Kontrola Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Sirek
nováček
Příspěvky: 34
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Kontrola

Příspěvekod Sirek » 01 úno 2013 10:33

Ahoj .. vytvořil jsem už příspěvek viewtopic.php?f=36&t=101054 a jaojao mi poradil ať si stáhnu hijackthis a dám jsem log ..
Jde o to že se mi strašně sekají i ty hry s nepříliš dobrou grafikou .. Dřív jsem hrál na tomto ntb uplně ty samý hry jako hraju teď a nesekaly se mi, snad ten HiJackThis něco s tím vyřeší :)
Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:28, on 1.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-3298877075-242439815-21296530-1000\..\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB (User 'UpdatusUser')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8029 bytes

Reklama
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Žbeky » 01 úno 2013 11:32

Nedávej logy do CODE, blbě se to čte

Fixni O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Sirek
nováček
Příspěvky: 34
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Sirek » 01 úno 2013 16:08

jojo udělám vše a do čeho to mám dávat ?

Sirek
nováček
Příspěvky: 34
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Sirek » 01 úno 2013 16:42

► Zobrazit spoiler

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Žbeky » 01 úno 2013 18:44

Do ničeho, prostě je vlož... Proč by v něčem musely být?

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Sirek
nováček
Příspěvky: 34
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Sirek » 01 úno 2013 19:21

Log: TDSSKiller
V tom to nic nenašlo a log je veliký tak ho dám do code a musel jsem toho pár vymazat protože je tam moc znaků

