users\Lubos\AppData\Roaming
03.05.2015 10:10 <DIR> .
03.05.2015 10:10 <DIR> ..
18.03.2015 13:16 <DIR> Adobe
18.03.2015 13:35 132 Adobe Form�t GIF CS6 - p�edvolby
25.01.2013 09:54 <DIR> AMPSoft
15.08.2012 20:03 <DIR> Apple Computer
22.04.2014 20:22 <DIR> Audacity
22.10.2012 18:42 <DIR> Corel
13.11.2012 19:01 <DIR> Enfocus Prefs Folder
06.08.2012 14:58 <DIR> EPSON
06.02.2013 13:43 132 Filtr IIIExport Adobe CS6 - p�edvolby
08.12.2012 17:52 <DIR> Flash Player
08.04.2013 22:07 <DIR> Geek Uninstaller
28.08.2012 09:30 <DIR> GetCanon
12.12.2012 12:22 <DIR> GHISLER
30.04.2015 08:08 <DIR> ICQ
15.05.2013 14:51 <DIR> ICQ-Profile
30.07.2012 10:07 <DIR> Identities
30.07.2012 10:18 <DIR> InstallShield
30.07.2012 13:29 <DIR> Intel
21.03.2013 08:51 <DIR> Lasersoft Imaging
07.08.2012 11:14 <DIR> Leadertech
07.08.2012 11:15 <DIR> Logitech
30.07.2012 16:12 <DIR> Macromedia
12.04.2011 10:45 <DIR> Media Center Programs
14.08.2012 08:14 <DIR> MichaelGraphics
03.05.2015 11:17 <DIR> Mozilla
19.03.2014 21:17 <DIR> MPC-HC
17.07.2013 20:31 <DIR> MPMAN
12.10.2012 12:57 <DIR> NexusFont
07.04.2015 12:45 <DIR> Nikon
03.07.2013 14:35 <DIR> Nokia
31.10.2014 15:12 <DIR> NVIDIA
04.01.2013 18:45 <DIR> Obsidium
26.07.2013 14:11 <DIR> OpenOffice
20.09.2013 15:42 <DIR> PC Suite
27.10.2012 15:53 7�859 pcouffin.cat
27.10.2012 15:53 1�167 pcouffin.inf
27.10.2012 15:53 34 pcouffin.log
27.10.2012 15:53 82�816 pcouffin.sys
06.08.2012 11:11 <DIR> Quark
26.02.2013 17:51 <DIR> Seznam.cz
06.08.2012 19:16 <DIR> StageManager.BD092818F67280F4B42B04877600987F0111B594.1
09.02.2014 18:43 <DIR> SUPERAntiSpyware.com
22.02.2014 19:26 <DIR> Thunderbird
28.04.2015 14:47 <DIR> uTorrent
22.10.2012 18:03 <DIR> VitySoft
18.11.2014 14:58 1�041 vso_ts_preview.xml
04.11.2013 18:22 <DIR> WinRAR
Soubor�: 7, Bajt�: 93�181
Adres���: 42, Voln�ch bajt�: 59�612�823�552
========= End of CMD: =========
========= dir %programdata% =========
Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 2A88-DFBC.
V�pis adres��e C:\ProgramData
03.05.2015 11:17 <DIR> .
03.05.2015 11:17 <DIR> ..
11.04.2013 10:57 <DIR> Adobe
17.09.2013 09:05 <DIR> Apple
17.09.2013 09:05 <DIR> Apple Computer
24.10.2012 16:39 <DIR> Bitstream
08.08.2012 10:07 <DIR> Comodo
23.10.2012 14:28 <DIR> Corel
06.08.2012 14:08 <DIR> CPA_VA
13.11.2012 19:01 <DIR> Enfocus
07.04.2015 12:43 <DIR> EnterNHelp
06.08.2012 14:58 <DIR> EPtemp
02.05.2015 08:52 <DIR> FLEXnet
10.09.2013 15:14 <DIR> Installations
30.07.2012 13:29 <DIR> Intel
28.10.2014 00:03 <DIR> Lexmark Universal v2 XL
29.10.2014 12:30 596 lmab.log
07.08.2012 11:14 <DIR> LogiShrd
07.08.2012 11:12 <DIR> Logitech
26.03.2014 21:07 <DIR> Malwarebytes
08.08.2012 09:03 <DIR> McAfee
23.10.2012 14:29 <DIR> Microsoft Help
12.12.2012 20:49 <DIR> MicroWorld
06.08.2012 10:39 <DIR> Mozilla
07.04.2015 12:43 <DIR> Nikon
03.05.2015 10:04 <DIR> NVIDIA
31.10.2014 14:05 <DIR> NVIDIA Corporation
27.01.2015 12:12 <DIR> Oracle
03.07.2013 15:06 <DIR> PC Suite
22.10.2012 18:42 <DIR> Protexis64
23.10.2014 12:57 <DIR> Quark
30.07.2012 10:19 <DIR> Ralink Driver
30.04.2013 19:30 <DIR> regid.1986-12.com.adobe
24.04.2015 12:49 <DIR> Skype
06.08.2012 20:20 <DIR> Sun
09.02.2014 18:43 <DIR> SUPERAntiSpyware.com
27.10.2014 23:21 <DIR> UD1
07.04.2015 12:43 <DIR> Ultima_T15
Soubor�: 1, Bajt�: 596
Adres���: 37, Voln�ch bajt�: 59�612�823�552
========= End of CMD: =========
========= RemoveProxy: =========
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
========= End of RemoveProxy: =========
EmptyTemp: => Removed 58.3 MB temporary data.
Ran by Lubos at 2015-05-03 11:17:00 Run:1
Running from C:\Users\Lubos\Desktop
Loaded Profiles: Lubos (Available profiles: Lubos)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Task: {3E23B9AA-1BB8-4482-823A-0EBE1C225D12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {6BC4C977-72B9-4F32-A516-A16E84466D85} - System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734} => pcalua.exe -a "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files\setup.exe" -d "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files"
FirewallRules: [{826BBE69-A0D7-4B0B-B483-3678F1D94B71}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
FirewallRules: [{448F0124-F357-4B74-9A5E-80D654AB7F59}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)
Startup: C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013-07-26] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
C:\Windows\Tasks\*.job
C:\ProgramData\RogueKiller
C:\Windows\rundll16.exe
C:\Program Files\CCleaner
C:\ProgramData\DP45977C.lfl
C:\ProgramData\PKP_DLdu.DAT
C:\Windows\RUNDL132.EXE
C:\Windows\SysWOW64\runouce.exe
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
Folder: C:\Windows\system32\NDF
CMD: bitsadmin /reset /allusers
CMD: dir %appdata%
CMD: dir %programdata%
RemoveProxy:
EmptyTemp:
End
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E23B9AA-1BB8-4482-823A-0EBE1C225D12} => Key not found.
