poslední část:
2015-01-04 18:54 - 2010-11-20 11:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2015-01-04 18:54 - 2010-11-20 11:44 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2015-01-04 18:54 - 2010-11-20 11:43 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-01-04 18:54 - 2010-11-20 11:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2015-01-04 18:54 - 2010-11-20 11:34 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2015-01-04 18:54 - 2010-11-20 11:33 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys
2015-01-04 18:54 - 2010-11-20 11:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-01-04 18:54 - 2010-11-20 11:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-01-04 18:54 - 2010-11-20 11:09 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2015-01-04 18:54 - 2010-11-20 11:04 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2015-01-04 18:54 - 2010-11-20 10:57 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\VmbusCoinstaller.dll
2015-01-04 18:54 - 2010-11-20 10:57 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\VmdCoinstall.dll
2015-01-04 18:54 - 2010-11-20 10:57 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2015-01-04 18:54 - 2010-11-20 10:57 - 00021760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys
2015-01-04 18:54 - 2010-11-20 10:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2015-01-04 18:54 - 2010-11-20 10:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys
2015-01-04 18:54 - 2010-11-20 10:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys
2015-01-04 18:54 - 2010-11-20 10:26 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2015-01-04 18:54 - 2010-11-20 10:22 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys
2015-01-04 18:54 - 2010-11-20 10:19 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2015-01-04 18:54 - 2010-11-10 02:48 - 00010429 _____ () C:\Windows\system32\ScavengeSpace.xml
2015-01-04 18:54 - 2010-11-05 03:20 - 00105559 _____ () C:\Windows\SysWOW64\RacRules.xml
2015-01-04 18:54 - 2010-11-05 03:20 - 00105559 _____ () C:\Windows\system32\RacRules.xml
2015-01-04 18:54 - 2010-11-05 03:11 - 00312168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2015-01-04 18:53 - 2010-11-20 14:26 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2015-01-04 18:53 - 2010-11-20 13:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2015-01-04 18:53 - 2010-11-20 13:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
2015-01-04 18:53 - 2009-06-10 22:40 - 00146389 _____ () C:\Windows\SysWOW64\printmanagement.msc
2015-01-04 18:53 - 2009-06-10 22:39 - 00001041 _____ () C:\Windows\SysWOW64\tcpbidi.xml
2015-01-04 18:50 - 2010-11-20 14:27 - 00529408 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2015-01-04 18:31 - 2015-01-04 18:31 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-04 18:31 - 2015-01-04 18:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-04 16:08 - 2015-01-04 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-04 16:08 - 2015-01-04 16:08 - 00002741 _____ () C:\Users\Kook\Desktop\Microsoft Office Word 2007.lnk
2015-01-04 16:08 - 2015-01-04 16:08 - 00002659 _____ () C:\Users\Kook\Desktop\Microsoft Office Excel 2007.lnk
2015-01-04 16:07 - 2015-01-04 18:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-04 16:07 - 2015-01-04 16:07 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-04 16:07 - 2015-01-04 16:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-04 16:05 - 2015-01-04 16:05 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-04 16:04 - 2015-01-12 16:32 - 00000000 ____D () C:\Users\Kook\AppData\Local\Microsoft Help
2015-01-04 16:04 - 2015-01-06 16:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-04 16:04 - 2015-01-06 12:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-04 16:03 - 2015-01-04 16:03 - 00000000 ___RD () C:\MSOCache
2015-01-04 15:55 - 2015-01-25 11:49 - 00067658 _____ () C:\Windows\PFRO.log
2015-01-04 15:55 - 2015-01-06 14:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-04 15:55 - 2015-01-04 15:55 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-04 15:49 - 2015-01-21 20:42 - 00001286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-04 15:49 - 2015-01-21 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-04 15:49 - 2015-01-04 15:49 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-04 15:49 - 2015-01-04 15:49 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-04 15:49 - 2015-01-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-04 15:48 - 2015-01-04 15:49 - 00000000 ____D () C:\Users\Kook\AppData\Local\Google
2015-01-04 15:48 - 2015-01-04 15:48 - 00880784 _____ (Google Inc.) C:\Users\Kook\Downloads\ChromeSetup.exe
2015-01-04 15:46 - 2015-01-14 15:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-04 15:46 - 2015-01-14 15:01 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-04 15:44 - 2014-12-02 00:21 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-04 15:44 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-04 15:44 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-04 15:39 - 2015-01-04 15:39 - 00001266 _____ () C:\Users\Kook\Desktop\Windows Update.lnk
2015-01-04 15:36 - 2015-01-04 18:36 - 00000000 ____D () C:\Users\Kook\AppData\Roaming\GHISLER
2015-01-04 15:36 - 2015-01-04 15:36 - 00000000 ____D () C:\Program Files (x86)\Ghisler Software GmbH
2015-01-04 15:36 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 15:34 - 2015-01-06 16:55 - 00084592 _____ () C:\Users\Kook\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-04 15:34 - 2015-01-04 15:34 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-04 15:34 - 2015-01-04 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-04 15:33 - 2015-01-04 15:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-04 15:32 - 2015-01-04 15:32 - 00000000 ____D () C:\Users\Kook\AppData\Roaming\WinRAR
2015-01-04 15:31 - 2015-01-04 15:31 - 01959656 _____ () C:\Users\Kook\Downloads\winrar-x64-520cz.exe
2015-01-04 15:31 - 2015-01-04 15:31 - 00000000 ____D () C:\Users\Kook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 15:31 - 2015-01-04 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-04 15:31 - 2015-01-04 15:31 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-04 15:30 - 2015-01-04 15:34 - 00002154 _____ () C:\Windows\epplauncher.mif
2015-01-04 15:29 - 2015-01-04 15:29 - 14108320 _____ (Microsoft Corporation) C:\Users\Kook\Downloads\mseinstall.exe