Kód: Vybrat vše

19:10:48.0119 3532  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:10:50.0122 3532  ============================================================
19:10:50.0122 3532  Current date / time: 2013/02/01 19:10:50.0122
19:10:50.0122 3532  SystemInfo:
19:10:50.0122 3532 
19:10:50.0123 3532  OS Version: 6.1.7601 ServicePack: 1.0
19:10:50.0123 3532  Product type: Workstation
19:10:50.0123 3532  ComputerName: DAVID-PC
19:10:50.0123 3532  UserName: David
19:10:50.0123 3532  Windows directory: C:\Windows
19:10:50.0123 3532  System windows directory: C:\Windows
19:10:50.0123 3532  Running under WOW64
19:10:50.0123 3532  Processor architecture: Intel x64
19:10:50.0123 3532  Number of processors: 2
19:10:50.0123 3532  Page size: 0x1000
19:10:50.0123 3532  Boot type: Normal boot
19:10:50.0123 3532  ============================================================
19:10:51.0740 3532  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:10:51.0745 3532  ============================================================
19:10:51.0745 3532  \Device\Harddisk0\DR0:
19:10:51.0755 3532  MBR partitions:
19:10:51.0755 3532  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
19:10:51.0755 3532  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x55113000
19:10:51.0755 3532  ============================================================
19:10:51.0837 3532  C: <-> \Device\Harddisk0\DR0\Partition2
19:10:51.0837 3532  ============================================================
19:10:51.0837 3532  Initialize success
19:10:51.0837 3532  ============================================================
19:11:03.0469 5840  ============================================================
19:11:03.0469 5840  Scan started
19:11:03.0469 5840  Mode: Manual;
19:11:03.0469 5840  ============================================================
19:11:04.0231 5840  ================ Scan system memory ========================
19:11:04.0231 5840  System memory - ok
19:11:04.0235 5840  ================ Scan services =============================
19:11:04.0801 5840  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:11:04.0815 5840  1394ohci - ok
19:11:04.0843 5840  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:11:04.0848 5840  ACPI - ok
19:11:04.0888 5840  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:11:04.0889 5840  AcpiPmi - ok
19:11:05.0137 5840  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:11:05.0138 5840  AdobeARMservice - ok
19:11:05.0454 5840  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:11:05.0456 5840  AdobeFlashPlayerUpdateSvc - ok
19:11:05.0507 5840  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:11:05.0516 5840  adp94xx - ok
19:11:05.0590 5840  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:11:05.0597 5840  adpahci - ok
19:11:05.0621 5840  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:11:05.0626 5840  adpu320 - ok
19:11:05.0660 5840  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:11:05.0662 5840  AeLookupSvc - ok
19:11:05.0738 5840  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:11:05.0774 5840  AFD - ok
19:11:05.0847 5840  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:11:05.0849 5840  agp440 - ok
19:11:05.0928 5840  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:11:05.0931 5840  ALG - ok
19:11:05.0973 5840  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:11:05.0982 5840  aliide - ok
19:11:05.0998 5840  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:11:05.0999 5840  amdide - ok
19:11:06.0019 5840  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:11:06.0021 5840  AmdK8 - ok
19:11:06.0029 5840  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:11:06.0034 5840  AmdPPM - ok
19:11:06.0086 5840  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:11:06.0088 5840  amdsata - ok
19:11:06.0234 5840  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:11:06.0237 5840  amdsbs - ok
19:11:06.0262 5840  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:11:06.0265 5840  amdxata - ok
19:11:06.0302 5840  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:11:06.0305 5840  AppID - ok
19:11:06.0352 5840  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:11:06.0353 5840  AppIDSvc - ok
19:11:06.0391 5840  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:11:06.0393 5840  Appinfo - ok
19:11:06.0420 5840  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:11:06.0422 5840  arc - ok
19:11:06.0436 5840  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:11:06.0438 5840  arcsas - ok
19:11:06.0650 5840  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:11:41.0746 5840  wbengine - ok
19:11:41.0793 5840  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:11:41.0816 5840  WbioSrvc - ok
19:11:41.0909 5840  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:11:41.0917 5840  wcncsvc - ok
19:11:41.0959 5840  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:11:41.0964 5840  WcsPlugInService - ok
19:11:42.0026 5840  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:11:42.0028 5840  Wd - ok
19:11:42.0122 5840  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:11:42.0135 5840  Wdf01000 - ok
19:11:42.0177 5840  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:11:42.0181 5840  WdiServiceHost - ok
19:11:42.0196 5840  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:11:42.0199 5840  WdiSystemHost - ok
19:11:42.0290 5840  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:11:42.0297 5840  WebClient - ok
19:11:42.0343 5840  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:11:42.0350 5840  Wecsvc - ok
19:11:42.0390 5840  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:11:42.0394 5840  wercplsupport - ok
19:11:42.0432 5840  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:11:42.0436 5840  WerSvc - ok
19:11:42.0482 5840  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:11:42.0483 5840  WfpLwf - ok
19:11:42.0512 5840  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:11:42.0543 5840  WIMMount - ok
19:11:42.0598 5840  WinDefend - ok
19:11:42.0618 5840  WinHttpAutoProxySvc - ok
19:11:42.0825 5840  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:11:42.0829 5840  Winmgmt - ok
19:11:42.0917 5840  WinRing0_1_2_0 - ok
19:11:43.0249 5840  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:11:43.0297 5840  WinRM - ok
19:11:43.0401 5840  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:11:43.0403 5840  WinUsb - ok
19:11:43.0514 5840  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:11:43.0529 5840  Wlansvc - ok
19:11:43.0707 5840  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:11:43.0708 5840  wlcrasvc - ok
19:11:44.0296 5840  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:11:44.0317 5840  wlidsvc - ok
19:11:44.0394 5840  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:11:44.0396 5840  WmiAcpi - ok
19:11:44.0456 5840  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:11:44.0459 5840  wmiApSrv - ok
19:11:44.0512 5840  WMPNetworkSvc - ok
19:11:44.0561 5840  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:11:44.0564 5840  WPCSvc - ok
19:11:44.0590 5840  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:11:44.0596 5840  WPDBusEnum - ok
19:11:44.0637 5840  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:11:44.0639 5840  ws2ifsl - ok
19:11:44.0697 5840  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:11:44.0701 5840  wscsvc - ok
19:11:44.0713 5840  WSearch - ok
19:11:44.0969 5840  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:11:45.0043 5840  wuauserv - ok
19:11:45.0115 5840  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:11:45.0117 5840  WudfPf - ok
19:11:45.0210 5840  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:11:45.0216 5840  WUDFRd - ok
19:11:45.0238 5840  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:11:45.0243 5840  wudfsvc - ok
19:11:45.0286 5840  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:11:45.0347 5840  WwanSvc - ok
19:11:45.0853 5840  X6va007 - ok
19:11:46.0454 5840  X6va008 - ok
19:11:46.0498 5840  X6va009 - ok
19:11:46.0627 5840  X6va010 - ok
19:11:46.0638 5840  X6va011 - ok
19:11:46.0692 5840  ================ Scan global ===============================
19:11:46.0791 5840  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:11:46.0845 5840  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
19:11:46.0889 5840  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
19:11:46.0947 5840  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:11:46.0991 5840  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:11:46.0997 5840  [Global] - ok
19:11:47.0002 5840  ================ Scan MBR ==================================
19:11:47.0027 5840  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:11:47.0710 5840  \Device\Harddisk0\DR0 - ok
19:11:47.0713 5840  ================ Scan VBR ==================================
19:11:47.0721 5840  [ BC92A9495FB6050E857FC85543F586CD ] \Device\Harddisk0\DR0\Partition1
19:11:47.0724 5840  \Device\Harddisk0\DR0\Partition1 - ok
19:11:47.0738 5840  [ 434297DA9EA29E9C7320CB2E2A35658E ] \Device\Harddisk0\DR0\Partition2
19:11:47.0743 5840  \Device\Harddisk0\DR0\Partition2 - ok
19:11:47.0746 5840  ============================================================
19:11:47.0746 5840  Scan finished
19:11:47.0746 5840  ============================================================
19:11:47.0764 5032  Detected object count: 0
19:11:47.0764 5032  Actual detected object count: 0
19:12:39.0762 5956  Deinitialize success