C:\Windows\System32\Tasks\CCleanerSkipUAC not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BC4C977-72B9-4F32-A516-A16E84466D85}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BC4C977-72B9-4F32-A516-A16E84466D85}" => Key deleted successfully.
Could not move "C:\Windows\System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734}" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BA3372F-87FE-45BA-89C2-FA4F2F672734}" => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{826BBE69-A0D7-4B0B-B483-3678F1D94B71} => Value could not be deleted.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{448F0124-F357-4B74-9A5E-80D654AB7F59} => Value could not be deleted.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Internet Security => Value could not be deleted.
"C:\Windows\System32\guard64.dll" => Error removing Value Data.
"C:\Windows\SysWOW64\guard32.dll" => Error removing Value Data.
"C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled" => Could not move.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Value could not be deleted.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
"HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key could not be deleted. Access denied.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCR\PROTOCOLS\Handler\skypec2c => Key could not be deleted. Access denied.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => Key not found.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat" => Key deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => Moved successfully.
c2cautoupdatesvc => Service not found.
c2cpnrsvc => Service not found.
Could not move "C:\Windows\Tasks\*.job" => Scheduled to move on reboot.
"C:\ProgramData\RogueKiller" => File/Directory not found.
"C:\Windows\rundll16.exe" directory move:
Could not move "C:\Windows\rundll16.exe" directory. => Scheduled to move on reboot.
"C:\Program Files\CCleaner" => File/Directory not found.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
"C:\Windows\RUNDL132.EXE" directory move:
Could not move "C:\Windows\RUNDL132.EXE" directory. => Scheduled to move on reboot.
"C:\Windows\SysWOW64\runouce.exe" directory move:
Could not move "C:\Windows\SysWOW64\runouce.exe" directory. => Scheduled to move on reboot.
"C:\Windows\logo1_.exe" directory move:
Could not move "C:\Windows\logo1_.exe" directory. => Scheduled to move on reboot.
"C:\Windows\logo_1.exe" directory move:
Could not move "C:\Windows\logo_1.exe" directory. => Scheduled to move on reboot.
========================= Folder: C:\Windows\system32\NDF ========================
2012-08-10 09:42 - 2015-05-01 23:14 - 0655360 _____ () C:\Windows\system32\NDF\eventlog.etl
====== End of Folder: ======
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= dir %appdata% =========
Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 2A88-DFBC.
V�pis adres��e C:\Users\Lubos\AppData\Roaming
03.05.2015 10:10 <DIR> .
03.05.2015 10:10 <DIR> ..
18.03.2015 13:16 <DIR> Adobe
18.03.2015 13:35 132 Adobe Form�t GIF CS6 - p�edvolby
25.01.2013 09:54 <DIR> AMPSoft
15.08.2012 20:03 <DIR> Apple Computer
22.04.2014 20:22 <DIR> Audacity
22.10.2012 18:42 <DIR> Corel
13.11.2012 19:01 <DIR> Enfocus Prefs Folder
06.08.2012 14:58 <DIR> EPSON
06.02.2013 13:43 132 Filtr IIIExport Adobe CS6 - p�edvolby
08.12.2012 17:52 <DIR> Flash Player
08.04.2013 22:07 <DIR> Geek Uninstaller
28.08.2012 09:30 <DIR> GetCanon
12.12.2012 12:22 <DIR> GHISLER
30.04.2015 08:08 <DIR> ICQ
15.05.2013 14:51 <DIR> ICQ-Profile
30.07.2012 10:07 <DIR> Identities
30.07.2012 10:18 <DIR> InstallShield
30.07.2012 13:29 <DIR> Intel
21.03.2013 08:51 <DIR> Lasersoft Imaging
07.08.2012 11:14 <DIR> Leadertech
07.08.2012 11:15 <DIR> Logitech
30.07.2012 16:12 <DIR> Macromedia
12.04.2011 10:45 <DIR> Media Center Programs
14.08.2012 08:14 <DIR> MichaelGraphics
03.05.2015 11:17 <DIR> Mozilla
19.03.2014 21:17 <DIR> MPC-HC
17.07.2013 20:31 <DIR> MPMAN
12.10.2012 12:57 <DIR> NexusFont
07.04.2015 12:45 <DIR> Nikon
03.07.2013 14:35 <DIR> Nokia
31.10.2014 15:12 <DIR> NVIDIA
04.01.2013 18:45 <DIR> Obsidium
26.07.2013 14:11 <DIR> OpenOffice
20.09.2013 15:42 <DIR> PC Suite
27.10.2012 15:53 7�859 pcouffin.cat
27.10.2012 15:53 1�167 pcouffin.inf
27.10.2012 15:53 34 pcouffin.log
27.10.2012 15:53 82�816 pcouffin.sys
06.08.2012 11:11 <DIR> Quark
26.02.2013 17:51 <DIR> Seznam.cz
06.08.2012 19:16 <DIR> StageManager.BD092818F67280F4B42B04877600987F0111B594.1
09.02.2014 18:43 <DIR> SUPERAntiSpyware.com
22.02.2014 19:26 <DIR> Thunderbird
28.04.2015 14:47 <DIR> uTorrent
22.10.2012 18:03 <DIR> VitySoft
18.11.2014 14:58 1�041 vso_ts_preview.xml
04.11.2013 18:22 <DIR> WinRAR
Soubor�: 7, Bajt�: 93�181
Adres���: 42, Voln�ch bajt�: 59�612�823�552
========= End of CMD: =========
========= dir %programdata% =========
Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 2A88-DFBC.
V�pis adres��e C:\ProgramData
03.05.2015 11:17 <DIR> .
03.05.2015 11:17 <DIR> ..
11.04.2013 10:57 <DIR> Adobe
17.09.2013 09:05 <DIR> Apple
17.09.2013 09:05 <DIR> Apple Computer
24.10.2012 16:39 <DIR> Bitstream
08.08.2012 10:07 <DIR> Comodo
23.10.2012 14:28 <DIR> Corel
06.08.2012 14:08 <DIR> CPA_VA
13.11.2012 19:01 <DIR> Enfocus
07.04.2015 12:43 <DIR> EnterNHelp
06.08.2012 14:58 <DIR> EPtemp
02.05.2015 08:52 <DIR> FLEXnet
10.09.2013 15:14 <DIR> Installations
30.07.2012 13:29 <DIR> Intel
28.10.2014 00:03 <DIR> Lexmark Universal v2 XL
29.10.2014 12:30 596 lmab.log
07.08.2012 11:14 <DIR> LogiShrd
07.08.2012 11:12 <DIR> Logitech
26.03.2014 21:07 <DIR> Malwarebytes
08.08.2012 09:03 <DIR> McAfee
23.10.2012 14:29 <DIR> Microsoft Help
12.12.2012 20:49 <DIR> MicroWorld
06.08.2012 10:39 <DIR> Mozilla
07.04.2015 12:43 <DIR> Nikon
03.05.2015 10:04 <DIR> NVIDIA
31.10.2014 14:05 <DIR> NVIDIA Corporation
27.01.2015 12:12 <DIR> Oracle
03.07.2013 15:06 <DIR> PC Suite
22.10.2012 18:42 <DIR> Protexis64
23.10.2014 12:57 <DIR> Quark
30.07.2012 10:19 <DIR> Ralink Driver
30.04.2013 19:30 <DIR> regid.1986-12.com.adobe
24.04.2015 12:49 <DIR> Skype
06.08.2012 20:20 <DIR> Sun
09.02.2014 18:43 <DIR> SUPERAntiSpyware.com
27.10.2014 23:21 <DIR> UD1
07.04.2015 12:43 <DIR> Ultima_T15
Soubor�: 1, Bajt�: 596
Adres���: 37, Voln�ch bajt�: 59�612�823�552
========= End of CMD: =========
========= RemoveProxy: =========
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
========= End of RemoveProxy: =========
EmptyTemp: => Removed 58.3 MB temporary data.