2015-01-04 15:29 - 2015-01-04 15:29 - 00002307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-01-04 15:29 - 2015-01-04 15:29 - 00000000 ____D () C:\Users\Kook\AppData\Local\WinZip
2015-01-04 15:29 - 2015-01-04 15:29 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-04 15:29 - 2015-01-04 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-04 15:29 - 2015-01-04 15:29 - 00000000 ____D () C:\Program Files\WinZip
2015-01-04 15:29 - 2015-01-04 15:29 - 00000000 ____D () C:\Program Files\File Association Helper
2015-01-04 15:28 - 2015-01-04 15:28 - 00880584 _____ ( ) C:\Users\Kook\Downloads\winzip19-home.exe
2015-01-04 15:25 - 2015-01-04 15:25 - 39437072 _____ () C:\Users\Kook\Downloads\Firefox Setup 34.0.5.exe
2015-01-04 15:23 - 2015-01-04 15:23 - 00244104 _____ () C:\Users\Kook\Downloads\Firefox Setup Stub 34.0.5.exe
2015-01-04 15:21 - 2015-01-19 17:21 - 00001147 _____ () C:\Users\Kook\Desktop\Mozilla Firefox.lnk
2015-01-04 15:21 - 2015-01-18 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-04 15:21 - 2015-01-17 23:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-01-04 15:21 - 2015-01-04 15:22 - 00000000 ____D () C:\Users\Kook\AppData\Roaming\Mozilla
2015-01-04 15:21 - 2015-01-04 15:22 - 00000000 ____D () C:\Users\Kook\AppData\Local\Mozilla
2015-01-04 15:21 - 2015-01-04 15:21 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-04 15:21 - 2015-01-04 15:21 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-04 15:21 - 2015-01-04 15:21 - 00000000 ____D () C:\Intel
2015-01-04 15:10 - 2015-01-04 15:36 - 00000000 ____D () C:\Soft
2015-01-04 15:10 - 2015-01-04 15:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-04 15:03 - 2015-01-23 12:05 - 00000000 ____D () C:\Users\Kook\AppData\Local\VirtualStore
2015-01-04 15:03 - 2015-01-21 20:42 - 00000967 _____ () C:\Users\Kook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-04 15:02 - 2015-01-18 20:45 - 00000000 ____D () C:\Users\Kook
2015-01-04 15:02 - 2015-01-04 15:02 - 00000020 ___SH () C:\Users\Kook\ntuser.ini
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Šablony
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Soubory cookie
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Poslední
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Okolní tiskárny
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Okolní síť
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Nabídka Start
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Dokumenty
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Documents\Obrázky
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Documents\Hudba
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Documents\Filmy
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\Data aplikací
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-01-04 15:02 - 2015-01-04 15:02 - 00000000 _SHDL () C:\Users\Kook\AppData\Local\Data aplikací
2015-01-04 15:02 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Kook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-04 15:02 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Kook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Public\Documents\Obrázky
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Public\Documents\Hudba
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Public\Documents\Filmy
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Šablony
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Soubory cookie
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Poslední
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Okolní tiskárny
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Okolní síť
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Nabídka Start
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Dokumenty
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Documents\Obrázky
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Documents\Hudba
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Documents\Filmy
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\Data aplikací
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Data aplikací
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default User\Documents\Obrázky
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default User\Documents\Hudba
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default User\Documents\Filmy
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Data aplikací
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\ProgramData\Šablony
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\ProgramData\Plocha
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\ProgramData\Oblíbené položky
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\ProgramData\Nabídka Start
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\ProgramData\Dokumenty
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 _SHDL () C:\ProgramData\Data aplikací
2015-01-04 15:01 - 2015-01-04 15:01 - 00000000 ____D () C:\Recovery
2015-01-04 14:59 - 2015-01-04 14:59 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-01-04 14:58 - 2015-01-25 20:25 - 01432975 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 14:58 - 2015-01-04 14:58 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-01-04 14:58 - 2015-01-04 14:58 - 00001313 _____ () C:\Windows\TSSysprep.log
2015-01-04 14:55 - 2015-01-04 15:02 - 00000000 ____D () C:\Windows\Panther
2015-01-04 00:14 - 2015-01-04 00:14 - 06370320 ____R (Ghisler Software GmbH) C:\Users\Kook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tcmx32_64.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 17:12 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 17:12 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 17:09 - 2009-07-14 16:18 - 00668792 _____ () C:\Windows\system32\perfh005.dat
2015-01-25 17:09 - 2009-07-14 16:18 - 00141420 _____ () C:\Windows\system32\perfc005.dat
2015-01-25 17:09 - 2009-07-14 06:13 - 01583226 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 17:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 17:04 - 2009-07-14 05:51 - 00029303 _____ () C:\Windows\setupact.log