Sirek
nováček
Příspěvky: 34
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Sirek » 01 úno 2013 19:22

Log: MbAM
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrátor]

Ochrana: Povolena

1.2.2013 19:08:35
mbam-log-2013-02-01 (19-08-35).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 284560
Uplynulý čas: 3 minut, 58 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\ProgramData\wxDfast (PUP.wxDfast) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\wxDfast\data (PUP.wxDfast) -> Přesun do karantény a smazání se zdařilo.

Nalezené soubory: 5
C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\wxDfast\iebnnahphapcmnfkaliadieimjloopcf.crx (PUP.wxDfast) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> Přesun do karantény a smazání se zdařilo.

(konec)

Sirek
nováček
Příspěvky: 34
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Sirek » 01 úno 2013 19:52

    ComboFix 13-02-01.04 - David 01.02.2013 19:31:54.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8044.5741 [GMT 1:00]
    Spuštěný z: c:\users\David\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\cflog\CrashLog_20120828.txt
    c:\cflog\CrashLog_20121223.txt
    c:\cflog\CrashLog_20130112.txt
    c:\cflog\CrashLog_20130113.txt
    c:\cflog\CrashLog_20130114.txt
    c:\cflog\CrashLog_20130115.txt
    c:\cflog\CrashLog_20130116.txt
    c:\cflog\EPLog.txt
    c:\cflog\Host.txt
    C:\install.exe
    c:\program files (x86)\Your Product\Uninstall
    c:\program files (x86)\Your Product\Uninstall\IRIMG1.JPG
    c:\program files (x86)\Your Product\Uninstall\IRIMG2.JPG
    c:\program files (x86)\Your Product\Uninstall\uninstall.dat
    c:\program files (x86)\Your Product\Uninstall\uninstall.xml
    c:\programdata\Bcool
    c:\programdata\Bcool\background.html
    c:\programdata\Bcool\content.js
    c:\programdata\Bcool\pnfanemooakkklekmpgmhlphdnlnmfmm.crx
    c:\programdata\Bcool\settings.ini
    c:\users\David\AppData\Local\assembly\tmp
    c:\users\David\AppData\Roaming\SCPSP7.DLL
    c:\users\David\AppData\Roaming\SCPSS7.DLL
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\WanPacket.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((( Soubory vytvořené od 2013-01-01 do 2013-02-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-01 18:44 . 2013-02-01 18:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2013-02-01 18:44 . 2013-02-01 18:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-02-01 18:44 . 2013-02-01 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-01 15:31 . 2013-02-01 15:31 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
    2013-02-01 15:30 . 2013-02-01 15:30 -------- d-----w- c:\programdata\Malwarebytes
    2013-02-01 15:30 . 2013-02-01 15:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-02-01 15:30 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-01 15:30 . 2013-02-01 15:30 -------- d-----w- c:\users\David\AppData\Local\Programs
    2013-02-01 08:37 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A432992F-3A82-4655-9865-58EBEBC550C4}\mpengine.dll
    2013-01-31 19:16 . 2013-02-01 09:51 -------- d-----w- c:\users\David\AppData\Roaming\.minecraft
    2013-01-30 14:05 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-28 15:37 . 2013-02-01 18:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn Hamachi
    2013-01-28 15:37 . 2013-02-01 18:26 -------- d-----w- c:\users\David\AppData\Local\LogMeIn Hamachi
    2013-01-28 15:37 . 2013-01-28 15:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2013-01-27 07:39 . 2013-01-27 07:39 -------- d-----w- c:\programdata\Package Cache
    2013-01-25 16:40 . 2013-01-25 16:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-01-25 16:40 . 2013-01-25 16:40 -------- d-----r- c:\program files (x86)\Skype
    2013-01-24 17:49 . 2013-01-24 17:49 -------- d-----w- c:\program files (x86)\2K Games
    2013-01-19 07:36 . 2013-01-19 07:36 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2013-01-18 16:18 . 2013-01-18 16:18 388096 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-01-18 16:18 . 2013-01-18 16:18 -------- d-----w- c:\program files (x86)\Trend Micro
    2013-01-17 14:02 . 2013-01-17 14:03 -------- d-----w- c:\program files (x86)\Rockstar Games
    2013-01-16 13:48 . 2013-01-18 16:08 -------- d-----w- c:\users\David\AppData\Local\PokerStars
    2013-01-16 13:47 . 2013-01-16 13:48 -------- d-----w- c:\program files (x86)\PokerStars
    2013-01-12 15:32 . 2013-01-24 14:01 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2013-01-09 16:41 . 2013-01-11 14:51 -------- d-----w- C:\SG Interactive
    2013-01-09 14:21 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
    2013-01-09 14:21 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 14:21 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 14:21 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
    2013-01-09 14:21 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 14:21 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 14:20 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 14:20 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 14:20 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 14:20 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 13:59 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 13:58 . 2012-11-30 05:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 13:58 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 13:58 . 2012-11-30 04:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2013-01-09 13:58 . 2012-11-30 04:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-09 13:58 . 2012-11-30 04:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2013-01-09 13:58 . 2012-11-30 02:44 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-01-09 13:58 . 2012-11-30 02:44 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-01-09 13:58 . 2012-11-30 02:38 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-09 13:58 . 2012-11-30 02:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-09 13:58 . 2012-11-30 02:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2013-01-09 13:58 . 2012-11-30 02:44 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-01-09 13:58 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 13:58 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-08 17:29 . 2013-01-31 19:43 -------- d-----w- c:\users\David\AppData\Roaming\TS3Client
    2013-01-08 16:11 . 2013-01-08 16:11 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-27 15:55 . 2012-09-29 15:37 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-01-27 15:55 . 2012-04-03 22:17 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-01-27 10:02 . 2012-04-03 22:17 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-01-27 07:38 . 2012-04-03 22:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2013-01-24 14:01 . 2012-08-27 07:59 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-01-17 14:39 . 2012-03-26 17:38 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2013-01-09 20:12 . 2012-05-12 09:41 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-09 14:37 . 2012-04-06 19:25 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 14:37 . 2011-10-14 03:49 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 17:11 . 2012-12-21 19:40 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 19:40 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 19:40 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 19:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-04 19:30 . 2012-12-04 19:30 555836 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
    2012-11-30 04:45 . 2013-01-09 13:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-28 08:30 . 2012-11-28 08:33 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C793182C-B47A-43A7-AEB3-6FEFC27EEC02}\gapaengine.dll