Re: Prosím o kontrolu logu
Hm... :/
Přepni se prosím do Nouzového režimu (restartuj PC a mačkej F8 dokud se nezobrazí nabídka, z ní vyber Nouzový režim se sítí).
V něm stejným způsobem jako předtím aplikuj tento fixlist:
Přepni se prosím do Nouzového režimu (restartuj PC a mačkej F8 dokud se nezobrazí nabídka, z ní vyber Nouzový režim se sítí).
V něm stejným způsobem jako předtím aplikuj tento fixlist:
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
Task: {6BC4C977-72B9-4F32-A516-A16E84466D85} - System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734} => pcalua.exe -a "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files\setup.exe" -d "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files"
FirewallRules: [{826BBE69-A0D7-4B0B-B483-3678F1D94B71}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
FirewallRules: [{448F0124-F357-4B74-9A5E-80D654AB7F59}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
Startup: C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013-07-26] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
C:\Windows\Tasks\*.job
C:\Windows\rundll16.exe
C:\Program Files\CCleaner
C:\ProgramData\DP45977C.lfl
C:\ProgramData\PKP_DLdu.DAT
C:\Windows\RUNDL132.EXE
C:\Windows\SysWOW64\runouce.exe
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: dir %appdata%
CMD: dir %programdata%
RemoveProxy:
EmptyTemp:
EndRe: Prosím o kontrolu logu
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17728
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.492000 GHz
Memory total: 17144061952, free: 14804611072
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17728
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.492000 GHz
Memory total: 17144061952, free: 13880987648
Downloaded database version: v2015.05.03.02
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.04.22.01
=======================================
Initializing...
------------ Kernel report ------------
05/03/2015 11:25:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\mvs91xx.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\mvxxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\e1q62x64.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\intelsmb.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\btmusb.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.05.03.02
rootkit: v2015.04.21.01
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800d03b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d0172c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d03b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cdee680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d017790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cf21a20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d017790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cdfd060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 779833D9
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 929499136
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 929501184 Numsec = 1024018432
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BEA3C1D9
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 234231808
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8010e16790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a1cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010e16790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010a15b60, DeviceName: \Device\0000009d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17728
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.492000 GHz
Memory total: 17144061952, free: 14804611072
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17728
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.492000 GHz
Memory total: 17144061952, free: 13880987648
Downloaded database version: v2015.05.03.02
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.04.22.01
=======================================
Initializing...
------------ Kernel report ------------
05/03/2015 11:25:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\mvs91xx.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\mvxxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\e1q62x64.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\intelsmb.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\btmusb.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.05.03.02
rootkit: v2015.04.21.01
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800d03b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d0172c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d03b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cdee680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d017790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cf21a20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d017790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cdfd060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 779833D9
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 929499136
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 929501184 Numsec = 1024018432
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BEA3C1D9
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 234231808
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8010e16790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a1cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010e16790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010a15b60, DeviceName: \Device\0000009d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Re: Prosím o kontrolu logu
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by Lubos at 2015-05-03 11:17:00 Run:1
Running from C:\Users\Lubos\Desktop
Loaded Profiles: Lubos (Available profiles: Lubos)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Task: {3E23B9AA-1BB8-4482-823A-0EBE1C225D12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {6BC4C977-72B9-4F32-A516-A16E84466D85} - System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734} => pcalua.exe -a "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files\setup.exe" -d "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files"
FirewallRules: [{826BBE69-A0D7-4B0B-B483-3678F1D94B71}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
FirewallRules: [{448F0124-F357-4B74-9A5E-80D654AB7F59}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)
Startup: C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013-07-26] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
C:\Windows\Tasks\*.job
C:\ProgramData\RogueKiller
C:\Windows\rundll16.exe
C:\Program Files\CCleaner
C:\ProgramData\DP45977C.lfl
C:\ProgramData\PKP_DLdu.DAT
C:\Windows\RUNDL132.EXE
C:\Windows\SysWOW64\runouce.exe
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
Folder: C:\Windows\system32\NDF
CMD: bitsadmin /reset /allusers
CMD: dir %appdata%
CMD: dir %programdata%
RemoveProxy:
EmptyTemp:
End
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E23B9AA-1BB8-4482-823A-0EBE1C225D12} => Key not found.
C:\Windows\System32\Tasks\CCleanerSkipUAC not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BC4C977-72B9-4F32-A516-A16E84466D85}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BC4C977-72B9-4F32-A516-A16E84466D85}" => Key deleted successfully.
Could not move "C:\Windows\System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734}" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BA3372F-87FE-45BA-89C2-FA4F2F672734}" => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{826BBE69-A0D7-4B0B-B483-3678F1D94B71} => Value could not be deleted.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{448F0124-F357-4B74-9A5E-80D654AB7F59} => Value could not be deleted.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Internet Security => Value could not be deleted.
"C:\Windows\System32\guard64.dll" => Error removing Value Data.
"C:\Windows\SysWOW64\guard32.dll" => Error removing Value Data.
"C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled" => Could not move.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Value could not be deleted.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
"HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key could not be deleted. Access denied.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCR\PROTOCOLS\Handler\skypec2c => Key could not be deleted. Access denied.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => Key not found.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat" => Key deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => Moved successfully.
c2cautoupdatesvc => Service not found.
c2cpnrsvc => Service not found.
Could not move "C:\Windows\Tasks\*.job" => Scheduled to move on reboot.
"C:\ProgramData\RogueKiller" => File/Directory not found.
"C:\Windows\rundll16.exe" directory move:
Could not move "C:\Windows\rundll16.exe" directory. => Scheduled to move on reboot.
"C:\Program Files\CCleaner" => File/Directory not found.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
"C:\Windows\RUNDL132.EXE" directory move:
Could not move "C:\Windows\RUNDL132.EXE" directory. => Scheduled to move on reboot.
"C:\Windows\SysWOW64\runouce.exe" directory move:
Could not move "C:\Windows\SysWOW64\runouce.exe" directory. => Scheduled to move on reboot.