2015-01-25 11:38 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-24 21:14 - 2009-07-14 03:34 - 62390272 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-24 21:14 - 2009-07-14 03:34 - 12582912 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-24 21:14 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-24 21:14 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-24 21:14 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-21 20:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-16 23:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-12 16:15 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-08 19:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-08 09:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-06 16:52 - 2009-07-14 05:45 - 00337928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 16:50 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-06 16:50 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-06 16:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-06 16:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-06 14:39 - 2009-07-14 16:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-06 14:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-06 14:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-06 14:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-06 14:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-06 14:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-05 20:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-04 20:17 - 2009-07-14 16:37 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-01-04 20:17 - 2009-07-14 16:18 - 00000000 ____D () C:\Windows\SysWOW64\cs
2015-01-04 20:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-01-04 20:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-01-04 20:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-04 20:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-01-04 20:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-01-04 20:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-01-04 20:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-04 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-01-04 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-01-04 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2015-01-04 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2015-01-04 20:16 - 2009-07-14 16:18 - 00000000 ____D () C:\Windows\system32\cs
2015-01-04 20:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-01-04 20:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-01-04 20:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2015-01-04 20:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sppui
2015-01-04 20:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-01-04 20:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-04 20:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-01-04 20:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2015-01-04 20:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-01-04 20:09 - 2009-07-14 03:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2015-01-04 20:09 - 2009-07-14 03:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2015-01-04 19:41 - 2009-07-14 16:36 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-04 17:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-04 16:04 - 2009-07-14 16:37 - 00000000 ____D () C:\Windows\ShellNew
2015-01-04 15:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-04 15:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-04 15:01 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-04 15:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-04 14:59 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-04 14:58 - 2009-07-14 05:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2015-01-04 14:58 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-04 14:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-04 14:56 - 2009-07-14 16:37 - 00000000 ____D () C:\Windows\CSC
2015-01-04 14:55 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-04 14:55 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-04 14:54 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 17:27
==================== End Of Log ============================
prosím o kontrolu Vyřešeno
Re: prosím o kontrolu
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Kook at 2015-01-25 21:21:51
Running from C:\Users\Kook\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Cryptext (Remove Only) (HKLM-x32\...\CryptextNT4) (Version: - )
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 cs)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1700}) (Version: 12.23.0.15 - APN, LLC) <==== ATTENTION
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Total Commander Auto-Installer 8.52 (HKLM-x32\...\Total Commander Auto-Installer 8.52) (Version: 8.52 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
25-01-2015 21:11:10 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-01-25 11:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10D826FB-89FE-4AF6-BDF1-48EFE55EE66D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2232E455-4489-4CB6-9CFD-BC6B56A87B5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {9648CFE4-4D02-4CCE-AEFA-6FE89603C7AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {AF514B82-DDCA-4942-964E-25F811FDED15} - System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192} => pcalua.exe -a C:\Users\Kook\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1748179089-823422957-1929743790-500 - Administrator - Disabled)
Guest (S-1-5-21-1748179089-823422957-1929743790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1748179089-823422957-1929743790-1002 - Limited - Enabled)
Kook (S-1-5-21-1748179089-823422957-1929743790-1000 - Administrator - Enabled) => C:\Users\Kook
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (01/25/2015 05:06:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)
Error: (01/25/2015 05:06:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)
Error: (01/25/2015 05:04:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\pfc.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/25/2015 01:28:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)
Error: (01/25/2015 01:27:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\pfc.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/25/2015 11:51:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)
Error: (01/25/2015 11:49:45 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\pfc.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/25/2015 11:38:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/25/2015 11:34:44 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/25/2015 11:34:44 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-01-25 11:34:44.689