    2012-11-17 09:54 . 2012-11-28 08:33 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-11-14 07:06 . 2012-12-12 15:33 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-12 15:33 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-12 15:34 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-12 15:34 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-12 15:34 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-12 15:34 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-12 15:34 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-12 15:34 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-12 15:34 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-12 15:34 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-12 15:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-12 15:34 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-12 15:34 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-12 15:34 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-12 15:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-12 15:34 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-12 15:34 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-12 15:34 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-12 15:34 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-12 15:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-12 15:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-12 15:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-12 14:04 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 14:04 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-06 00:20 . 2012-11-06 00:20 92624 ----a-w- c:\windows\SysWow64\mfcm110u.dll
    2012-11-06 00:20 . 2012-11-06 00:20 92616 ----a-w- c:\windows\SysWow64\mfcm110.dll
    2012-11-06 00:20 . 2012-11-06 00:20 875472 ----a-w- c:\windows\SysWow64\msvcr110.dll
    2012-11-06 00:20 . 2012-11-06 00:20 74704 ----a-w- c:\windows\SysWow64\mfc110fra.dll
    2012-11-06 00:20 . 2012-11-06 00:20 74704 ----a-w- c:\windows\SysWow64\mfc110deu.dll
    2012-11-06 00:20 . 2012-11-06 00:20 73680 ----a-w- c:\windows\SysWow64\mfc110esn.dll
    2012-11-06 00:20 . 2012-11-06 00:20 72656 ----a-w- c:\windows\SysWow64\mfc110ita.dll
    2012-11-06 00:20 . 2012-11-06 00:20 70624 ----a-w- c:\windows\SysWow64\mfc110rus.dll
    2012-11-06 00:20 . 2012-11-06 00:20 64976 ----a-w- c:\windows\SysWow64\mfc110enu.dll
    2012-11-06 00:20 . 2012-11-06 00:20 53712 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
    2012-11-06 00:20 . 2012-11-06 00:20 535008 ----a-w- c:\windows\SysWow64\msvcp110.dll
    2012-11-06 00:20 . 2012-11-06 00:20 53200 ----a-w- c:\windows\SysWow64\mfc110kor.dll
    2012-11-06 00:20 . 2012-11-06 00:20 46032 ----a-w- c:\windows\SysWow64\mfc110cht.dll
    2012-11-06 00:20 . 2012-11-06 00:20 46032 ----a-w- c:\windows\SysWow64\mfc110chs.dll
    2012-11-06 00:20 . 2012-11-06 00:20 4456904 ----a-w- c:\windows\SysWow64\mfc110u.dll
    2012-11-06 00:20 . 2012-11-06 00:20 4421080 ----a-w- c:\windows\SysWow64\mfc110.dll
    2012-11-06 00:20 . 2012-11-06 00:20 320976 ----a-w- c:\windows\SysWow64\vcamp110.dll
    2012-11-06 00:20 . 2012-11-06 00:20 252400 ----a-w- c:\windows\SysWow64\vccorlib110.dll
    2012-11-06 00:20 . 2012-11-06 00:20 125904 ----a-w- c:\windows\SysWow64\vcomp110.dll
    2012-11-06 00:20 . 2012-11-06 00:20 168920 ----a-w- c:\windows\SysWow64\atl110.dll
    2005-08-24 22:10 174592 --sha-w- c:\windows\SysWOW64\ncfpsys.exe
    .
    .
    (((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-01-24 14:01 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-24 1883824]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-24 1101488]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "RequireSignedAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 tcpredir;tcpredir;c:\program files (x86)\iPig\Client\tcpredir.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-17 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-17 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-17 280992]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-09-17 517280]
    R3 DFX11_0;DFX Audio Enhancer 11;c:\windows\system32\drivers\dfx11_0x64.sys [2012-08-16 28008]
    R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys [2012-08-29 28008]
    R3 dump_wmimmc;dump_wmimmc;c:\9dragons\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
    R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-05 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
    R3 X6va007;X6va007;c:\users\David\AppData\Local\Temp\0073467.tmp [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
    R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
    R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
    R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
    R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
    R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
    R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
    R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-16 28992]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-24 37720]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-04 283200]
    S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-06-01 41224]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-11-15 22648]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-11-15 20520]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-11-15 62776]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
    S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-24 945328]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
    S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-24 13:03 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Obsah adresáře 'Naplánované úlohy'
    .
    2013-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:37]
    .
    2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 12:00]
    .
    2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 12:00]
    .
    2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298877075-242439815-21296530-1001Core.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 15:27]
    .
    2013-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298877075-242439815-21296530-1001UA.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 15:27]
    .
    2013-02-01 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    - c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-24 14:01]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Doplňkový sken -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SYSTEM32\blank.htm
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6apsrxv6.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={B259F605-47CA-49D8-B4C2-445E5525A945}&mid=aa8bbea1acb947d0a0de0d47e7fccf0f-b7510b73bae217b645000c5764f98273585f8dd6&lang=cs&ds=gm011&pr=sa&d=2012-03-30 21:54&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
    FF - user.js: extensions.BabylonToolbar_i.id - 7ab4d239000000000000e4d53d56a2da
    FF - user.js: extensions.BabylonToolbar_i.hardId - 7ab4d239000000000000e4d53d56a2da
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15535
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    pref('extensions.shownSelectionUI',true);
    pref('extensions.autoDisableScopes',0);
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=3012_7
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - 7ab4d239000000000000e4d53d56a2da
    FF - user.js: extensions.BabylonToolbar.instlDay - 15548
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.118:08
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extentions.y2layers.installId - fbe28901-068e-4558-8c8c-ea0e557b1e06
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
    .
    Toolbar-Locked - (no file)
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{09152F0B-739C-4DEC-A245-1AA8A37594F1} - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
    "ImagePath"="\??\c:\users\David\AppData\Local\Temp\0073467.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
    .
    --------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
    0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
    9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
    ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
    2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
    79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
    "{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,
    89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
    b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
    ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Celkový čas: 2013-02-01 19:49:46
    ComboFix-quarantined-files.txt 2013-02-01 18:49
    .
    Před spuštěním: Volných bajtů: 554 371 887 104
    Po spuštění: Volných bajtů: 553 773 993 984
    .
    - - End Of File - - C69D4A4BA4C336E6C7ADED623B701078