"C:\Windows\logo1_.exe" directory move:
Could not move "C:\Windows\logo1_.exe" directory. => Scheduled to move on reboot.
"C:\Windows\logo_1.exe" directory move:
Could not move "C:\Windows\logo_1.exe" directory. => Scheduled to move on reboot.
========================= Folder: C:\Windows\system32\NDF ========================
2012-08-10 09:42 - 2015-05-01 23:14 - 0655360 _____ () C:\Windows\system32\NDF\eventlog.etl
====== End of Folder: ======
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= dir %appdata% =========
Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 2A88-DFBC.
V�pis adres��e C:\Users\Lubos\AppData\Roaming
03.05.2015 10:10 <DIR> .
03.05.2015 10:10 <DIR> ..
18.03.2015 13:16 <DIR> Adobe
18.03.2015 13:35 132 Adobe Form�t GIF CS6 - p�edvolby
25.01.2013 09:54 <DIR> AMPSoft
15.08.2012 20:03 <DIR> Apple Computer
22.04.2014 20:22 <DIR> Audacity
22.10.2012 18:42 <DIR> Corel
13.11.2012 19:01 <DIR> Enfocus Prefs Folder
06.08.2012 14:58 <DIR> EPSON
06.02.2013 13:43 132 Filtr IIIExport Adobe CS6 - p�edvolby
08.12.2012 17:52 <DIR> Flash Player
08.04.2013 22:07 <DIR> Geek Uninstaller
28.08.2012 09:30 <DIR> GetCanon
12.12.2012 12:22 <DIR> GHISLER
30.04.2015 08:08 <DIR> ICQ
15.05.2013 14:51 <DIR> ICQ-Profile
30.07.2012 10:07 <DIR> Identities
30.07.2012 10:18 <DIR> InstallShield
30.07.2012 13:29 <DIR> Intel
21.03.2013 08:51 <DIR> Lasersoft Imaging
07.08.2012 11:14 <DIR> Leadertech
07.08.2012 11:15 <DIR> Logitech
30.07.2012 16:12 <DIR> Macromedia
12.04.2011 10:45 <DIR> Media Center Programs
14.08.2012 08:14 <DIR> MichaelGraphics
03.05.2015 11:17 <DIR> Mozilla
19.03.2014 21:17 <DIR> MPC-HC
17.07.2013 20:31 <DIR> MPMAN
12.10.2012 12:57 <DIR> NexusFont
07.04.2015 12:45 <DIR> Nikon
03.07.2013 14:35 <DIR> Nokia
31.10.2014 15:12 <DIR> NVIDIA
04.01.2013 18:45 <DIR> Obsidium
26.07.2013 14:11 <DIR> OpenOffice
20.09.2013 15:42 <DIR> PC Suite
27.10.2012 15:53 7�859 pcouffin.cat
27.10.2012 15:53 1�167 pcouffin.inf
27.10.2012 15:53 34 pcouffin.log
27.10.2012 15:53 82�816 pcouffin.sys
06.08.2012 11:11 <DIR> Quark
26.02.2013 17:51 <DIR> Seznam.cz
06.08.2012 19:16 <DIR> StageManager.BD092818F67280F4B42B04877600987F0111B594.1
09.02.2014 18:43 <DIR> SUPERAntiSpyware.com
22.02.2014 19:26 <DIR> Thunderbird
28.04.2015 14:47 <DIR> uTorrent
22.10.2012 18:03 <DIR> VitySoft
18.11.2014 14:58 1�041 vso_ts_preview.xml
04.11.2013 18:22 <DIR> WinRAR
Soubor�: 7, Bajt�: 93�181
Adres���: 42, Voln�ch bajt�: 59�612�823�552
========= End of CMD: =========
========= dir %programdata% =========
Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 2A88-DFBC.
V�pis adres��e C:\ProgramData
03.05.2015 11:17 <DIR> .
03.05.2015 11:17 <DIR> ..
11.04.2013 10:57 <DIR> Adobe
17.09.2013 09:05 <DIR> Apple
17.09.2013 09:05 <DIR> Apple Computer
24.10.2012 16:39 <DIR> Bitstream
08.08.2012 10:07 <DIR> Comodo
23.10.2012 14:28 <DIR> Corel
06.08.2012 14:08 <DIR> CPA_VA
13.11.2012 19:01 <DIR> Enfocus
07.04.2015 12:43 <DIR> EnterNHelp
06.08.2012 14:58 <DIR> EPtemp
02.05.2015 08:52 <DIR> FLEXnet
10.09.2013 15:14 <DIR> Installations
30.07.2012 13:29 <DIR> Intel
28.10.2014 00:03 <DIR> Lexmark Universal v2 XL
29.10.2014 12:30 596 lmab.log
07.08.2012 11:14 <DIR> LogiShrd
07.08.2012 11:12 <DIR> Logitech
26.03.2014 21:07 <DIR> Malwarebytes
08.08.2012 09:03 <DIR> McAfee
23.10.2012 14:29 <DIR> Microsoft Help
12.12.2012 20:49 <DIR> MicroWorld
06.08.2012 10:39 <DIR> Mozilla
07.04.2015 12:43 <DIR> Nikon
03.05.2015 10:04 <DIR> NVIDIA
31.10.2014 14:05 <DIR> NVIDIA Corporation
27.01.2015 12:12 <DIR> Oracle
03.07.2013 15:06 <DIR> PC Suite
22.10.2012 18:42 <DIR> Protexis64
23.10.2014 12:57 <DIR> Quark
30.07.2012 10:19 <DIR> Ralink Driver
30.04.2013 19:30 <DIR> regid.1986-12.com.adobe
24.04.2015 12:49 <DIR> Skype
06.08.2012 20:20 <DIR> Sun
09.02.2014 18:43 <DIR> SUPERAntiSpyware.com
27.10.2014 23:21 <DIR> UD1
07.04.2015 12:43 <DIR> Ultima_T15
Soubor�: 1, Bajt�: 596
Adres���: 37, Voln�ch bajt�: 59�612�823�552
========= End of CMD: =========
========= RemoveProxy: =========
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
========= End of RemoveProxy: =========
EmptyTemp: => Removed 58.3 MB temporary data.
=> Result of Scheduled Files to move (Boot Mode: Safe Mode (minimal)) (Date&Time: 2015-05-03 11:36:44)<=
==> ATTENTION: System is not rebooted.
C:\Windows\System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734} => Moved successfully.
C:\Windows\Tasks\*.job => Moved successfully.
C:\Windows\rundll16.exe => Moved successfully.
C:\Windows\RUNDL132.EXE => Moved successfully.
C:\Windows\SysWOW64\runouce.exe => Moved successfully.
C:\Windows\logo1_.exe => Moved successfully.
C:\Windows\logo_1.exe => Moved successfully.