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 11:34:44.533
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 11:34:44.361
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 11:34:44.189
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:08:30.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:08:29.896
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:08:29.740
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:08:29.584
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:03:32.809
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:03:32.637
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 3996.93 MB
Available physical RAM: 2857.56 MB
Total Pagefile: 7992.05 MB
Available Pagefile: 6655.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:285.99 GB) (Free:240.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 298.1 GB) (Disk ID: DE868AB1)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Kook at 2015-01-25 21:21:51
Running from C:\Users\Kook\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Cryptext (Remove Only) (HKLM-x32\...\CryptextNT4) (Version: - )
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 cs)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1700}) (Version: 12.23.0.15 - APN, LLC) <==== ATTENTION
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Total Commander Auto-Installer 8.52 (HKLM-x32\...\Total Commander Auto-Installer 8.52) (Version: 8.52 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
25-01-2015 21:11:10 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-01-25 11:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10D826FB-89FE-4AF6-BDF1-48EFE55EE66D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2232E455-4489-4CB6-9CFD-BC6B56A87B5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {9648CFE4-4D02-4CCE-AEFA-6FE89603C7AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {AF514B82-DDCA-4942-964E-25F811FDED15} - System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192} => pcalua.exe -a C:\Users\Kook\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1748179089-823422957-1929743790-500 - Administrator - Disabled)
Guest (S-1-5-21-1748179089-823422957-1929743790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1748179089-823422957-1929743790-1002 - Limited - Enabled)
Kook (S-1-5-21-1748179089-823422957-1929743790-1000 - Administrator - Enabled) => C:\Users\Kook
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (01/25/2015 05:06:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)
Error: (01/25/2015 05:06:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)
Error: (01/25/2015 05:04:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\pfc.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/25/2015 01:28:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)
Error: (01/25/2015 01:27:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\pfc.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/25/2015 11:51:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)
Error: (01/25/2015 11:49:45 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\pfc.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/25/2015 11:38:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/25/2015 11:34:44 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/25/2015 11:34:44 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-01-25 11:34:44.689
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 11:34:44.533
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 11:34:44.361
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 11:34:44.189
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:08:30.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:08:29.896
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:08:29.740
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:08:29.584
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:03:32.809
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-24 21:03:32.637
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 3996.93 MB
Available physical RAM: 2857.56 MB
Total Pagefile: 7992.05 MB
Available Pagefile: 6655.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:285.99 GB) (Free:240.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 298.1 GB) (Disk ID: DE868AB1)Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
==================== End Of Log ============================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1748179089-823422957-1929743790-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1748179089-823422957-1929743790-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> FF3ADDC98E8BED557081FC99398CDA64FB76087E818B8B9111B6155F9785C474
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192}
C:\ProgramData\Sun
C:\ProgramData\McAfee
C:\Windows\SysWOW64\mncqypkac.vbe
Task: {10D826FB-89FE-4AF6-BDF1-48EFE55EE66D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2232E455-4489-4CB6-9CFD-BC6B56A87B5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {AF514B82-DDCA-4942-964E-25F811FDED15} - System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192} => pcalua.exe -a C:\Users\Kook\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu
Ahoj, děkuji za pomoc.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Kook at 2015-01-26 22:17:20 Run:1
Running from C:\Users\Kook\Desktop
Loaded Profiles: Kook (Available profiles: Kook)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1748179089-823422957-1929743790-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1748179089-823422957-1929743790-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> FF3ADDC98E8BED557081FC99398CDA64FB76087E818B8B9111B6155F9785C474
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192}
C:\ProgramData\Sun
C:\ProgramData\McAfee
C:\Windows\SysWOW64\mncqypkac.vbe
Task: {10D826FB-89FE-4AF6-BDF1-48EFE55EE66D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2232E455-4489-4CB6-9CFD-BC6B56A87B5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {AF514B82-DDCA-4942-964E-25F811FDED15} - System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192} => pcalua.exe -a C:\Users\Kook\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
*****************
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1748179089-823422957-1929743790-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1748179089-823422957-1929743790-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome DefaultSearchKeyword not detected.