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Žbeky » 02 úno 2013 10:40

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\program files (x86)\AVG Secure Search
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update
c:\users\David\AppData\Local\Google\Update

File::
c:\windows\system32\drivers\avgtpx64.sys
c:\windows\system32\drivers\EagleX64.sys
c:\windows\system32\GameMon.des
c:\users\David\AppData\Local\Temp\0073467.tmp
c:\windows\SysWOW64\Drivers\X6va008
c:\windows\SysWOW64\Drivers\X6va009
c:\windows\SysWOW64\Drivers\X6va010
c:\windows\SysWOW64\Drivers\X6va011
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298877075-242439815-21296530-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298877075-242439815-21296530-1001UA.job
c:\windows\Tasks\ROC_JAN2013_TB_rmv.job

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= -
[-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-
"RequireSignedAppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"=-

Driver::
SkypeUpdate
EagleX64
npggsvc
X6va007
X6va008
X6va009
X6va010
X6va011
avgtp
vToolbarUpdater14.0.1

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll

Firefox::
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6apsrxv6.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={B259F605-47CA-49D8-B4C2-445E5525A945}&mid=aa8bbea1acb947d0a0de0d47e7fccf0f-b7510b73bae217b645000c5764f98273585f8dd6&lang=cs&ds=gm011&pr=sa&d=2012-03-30 21:54&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.id - 7ab4d239000000000000e4d53d56a2da
FF - user.js: extensions.BabylonToolbar_i.hardId - 7ab4d239000000000000e4d53d56a2da
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15535
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=3012_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 7ab4d239000000000000e4d53d56a2da
FF - user.js: extensions.BabylonToolbar.instlDay - 15548
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.118:08
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extentions.y2layers.installId - fbe28901-068e-4558-8c8c-ea0e557b1e06
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Sirek
nováček
Příspěvky: 34
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Sirek » 02 úno 2013 11:55