==== End of Fixlog 11:36:44 ====
Ran by Lubos at 2015-05-03 11:17:00 Run:1
Running from C:\Users\Lubos\Desktop
Loaded Profiles: Lubos (Available profiles: Lubos)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Task: {3E23B9AA-1BB8-4482-823A-0EBE1C225D12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {6BC4C977-72B9-4F32-A516-A16E84466D85} - System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734} => pcalua.exe -a "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files\setup.exe" -d "C:\Users\Lubos\Desktop\OpenOffice 4.1.1 (cs) Installation Files"
FirewallRules: [{826BBE69-A0D7-4B0B-B483-3678F1D94B71}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
FirewallRules: [{448F0124-F357-4B74-9A5E-80D654AB7F59}] => (Allow) E:\Ovladače\Lexmark\Update\InstallationPackage\InstallationPackage\Install\x64\InstallGui.exe
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)
Startup: C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013-07-26] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3321302885-2073626712-2733848705-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
C:\Windows\Tasks\*.job
C:\ProgramData\RogueKiller
C:\Windows\rundll16.exe
C:\Program Files\CCleaner
C:\ProgramData\DP45977C.lfl
C:\ProgramData\PKP_DLdu.DAT
C:\Windows\RUNDL132.EXE
C:\Windows\SysWOW64\runouce.exe
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
Folder: C:\Windows\system32\NDF
CMD: bitsadmin /reset /allusers
CMD: dir %appdata%
CMD: dir %programdata%
RemoveProxy:
EmptyTemp:
End
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E23B9AA-1BB8-4482-823A-0EBE1C225D12} => Key not found.
C:\Windows\System32\Tasks\CCleanerSkipUAC not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BC4C977-72B9-4F32-A516-A16E84466D85}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BC4C977-72B9-4F32-A516-A16E84466D85}" => Key deleted successfully.
Could not move "C:\Windows\System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734}" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BA3372F-87FE-45BA-89C2-FA4F2F672734}" => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{826BBE69-A0D7-4B0B-B483-3678F1D94B71} => Value could not be deleted.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{448F0124-F357-4B74-9A5E-80D654AB7F59} => Value could not be deleted.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Internet Security => Value could not be deleted.
"C:\Windows\System32\guard64.dll" => Error removing Value Data.
"C:\Windows\SysWOW64\guard32.dll" => Error removing Value Data.
"C:\Users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled" => Could not move.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Value could not be deleted.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
"HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key could not be deleted. Access denied.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCR\PROTOCOLS\Handler\skypec2c => Key could not be deleted. Access denied.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => Key not found.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat" => Key deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => Moved successfully.
c2cautoupdatesvc => Service not found.
c2cpnrsvc => Service not found.
Could not move "C:\Windows\Tasks\*.job" => Scheduled to move on reboot.
"C:\ProgramData\RogueKiller" => File/Directory not found.
"C:\Windows\rundll16.exe" directory move:
Could not move "C:\Windows\rundll16.exe" directory. => Scheduled to move on reboot.
"C:\Program Files\CCleaner" => File/Directory not found.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
"C:\Windows\RUNDL132.EXE" directory move:
Could not move "C:\Windows\RUNDL132.EXE" directory. => Scheduled to move on reboot.
"C:\Windows\SysWOW64\runouce.exe" directory move:
Could not move "C:\Windows\SysWOW64\runouce.exe" directory. => Scheduled to move on reboot.
"C:\Windows\logo1_.exe" directory move:
Could not move "C:\Windows\logo1_.exe" directory. => Scheduled to move on reboot.
"C:\Windows\logo_1.exe" directory move:
Could not move "C:\Windows\logo_1.exe" directory. => Scheduled to move on reboot.
========================= Folder: C:\Windows\system32\NDF ========================
2012-08-10 09:42 - 2015-05-01 23:14 - 0655360 _____ () C:\Windows\system32\NDF\eventlog.etl
====== End of Folder: ======
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= dir %appdata% =========
Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 2A88-DFBC.
V�pis adres��e C:\Users\Lubos\AppData\Roaming
03.05.2015 10:10 <DIR> .
03.05.2015 10:10 <DIR> ..
18.03.2015 13:16 <DIR> Adobe
18.03.2015 13:35 132 Adobe Form�t GIF CS6 - p�edvolby
25.01.2013 09:54 <DIR> AMPSoft
15.08.2012 20:03 <DIR> Apple Computer
22.04.2014 20:22 <DIR> Audacity
22.10.2012 18:42 <DIR> Corel
13.11.2012 19:01 <DIR> Enfocus Prefs Folder
06.08.2012 14:58 <DIR> EPSON
06.02.2013 13:43 132 Filtr IIIExport Adobe CS6 - p�edvolby
08.12.2012 17:52 <DIR> Flash Player
08.04.2013 22:07 <DIR> Geek Uninstaller
28.08.2012 09:30 <DIR> GetCanon
12.12.2012 12:22 <DIR> GHISLER
30.04.2015 08:08 <DIR> ICQ
15.05.2013 14:51 <DIR> ICQ-Profile
30.07.2012 10:07 <DIR> Identities
30.07.2012 10:18 <DIR> InstallShield
30.07.2012 13:29 <DIR> Intel
21.03.2013 08:51 <DIR> Lasersoft Imaging
07.08.2012 11:14 <DIR> Leadertech
07.08.2012 11:15 <DIR> Logitech
30.07.2012 16:12 <DIR> Macromedia
12.04.2011 10:45 <DIR> Media Center Programs
14.08.2012 08:14 <DIR> MichaelGraphics
03.05.2015 11:17 <DIR> Mozilla
19.03.2014 21:17 <DIR> MPC-HC
17.07.2013 20:31 <DIR> MPMAN
12.10.2012 12:57 <DIR> NexusFont
07.04.2015 12:45 <DIR> Nikon
03.07.2013 14:35 <DIR> Nokia
31.10.2014 15:12 <DIR> NVIDIA
04.01.2013 18:45 <DIR> Obsidium
26.07.2013 14:11 <DIR> OpenOffice
20.09.2013 15:42 <DIR> PC Suite
27.10.2012 15:53 7�859 pcouffin.cat
27.10.2012 15:53 1�167 pcouffin.inf
27.10.2012 15:53 34 pcouffin.log
27.10.2012 15:53 82�816 pcouffin.sys
06.08.2012 11:11 <DIR> Quark
26.02.2013 17:51 <DIR> Seznam.cz
06.08.2012 19:16 <DIR> StageManager.BD092818F67280F4B42B04877600987F0111B594.1
09.02.2014 18:43 <DIR> SUPERAntiSpyware.com
22.02.2014 19:26 <DIR> Thunderbird
28.04.2015 14:47 <DIR> uTorrent
22.10.2012 18:03 <DIR> VitySoft
18.11.2014 14:58 1�041 vso_ts_preview.xml
04.11.2013 18:22 <DIR> WinRAR
Soubor�: 7, Bajt�: 93�181
Adres���: 42, Voln�ch bajt�: 59�612�823�552
========= End of CMD: =========
========= dir %programdata% =========
Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 2A88-DFBC.