catchme => Service deleted successfully.
C:\Windows\System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192} => Moved successfully.
C:\ProgramData\Sun => Moved successfully.
C:\ProgramData\McAfee => Moved successfully.
C:\Windows\SysWOW64\mncqypkac.vbe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10D826FB-89FE-4AF6-BDF1-48EFE55EE66D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D826FB-89FE-4AF6-BDF1-48EFE55EE66D}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2232E455-4489-4CB6-9CFD-BC6B56A87B5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2232E455-4489-4CB6-9CFD-BC6B56A87B5E}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF514B82-DDCA-4942-964E-25F811FDED15}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF514B82-DDCA-4942-964E-25F811FDED15}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0F5081D-2D6A-4CC7-80BD-1AC986953192}" => Key deleted successfully.
==== End of Fixlog 22:17:21 ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Kook at 2015-01-26 22:17:20 Run:1
Running from C:\Users\Kook\Desktop
Loaded Profiles: Kook (Available profiles: Kook)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1748179089-823422957-1929743790-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1748179089-823422957-1929743790-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> FF3ADDC98E8BED557081FC99398CDA64FB76087E818B8B9111B6155F9785C474
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192}
C:\ProgramData\Sun
C:\ProgramData\McAfee
C:\Windows\SysWOW64\mncqypkac.vbe
Task: {10D826FB-89FE-4AF6-BDF1-48EFE55EE66D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2232E455-4489-4CB6-9CFD-BC6B56A87B5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {AF514B82-DDCA-4942-964E-25F811FDED15} - System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192} => pcalua.exe -a C:\Users\Kook\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
*****************
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1748179089-823422957-1929743790-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1748179089-823422957-1929743790-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome DefaultSearchKeyword not detected.
catchme => Service deleted successfully.
C:\Windows\System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192} => Moved successfully.
C:\ProgramData\Sun => Moved successfully.
C:\ProgramData\McAfee => Moved successfully.
C:\Windows\SysWOW64\mncqypkac.vbe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10D826FB-89FE-4AF6-BDF1-48EFE55EE66D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D826FB-89FE-4AF6-BDF1-48EFE55EE66D}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2232E455-4489-4CB6-9CFD-BC6B56A87B5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2232E455-4489-4CB6-9CFD-BC6B56A87B5E}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF514B82-DDCA-4942-964E-25F811FDED15}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF514B82-DDCA-4942-964E-25F811FDED15}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A0F5081D-2D6A-4CC7-80BD-1AC986953192} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0F5081D-2D6A-4CC7-80BD-1AC986953192}" => Key deleted successfully.
==== End of Fixlog 22:17:21 ====
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu
Ahoj, moc díky za všechny rady. PC chodí v pohodě, omiga-plus zmizela už dávno, jak už jsem psal. Jen se pořád při otevření nového okna objevuje upozornění, že aplikace Firefox zabránila této stránce v automatickém přesměrování na jinou stránku. Celkem mně to ani nevadí, nechci tady otravovat, jsem moc rád, jak jste mně pomohli. Nechám to na tobě, jestli se s tím nechá něco udělat, ještě jednou děkuju.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
můžeš dát screen té hlášky?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu
Aplikace Firefox zabránila této stránce v automatickém přesměrování na jinou stránku.
Re: prosím o kontrolu
Nevím,jak sem screen vložit, mohl bych ti ho poslat mailem, jinak nevím 
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
otevři nový příspěvek a dole klikni na "příloha".
V okně vyber obrázek atd.
V okně vyber obrázek atd.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 117 hostů