Zde je LoG

ComboFix 13-02-01.04 - David 02.02.2013 11:31:45.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8044.6246 [GMT 1:00]
Spuštěný z: c:\users\David\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\David\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\David\AppData\Local\Temp\0073467.tmp"
"c:\windows\system32\drivers\avgtpx64.sys"
"c:\windows\system32\drivers\EagleX64.sys"
"c:\windows\system32\GameMon.des"
"c:\windows\SysWOW64\Drivers\X6va008"
"c:\windows\SysWOW64\Drivers\X6va009"
"c:\windows\SysWOW64\Drivers\X6va010"
"c:\windows\SysWOW64\Drivers\X6va011"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298877075-242439815-21296530-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298877075-242439815-21296530-1001UA.job"
"c:\windows\Tasks\ROC_JAN2013_TB_rmv.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG Secure Search
c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
c:\program files (x86)\AVG Secure Search\about.gif
c:\program files (x86)\AVG Secure Search\active-threats18.gif
c:\program files (x86)\AVG Secure Search\AVG Secure Search
c:\program files (x86)\AVG Secure Search\calc.gif
c:\program files (x86)\AVG Secure Search\CleanHistory.gif
c:\program files (x86)\AVG Secure Search\configuration.xml
c:\program files (x86)\AVG Secure Search\current.gif
c:\program files (x86)\AVG Secure Search\currently-safe18.gif
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\all.css
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\btn-ok2.gif
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\downBtn.png
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\DSPDlg_IE.html
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\logo2.png
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\upBtn.png
c:\program files (x86)\AVG Secure Search\EnableHelperRes\EEImageHandler.html
c:\program files (x86)\AVG Secure Search\EnableHelperRes\Images\box_ie.png
c:\program files (x86)\AVG Secure Search\Eula.txt
c:\program files (x86)\AVG Secure Search\Facebook.gif
c:\program files (x86)\AVG Secure Search\favicon.ico
c:\program files (x86)\AVG Secure Search\feedback.gif
c:\program files (x86)\AVG Secure Search\FireFoxSearchXml.tmp
c:\program files (x86)\AVG Secure Search\GenericWndApi.dll
c:\program files (x86)\AVG Secure Search\help.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_close.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_expand.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_tooltip.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_tracking.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bull4x4.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\divider.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\innerBG_gradient.gif
c:\program files (x86)\AVG Secure Search\icon18.gif
c:\program files (x86)\AVG Secure Search\labs.gif
c:\program files (x86)\AVG Secure Search\Licenses\Encoding_decoding_base64.txt
c:\program files (x86)\AVG Secure Search\Licenses\hmac.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-bsdiff.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-bzip.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-JasonCpp.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-sparsehash.txt
c:\program files (x86)\AVG Secure Search\Licenses\PassthruApp.txt
c:\program files (x86)\AVG Secure Search\lip.exe
c:\program files (x86)\AVG Secure Search\note.gif
c:\program files (x86)\AVG Secure Search\PostInstall.exe
c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe
c:\program files (x86)\AVG Secure Search\PostInstaller.ini
c:\program files (x86)\AVG Secure Search\remote_configuration.xml
c:\program files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe
c:\program files (x86)\AVG Secure Search\search.gif
c:\program files (x86)\AVG Secure Search\setup.bmp
c:\program files (x86)\AVG Secure Search\speed-test.gif
c:\program files (x86)\AVG Secure Search\surf-with-caution18.gif
c:\program files (x86)\AVG Secure Search\Uninstall.exe
c:\program files (x86)\AVG Secure Search\uninstall.gif
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.5.1.min.js
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\JQueyExtensions.js
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\uninstall_cp.css
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Uninstall_cp.html
c:\program files (x86)\AVG Secure Search\updating18.gif
c:\program files (x86)\AVG Secure Search\vprot.exe
c:\program files (x86)\AVG Secure Search\weather.gif
c:\program files (x86)\AVG Secure Search\windows.gif
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.124\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.124\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.124\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.124\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.124\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.124\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.124\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.124\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.124\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.57\24.0.1312.57_24.0.1312.56_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\program files (x86)\Your Product\lua5.1.dll
c:\users\David\AppData\Local\Google\Update
c:\users\David\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\users\David\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\users\David\AppData\Local\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\users\David\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\users\David\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\users\David\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\users\David\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdate.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_am.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_da.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_de.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_el.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_en.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_es.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_et.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_id.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_is.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_it.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_no.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_te.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_th.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\psmachine.dll