V�pis adres��e C:\ProgramData
03.05.2015 11:17 <DIR> .
03.05.2015 11:17 <DIR> ..
11.04.2013 10:57 <DIR> Adobe
17.09.2013 09:05 <DIR> Apple
17.09.2013 09:05 <DIR> Apple Computer
24.10.2012 16:39 <DIR> Bitstream
08.08.2012 10:07 <DIR> Comodo
23.10.2012 14:28 <DIR> Corel
06.08.2012 14:08 <DIR> CPA_VA
13.11.2012 19:01 <DIR> Enfocus
07.04.2015 12:43 <DIR> EnterNHelp
06.08.2012 14:58 <DIR> EPtemp
02.05.2015 08:52 <DIR> FLEXnet
10.09.2013 15:14 <DIR> Installations
30.07.2012 13:29 <DIR> Intel
28.10.2014 00:03 <DIR> Lexmark Universal v2 XL
29.10.2014 12:30 596 lmab.log
07.08.2012 11:14 <DIR> LogiShrd
07.08.2012 11:12 <DIR> Logitech
26.03.2014 21:07 <DIR> Malwarebytes
08.08.2012 09:03 <DIR> McAfee
23.10.2012 14:29 <DIR> Microsoft Help
12.12.2012 20:49 <DIR> MicroWorld
06.08.2012 10:39 <DIR> Mozilla
07.04.2015 12:43 <DIR> Nikon
03.05.2015 10:04 <DIR> NVIDIA
31.10.2014 14:05 <DIR> NVIDIA Corporation
27.01.2015 12:12 <DIR> Oracle
03.07.2013 15:06 <DIR> PC Suite
22.10.2012 18:42 <DIR> Protexis64
23.10.2014 12:57 <DIR> Quark
30.07.2012 10:19 <DIR> Ralink Driver
30.04.2013 19:30 <DIR> regid.1986-12.com.adobe
24.04.2015 12:49 <DIR> Skype
06.08.2012 20:20 <DIR> Sun
09.02.2014 18:43 <DIR> SUPERAntiSpyware.com
27.10.2014 23:21 <DIR> UD1
07.04.2015 12:43 <DIR> Ultima_T15
Soubor�: 1, Bajt�: 596
Adres���: 37, Voln�ch bajt�: 59�612�823�552
========= End of CMD: =========
========= RemoveProxy: =========
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\S-1-5-21-3321302885-2073626712-2733848705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
========= End of RemoveProxy: =========
EmptyTemp: => Removed 58.3 MB temporary data.
=> Result of Scheduled Files to move (Boot Mode: Safe Mode (minimal)) (Date&Time: 2015-05-03 11:36:44)<=
==> ATTENTION: System is not rebooted.
C:\Windows\System32\Tasks\{3BA3372F-87FE-45BA-89C2-FA4F2F672734} => Moved successfully.
C:\Windows\Tasks\*.job => Moved successfully.
C:\Windows\rundll16.exe => Moved successfully.
C:\Windows\RUNDL132.EXE => Moved successfully.
C:\Windows\SysWOW64\runouce.exe => Moved successfully.
C:\Windows\logo1_.exe => Moved successfully.
C:\Windows\logo_1.exe => Moved successfully.
==== End of Fixlog 11:36:44 ====
Re: Prosím o kontrolu logu
asi jsem v tom nouzovém režimu nepřepsal ten fixlog a poslal znovu ten starý, omlouvám se
Re: Prosím o kontrolu logu
Tak na ten sajrajt pujdeme jinak... Zustan prosim v nouzovem rezimu!
Stáhni si ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypni trvale antivir! V průběhu skenu neotevírej žádná okna!
Ulož na Plochu. Zavři všechny okna, spusť jako správce, vše odsouhlas a nech CF pracovat.
Po dokončení skenu proběhne restart (nemusí) a log bude zde: C:\ComboFix.txt
Jeho obsah sem prosím vlož.
Stáhni si ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypni trvale antivir! V průběhu skenu neotevírej žádná okna!
Ulož na Plochu. Zavři všechny okna, spusť jako správce, vše odsouhlas a nech CF pracovat.
Po dokončení skenu proběhne restart (nemusí) a log bude zde: C:\ComboFix.txt
Jeho obsah sem prosím vlož.
Re: Prosím o kontrolu logu
teď mi nefunguje připojení k internetu, to posílám to z jiného PC.
ComboFix 15-04-28.01 - Lubos 03.05.2015 12:26:15.3.8 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16350.15088 [GMT 2:00]
Spuštěný z: c:\users\Lubos\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lubos\AppData\Local\Adobe\downloader.dll
c:\users\Lubos\AppData\Local\Adobe\gccheck.exe
c:\users\Lubos\AppData\Local\Adobe\gtbcheck.exe
c:\users\Lubos\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-03 do 2015-05-03 )))))))))))))))))))))))))))))))
.
.
2015-05-03 10:27 . 2015-05-03 10:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-05-03 10:27 . 2015-05-03 10:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-03 09:25 . 2015-05-03 09:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-03 09:22 . 2015-05-03 09:22 0 ----a-w- c:\users\Lubos\AppData\Local\jv16PT_temp.tmp
2015-05-03 08:15 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D5599C0-EFFD-4042-8E9C-204850B886C1}\mpengine.dll
2015-05-02 19:30 . 2015-05-03 09:36 -------- d-----w- C:\FRST
2015-05-01 22:45 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-01 21:23 . 2015-05-01 21:10 24064 ----a-w- c:\windows\zoek-delete.exe
2015-05-01 21:23 . 2015-05-03 10:27 -------- d-----w- c:\users\Lubos\AppData\Local\Temp
2015-05-01 21:18 . 2015-05-01 21:18 -------- d-----w- C:\AdwCleaner
2015-05-01 21:05 . 2015-05-01 21:24 -------- d-----w- C:\zoek_backup
2015-04-24 06:27 . 2015-04-24 06:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-15 06:12 . 2015-04-15 06:12 -------- d-----w- c:\windows\system32\appraiser
2015-04-15 06:01 . 2015-03-25 03:24 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-04-15 06:00 . 2015-03-17 03:45 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2015-04-07 10:45 . 2015-04-07 10:45 -------- d-----w- c:\users\Lubos\AppData\Roaming\Nikon
2015-04-07 10:43 . 2015-04-07 10:43 49152 ----a-r- c:\users\Lubos\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2015-04-07 10:43 . 2015-04-07 10:43 335872 ----a-r- c:\users\Lubos\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\program files (x86)\Common Files\muvee Technologies
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\programdata\Nikon
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\program files (x86)\Nikon
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\programdata\Ultima_T15
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\programdata\EnterNHelp
2015-04-04 10:40 . 2015-04-04 10:40 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-04 10:40 . 2015-04-04 10:40 -------- d-s---w- c:\windows\system32\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-03 09:25 . 2014-03-26 19:07 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-03 09:24 . 2014-03-26 19:07 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-24 06:27 . 2014-03-28 16:12 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-24 06:27 . 2014-10-18 10:14 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-15 08:17 . 2012-07-30 14:12 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:17 . 2012-07-30 14:12 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 06:04 . 2012-07-30 08:44 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-07 10:43 . 2010-10-25 13:13 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2015-03-26 06:52 . 2015-03-31 10:31 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{373F628A-96DB-4FE6-BCB9-C2C1B8713E33}\gapaengine.dll
2015-03-26 06:52 . 2012-09-27 12:51 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-17 05:16 . 2015-04-15 06:01 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57 . 2015-04-15 06:01 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-17 04:56 . 2015-04-15 06:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-26 03:25 . 2015-03-11 06:42 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:41 . 2015-03-11 06:45 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 06:45 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 06:45 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 06:45 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 06:45 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 06:45 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 06:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 06:45 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 06:45 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 06:45 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-20 00:18 . 2015-02-20 00:18 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-20 00:18 . 2014-08-19 21:15 18575880 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-20 00:18 . 2015-02-20 00:18 877816 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-02-20 00:18 . 2014-08-19 21:15 995248 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-02-20 00:18 . 2015-02-20 00:18 13294528 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-20 00:18 . 2015-02-20 00:18 32106640 ----a-w- c:\windows\system32\nvoglv64.dll
2015-02-20 00:18 . 2015-02-20 00:18 10773704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-20 00:18 . 2015-02-20 00:18 24768144 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-20 00:18 . 2015-02-20 00:18 353224 ----a-w- c:\windows\system32\nvoglshim64.dll
2015-02-20 00:18 . 2015-02-20 00:18 305136 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2015-02-20 00:18 . 2015-02-20 00:18 969872 ----a-w- c:\windows\system32\NvIFR64.dll
2015-02-20 00:18 . 2015-02-20 00:18 177624 ----a-w- c:\windows\system32\nvinitx.dll
2015-02-20 00:18 . 2015-02-20 00:18 164752 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-02-20 00:18 . 2015-02-20 00:18 10284872 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-20 00:18 . 2015-02-20 00:18 929936 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-02-20 00:18 . 2015-02-20 00:18 943760 ----a-w- c:\windows\system32\NvFBC64.dll
2015-02-20 00:18 . 2015-02-20 00:18 908104 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-02-20 00:18 . 2015-02-20 00:18 30536 ----a-w- c:\windows\system32\nvhdap64.dll
2015-02-20 00:18 . 2015-02-20 00:18 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-02-20 00:18 . 2015-02-20 00:18 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-02-20 00:18 . 2015-02-20 00:18 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-20 00:18 . 2015-02-20 00:18 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-20 00:18 . 2014-08-19 21:14 17253848 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-20 00:18 . 2015-02-20 00:18 3610768 ----a-w- c:\windows\system32\nvcuvid.dll
2015-02-20 00:18 . 2014-08-19 21:14 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-20 00:18 . 2015-02-20 00:18 3247248 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-20 00:18 . 2015-02-20 00:18 13208200 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-20 00:18 . 2015-02-20 00:18 10713256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-20 00:18 . 2015-02-20 00:18 20466496 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-20 00:18 . 2015-02-20 00:18 25460880 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-20 00:18 . 2015-02-20 00:18 2902784 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-20 00:18 . 2014-08-19 21:14 3299512 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-13 05:22 . 2015-03-11 17:03 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-05 19:07 . 2014-10-31 12:05 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2014-10-31 12:05 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2014-10-31 12:05 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2014-10-31 12:05 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2014-10-31 12:05 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2014-10-31 12:05 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 17:57 . 2015-03-11 17:09 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-05 12:50 . 2014-10-31 12:05 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 06:42 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 06:42 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 16:45 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 16:47 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 16:45 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 16:47 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 16:47 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 16:47 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 06:42 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 06:45 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 16:47 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 16:47 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 16:45 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 16:47 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 16:47 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 16:45 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 16:47 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 16:45 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 16:45 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 16:47 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 16:47 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 16:47 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 16:47 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 16:47 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 16:47 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 16:47 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 16:45 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 16:47 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 16:47 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 16:47 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 16:47 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 16:47 140288 ----a-w- c:\windows\system32\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"ScreenManager Pro for LCD"="c:\program files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2009-03-02 12080424]
.
c:\users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
OpenOffice 4.0.0.lnk - c:\program files (x86)\OpenOffice 4\program\quickstart.exe [2014-7-29 117248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 scsiscan;Ovladač skeneru SCSI;c:\windows\system32\drivers\scsiscan.sys;c:\windows\SYSNATIVE\drivers\scsiscan.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-11-30 21705296]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-21 13538376]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{14DF0DE8-CB01-4C20-90D0-2BF58AB6BC88}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{312583EE-3648-4BF3-9C77-1EDB78F26304}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{850D7E90-9D26-429F-B852-4FA1E48CF2C9}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{8409c4f7-2340-4933-a304-5d37db4fb48b} - c:\programdata\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2015-05-03 12:28:59
ComboFix-quarantined-files.txt 2015-05-03 10:28
.
Před spuštěním: Volných bajtů: 59 463 458 816
Po spuštění: Volných bajtů: 58 791 620 608
.
- - End Of File - - C24AA1F90A4F2086F33FB5A8B155595C
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 15-04-28.01 - Lubos 03.05.2015 12:26:15.3.8 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16350.15088 [GMT 2:00]
Spuštěný z: c:\users\Lubos\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lubos\AppData\Local\Adobe\downloader.dll
c:\users\Lubos\AppData\Local\Adobe\gccheck.exe
c:\users\Lubos\AppData\Local\Adobe\gtbcheck.exe
c:\users\Lubos\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-03 do 2015-05-03 )))))))))))))))))))))))))))))))
.
.