c:\users\David\AppData\Local\Google\Update\1.3.21.123\psuser.dll
c:\users\David\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\users\David\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\22.0.1229.79\22.0.1229.79_21.0.1180.89_chrome_updater.exe
c:\users\David\AppData\Local\Google\Update\Download\{D0AB2EBC-931B-4013-9FEB-C9C4C2225C8C}\3.13.1.11376\googletalkpluginaccel.msi
c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Legacy_EAGLEX64
-------\Legacy_X6VA007
-------\Legacy_X6VA008
-------\Legacy_X6VA009
-------\Legacy_X6VA010
-------\Legacy_X6VA011
-------\Service_avgtp
-------\Service_EagleX64
-------\Service_npggsvc
-------\Service_SkypeUpdate
-------\Service_vToolbarUpdater14.0.1
-------\Service_X6va007
-------\Service_X6va008
-------\Service_X6va009
-------\Service_X6va010
-------\Service_X6va011
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-02 do 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 10:43 . 2013-02-02 10:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-02-02 10:43 . 2013-02-02 10:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-02 10:43 . 2013-02-02 10:43 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2013-02-02 10:43 . 2013-02-02 10:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-02-02 10:43 . 2013-02-02 10:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-02 10:43 . 2013-02-02 10:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-01 19:28 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B09AA08-7663-4BB8-B28C-F18F1B46DC4F}\mpengine.dll
2013-02-01 15:31 . 2013-02-01 15:31 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2013-02-01 15:30 . 2013-02-01 15:30 -------- d-----w- c:\programdata\Malwarebytes
2013-02-01 15:30 . 2013-02-01 15:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-01 15:30 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-01 15:30 . 2013-02-01 15:30 -------- d-----w- c:\users\David\AppData\Local\Programs
2013-01-31 19:16 . 2013-02-01 09:51 -------- d-----w- c:\users\David\AppData\Roaming\.minecraft
2013-01-30 14:05 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-28 15:37 . 2013-02-02 10:46 -------- d-----w- c:\users\David\AppData\Local\LogMeIn Hamachi
2013-01-28 15:37 . 2013-02-02 10:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn Hamachi
2013-01-28 15:37 . 2013-01-28 15:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-01-27 07:39 . 2013-01-27 07:39 -------- d-----w- c:\programdata\Package Cache
2013-01-25 16:40 . 2013-01-25 16:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-25 16:40 . 2013-02-02 10:43 -------- d-----r- c:\program files (x86)\Skype
2013-01-24 17:49 . 2013-01-24 17:49 -------- d-----w- c:\program files (x86)\2K Games
2013-01-19 07:36 . 2013-01-19 07:36 -------- d-----w- c:\program files (x86)\Microsoft XNA
2013-01-18 16:18 . 2013-01-18 16:18 388096 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-18 16:18 . 2013-01-18 16:18 -------- d-----w- c:\program files (x86)\Trend Micro
2013-01-17 14:02 . 2013-01-17 14:03 -------- d-----w- c:\program files (x86)\Rockstar Games
2013-01-16 13:48 . 2013-01-18 16:08 -------- d-----w- c:\users\David\AppData\Local\PokerStars
2013-01-16 13:47 . 2013-01-16 13:48 -------- d-----w- c:\program files (x86)\PokerStars
2013-01-09 16:41 . 2013-01-11 14:51 -------- d-----w- C:\SG Interactive
2013-01-09 14:21 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 14:21 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 14:21 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 14:21 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 14:21 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 14:21 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 14:20 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 14:20 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 14:20 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 14:20 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 13:59 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 13:58 . 2012-11-30 05:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 13:58 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 13:58 . 2012-11-30 04:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 13:58 . 2012-11-30 04:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 13:58 . 2012-11-30 04:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 13:58 . 2012-11-30 02:44 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-09 13:58 . 2012-11-30 02:44 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-09 13:58 . 2012-11-30 02:38 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 13:58 . 2012-11-30 02:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 13:58 . 2012-11-30 02:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 13:58 . 2012-11-30 02:44 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-09 13:58 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 13:58 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 17:29 . 2013-01-31 19:43 -------- d-----w- c:\users\David\AppData\Roaming\TS3Client
2013-01-08 16:11 . 2013-01-08 16:11 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-27 15:55 . 2012-09-29 15:37 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-27 15:55 . 2012-04-03 22:17 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-27 10:02 . 2012-04-03 22:17 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-27 07:38 . 2012-04-03 22:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-01-24 14:01 . 2012-08-27 07:59 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-01-17 14:39 . 2012-03-26 17:38 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-01-09 20:12 . 2012-05-12 09:41 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 14:37 . 2012-04-06 19:25 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 14:37 . 2011-10-14 03:49 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-21 19:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 19:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:40 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-04 19:30 . 2012-12-04 19:30 555836 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