2015-05-03 10:27 . 2015-05-03 10:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-05-03 10:27 . 2015-05-03 10:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-03 09:25 . 2015-05-03 09:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-03 09:22 . 2015-05-03 09:22 0 ----a-w- c:\users\Lubos\AppData\Local\jv16PT_temp.tmp
2015-05-03 08:15 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D5599C0-EFFD-4042-8E9C-204850B886C1}\mpengine.dll
2015-05-02 19:30 . 2015-05-03 09:36 -------- d-----w- C:\FRST
2015-05-01 22:45 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-01 21:23 . 2015-05-01 21:10 24064 ----a-w- c:\windows\zoek-delete.exe
2015-05-01 21:23 . 2015-05-03 10:27 -------- d-----w- c:\users\Lubos\AppData\Local\Temp
2015-05-01 21:18 . 2015-05-01 21:18 -------- d-----w- C:\AdwCleaner
2015-05-01 21:05 . 2015-05-01 21:24 -------- d-----w- C:\zoek_backup
2015-04-24 06:27 . 2015-04-24 06:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-15 06:12 . 2015-04-15 06:12 -------- d-----w- c:\windows\system32\appraiser
2015-04-15 06:01 . 2015-03-25 03:24 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-04-15 06:00 . 2015-03-17 03:45 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2015-04-07 10:45 . 2015-04-07 10:45 -------- d-----w- c:\users\Lubos\AppData\Roaming\Nikon
2015-04-07 10:43 . 2015-04-07 10:43 49152 ----a-r- c:\users\Lubos\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2015-04-07 10:43 . 2015-04-07 10:43 335872 ----a-r- c:\users\Lubos\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\program files (x86)\Common Files\muvee Technologies
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\programdata\Nikon
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\program files (x86)\Nikon
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\programdata\Ultima_T15
2015-04-07 10:43 . 2015-04-07 10:43 -------- d-----w- c:\programdata\EnterNHelp
2015-04-04 10:40 . 2015-04-04 10:40 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-04 10:40 . 2015-04-04 10:40 -------- d-s---w- c:\windows\system32\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-03 09:25 . 2014-03-26 19:07 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-03 09:24 . 2014-03-26 19:07 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-24 06:27 . 2014-03-28 16:12 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-24 06:27 . 2014-10-18 10:14 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-15 08:17 . 2012-07-30 14:12 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:17 . 2012-07-30 14:12 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 06:04 . 2012-07-30 08:44 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-07 10:43 . 2010-10-25 13:13 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2015-03-26 06:52 . 2015-03-31 10:31 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{373F628A-96DB-4FE6-BCB9-C2C1B8713E33}\gapaengine.dll
2015-03-26 06:52 . 2012-09-27 12:51 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-17 05:16 . 2015-04-15 06:01 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57 . 2015-04-15 06:01 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-17 04:56 . 2015-04-15 06:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-26 03:25 . 2015-03-11 06:42 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:41 . 2015-03-11 06:45 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 06:45 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 06:45 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 06:45 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 06:45 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 06:45 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 06:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 06:45 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 06:45 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 06:45 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-20 00:18 . 2015-02-20 00:18 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-20 00:18 . 2014-08-19 21:15 18575880 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-20 00:18 . 2015-02-20 00:18 877816 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-02-20 00:18 . 2014-08-19 21:15 995248 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-02-20 00:18 . 2015-02-20 00:18 13294528 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-20 00:18 . 2015-02-20 00:18 32106640 ----a-w- c:\windows\system32\nvoglv64.dll
2015-02-20 00:18 . 2015-02-20 00:18 10773704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-20 00:18 . 2015-02-20 00:18 24768144 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-20 00:18 . 2015-02-20 00:18 353224 ----a-w- c:\windows\system32\nvoglshim64.dll
2015-02-20 00:18 . 2015-02-20 00:18 305136 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2015-02-20 00:18 . 2015-02-20 00:18 969872 ----a-w- c:\windows\system32\NvIFR64.dll
2015-02-20 00:18 . 2015-02-20 00:18 177624 ----a-w- c:\windows\system32\nvinitx.dll
2015-02-20 00:18 . 2015-02-20 00:18 164752 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-02-20 00:18 . 2015-02-20 00:18 10284872 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-20 00:18 . 2015-02-20 00:18 929936 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-02-20 00:18 . 2015-02-20 00:18 943760 ----a-w- c:\windows\system32\NvFBC64.dll
2015-02-20 00:18 . 2015-02-20 00:18 908104 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-02-20 00:18 . 2015-02-20 00:18 30536 ----a-w- c:\windows\system32\nvhdap64.dll
2015-02-20 00:18 . 2015-02-20 00:18 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-02-20 00:18 . 2015-02-20 00:18 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-02-20 00:18 . 2015-02-20 00:18 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-20 00:18 . 2015-02-20 00:18 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-20 00:18 . 2014-08-19 21:14 17253848 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-20 00:18 . 2015-02-20 00:18 3610768 ----a-w- c:\windows\system32\nvcuvid.dll
2015-02-20 00:18 . 2014-08-19 21:14 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-20 00:18 . 2015-02-20 00:18 3247248 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-20 00:18 . 2015-02-20 00:18 13208200 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-20 00:18 . 2015-02-20 00:18 10713256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-20 00:18 . 2015-02-20 00:18 20466496 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-20 00:18 . 2015-02-20 00:18 25460880 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-20 00:18 . 2015-02-20 00:18 2902784 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-20 00:18 . 2014-08-19 21:14 3299512 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-13 05:22 . 2015-03-11 17:03 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-05 19:07 . 2014-10-31 12:05 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2014-10-31 12:05 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2014-10-31 12:05 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2014-10-31 12:05 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2014-10-31 12:05 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2014-10-31 12:05 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 17:57 . 2015-03-11 17:09 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-05 12:50 . 2014-10-31 12:05 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 06:42 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 06:42 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 16:45 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 16:47 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 16:45 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 16:47 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 16:47 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 16:47 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 06:42 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 06:45 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 16:47 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 16:47 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 16:45 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 16:47 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 16:47 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 16:45 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 16:47 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 16:45 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 16:45 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 16:47 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 16:47 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 16:47 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 16:47 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 16:47 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 16:47 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 16:47 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 16:45 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 16:47 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 16:47 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 16:47 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 16:47 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 16:47 140288 ----a-w- c:\windows\system32\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"ScreenManager Pro for LCD"="c:\program files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2009-03-02 12080424]
.
c:\users\Lubos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
OpenOffice 4.0.0.lnk - c:\program files (x86)\OpenOffice 4\program\quickstart.exe [2014-7-29 117248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 scsiscan;Ovladač skeneru SCSI;c:\windows\system32\drivers\scsiscan.sys;c:\windows\SYSNATIVE\drivers\scsiscan.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-11-30 21705296]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-21 13538376]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{14DF0DE8-CB01-4C20-90D0-2BF58AB6BC88}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{312583EE-3648-4BF3-9C77-1EDB78F26304}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{850D7E90-9D26-429F-B852-4FA1E48CF2C9}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{8409c4f7-2340-4933-a304-5d37db4fb48b} - c:\programdata\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2015-05-03 12:28:59
ComboFix-quarantined-files.txt 2015-05-03 10:28
.
Před spuštěním: Volných bajtů: 59 463 458 816
Po spuštění: Volných bajtů: 58 791 620 608
.
- - End Of File - - C24AA1F90A4F2086F33FB5A8B155595C
A36C5E4F47E84449FF07ED3517B43A31
Re: Prosím o kontrolu logu
v nouzovém režimu s prací v síti připojení k internetu funguje, jinak ne
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Při startu počítače mačkejte klávesu F8 a zvolte - Poslední známá funkční konfigurace a následně udělejte ComboFix znovu, ale v Nouzovém režimu a vypněte před tím antivir i firewall.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Kdo je online
Uživatelé prohlížející si toto fórum: Majestic-12 [Bot] a 104 hostů