2012-11-30 04:45 . 2013-01-09 13:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 08:30 . 2012-11-28 08:33 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C793182C-B47A-43A7-AEB3-6FEFC27EEC02}\gapaengine.dll
2012-11-17 09:54 . 2012-11-28 08:33 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-14 07:06 . 2012-12-12 15:33 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 15:33 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 15:34 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 15:34 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 15:34 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 15:34 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 15:34 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 15:34 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 15:34 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 15:34 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 15:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 15:34 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 15:34 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 15:34 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 15:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 15:34 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 15:34 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 15:34 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 15:34 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 15:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 15:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 15:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 14:04 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 14:04 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-06 00:20 . 2012-11-06 00:20 92624 ----a-w- c:\windows\SysWow64\mfcm110u.dll
2012-11-06 00:20 . 2012-11-06 00:20 92616 ----a-w- c:\windows\SysWow64\mfcm110.dll
2012-11-06 00:20 . 2012-11-06 00:20 875472 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-06 00:20 . 2012-11-06 00:20 74704 ----a-w- c:\windows\SysWow64\mfc110fra.dll
2012-11-06 00:20 . 2012-11-06 00:20 74704 ----a-w- c:\windows\SysWow64\mfc110deu.dll
2012-11-06 00:20 . 2012-11-06 00:20 73680 ----a-w- c:\windows\SysWow64\mfc110esn.dll
2012-11-06 00:20 . 2012-11-06 00:20 72656 ----a-w- c:\windows\SysWow64\mfc110ita.dll
2012-11-06 00:20 . 2012-11-06 00:20 70624 ----a-w- c:\windows\SysWow64\mfc110rus.dll
2012-11-06 00:20 . 2012-11-06 00:20 64976 ----a-w- c:\windows\SysWow64\mfc110enu.dll
2012-11-06 00:20 . 2012-11-06 00:20 53712 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
2012-11-06 00:20 . 2012-11-06 00:20 535008 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-06 00:20 . 2012-11-06 00:20 53200 ----a-w- c:\windows\SysWow64\mfc110kor.dll
2012-11-06 00:20 . 2012-11-06 00:20 46032 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2012-11-06 00:20 . 2012-11-06 00:20 46032 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2012-11-06 00:20 . 2012-11-06 00:20 4456904 ----a-w- c:\windows\SysWow64\mfc110u.dll
2012-11-06 00:20 . 2012-11-06 00:20 4421080 ----a-w- c:\windows\SysWow64\mfc110.dll
2012-11-06 00:20 . 2012-11-06 00:20 320976 ----a-w- c:\windows\SysWow64\vcamp110.dll
2012-11-06 00:20 . 2012-11-06 00:20 252400 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-11-06 00:20 . 2012-11-06 00:20 125904 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-11-06 00:20 . 2012-11-06 00:20 168920 ----a-w- c:\windows\SysWow64\atl110.dll
2005-08-24 22:10 174592 --sha-w- c:\windows\SysWOW64\ncfpsys.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 tcpredir;tcpredir;c:\program files (x86)\iPig\Client\tcpredir.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-17 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-17 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-17 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-09-17 517280]
R3 DFX11_0;DFX Audio Enhancer 11;c:\windows\system32\drivers\dfx11_0x64.sys [2012-08-16 28008]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys [2012-08-29 28008]
R3 dump_wmimmc;dump_wmimmc;c:\9dragons\GameGuard\dump_wmimmc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-05 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-16 28992]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-04 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-06-01 41224]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-11-15 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-11-15 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-11-15 62776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 19:43 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6apsrxv6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
Toolbar-Locked - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{09152F0B-739C-4DEC-A245-1AA8A37594F1} - (no file)
AddRemove-AVG Secure Search - c:\program files (x86)\AVG Secure Search\UNINSTALL.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,
89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-02-02 11:53:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-02 10:53
.
Před spuštěním: Volných bajtů: 553 531 338 752
Po spuštění: Volných bajtů: 552 802 615 296
.
- - End Of File - - 27D7F46CC2C00DF8F8DEDB856D1802E8

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Orcus » 03 úno 2013 10:41

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Stáhni si OTC na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Jak se chová PC?
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

Sirek
nováček
Příspěvky: 34
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Kontrola

Příspěvekod Sirek » 03 úno 2013 14:07

Promiň, ale boužel se nic nezměnilo .. :(


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 52 hostů