Dobrý den
prosím o kontrolu logu z důvodu zavirování pc neustále mi vyskakují reklamy v prohlížeči i ve steamu použil jsem návod tady na stránkách Standardní postup při čištění napadeného PC. Programy které jsem zkoušel a které problém nevyřešili: spybot, avast (hlásí že mám špatně nastavený router a že se do něj lze snadno dostat z návodu jsem pochopil asi polovinu) Malwarebytes, Adwcleaner. ještě se mi ukazoval policejní vir na chome ale po projetí Malwerebytes zmizel na opeře se zobrazují jen reklamy a porn. stránky ukazuje se to i na noteboocích u nás doma ale i po restartování routeru se problém nevyřeší tak si myslím že se to šíří z počítače na počítač.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:38:23, on 23.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal
Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Programy\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Hry\steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Programy na hry\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Hry\steam\bin\steamwebhelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Travnicek\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\Programy na hry\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Hry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [HS TOOL] "C:\Program Files (x86)\MKJogo\MKHSTOOL\HS_TOOL.exe" -auto
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Programy\SandBoxie\SbieCtrl.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1424709242
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~4\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Programy\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O2 Internet. OUC (O2 Internet. RunOuc) - Unknown owner - C:\Program Files (x86)\O2 Internet\UpdateDog\ouc.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Programy na hry\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Programy\SandBoxie\SbieSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10925 bytes
předem děkuji za pomoc
Siola
Zavirovaný PC
-
- Level 1.5
- Příspěvky: 118
- Registrován: leden 10
- Pohlaví:
- Stav:
Offline
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
Odinstaluj:
Spybot - Search & Destroy 2
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Spybot - Search & Destroy 2
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 118
- Registrován: leden 10
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
ten ATF Cleaner mi napsal že nemá co vymazat tak jsem to projel CCleanerem, a tak mě napadlo jestli za to nemůže to že mám jakoby 2 opery tu nejnovější Opera stable 27.0....... a Opera 12.15 a 17 ale nevím kterou používám z těch starších.
ADWcleaner
# AdwCleaner v4.109 - Report created 23/02/2015 at 10:07:26
# Updated 24/01/2015 by Xplode
# Database : 2015-02-18.3 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Travnicek - TRAVNICEK-PC
# Running from : C:\Users\Travnicek\Desktop\adwcleaner_4.109.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Users\Travnicek\AppData\Local\DriverToolkit
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\DriverToolkit
Key Found : [x64] HKCU\Software\DriverToolkit
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Google Chrome v40.0.2214.115
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [8871 octets] - [05/02/2015 20:48:03]
AdwCleaner[R1].txt - [856 octets] - [23/02/2015 10:07:26]
AdwCleaner[S0].txt - [8830 octets] - [05/02/2015 20:52:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [975 octets] ##########
# AdwCleaner v4.109 - Report created 24/02/2015 at 15:07:33
# Updated 24/01/2015 by Xplode
# Database : 2015-02-18.3 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Travnicek - TRAVNICEK-PC
# Running from : C:\Users\Travnicek\Desktop\adwcleaner_4.109.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\DriverToolkit
Key Found : [x64] HKCU\Software\DriverToolkit
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Google Chrome v40.0.2214.115
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [8871 octets] - [05/02/2015 20:48:03]
AdwCleaner[R1].txt - [1851 octets] - [23/02/2015 10:07:26]
AdwCleaner[S0].txt - [8830 octets] - [05/02/2015 20:52:05]
AdwCleaner[S1].txt - [1076 octets] - [23/02/2015 10:14:35]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2031 octets] ##########
MalwareBytes:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 24.2.2015
Scan Time: 15:15:22
Logfile: MB.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.24.03
Rootkit Database: v2015.02.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Travnicek
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373350
Time Elapsed: 9 min, 33 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
ADWcleaner
# AdwCleaner v4.109 - Report created 23/02/2015 at 10:07:26
# Updated 24/01/2015 by Xplode
# Database : 2015-02-18.3 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Travnicek - TRAVNICEK-PC
# Running from : C:\Users\Travnicek\Desktop\adwcleaner_4.109.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Users\Travnicek\AppData\Local\DriverToolkit
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\DriverToolkit
Key Found : [x64] HKCU\Software\DriverToolkit
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Google Chrome v40.0.2214.115
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [8871 octets] - [05/02/2015 20:48:03]
AdwCleaner[R1].txt - [856 octets] - [23/02/2015 10:07:26]
AdwCleaner[S0].txt - [8830 octets] - [05/02/2015 20:52:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [975 octets] ##########
# AdwCleaner v4.109 - Report created 24/02/2015 at 15:07:33
# Updated 24/01/2015 by Xplode
# Database : 2015-02-18.3 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Travnicek - TRAVNICEK-PC
# Running from : C:\Users\Travnicek\Desktop\adwcleaner_4.109.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\DriverToolkit
Key Found : [x64] HKCU\Software\DriverToolkit
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Google Chrome v40.0.2214.115
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [8871 octets] - [05/02/2015 20:48:03]
AdwCleaner[R1].txt - [1851 octets] - [23/02/2015 10:07:26]
AdwCleaner[S0].txt - [8830 octets] - [05/02/2015 20:52:05]
AdwCleaner[S1].txt - [1076 octets] - [23/02/2015 10:14:35]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2031 octets] ##########
MalwareBytes:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 24.2.2015
Scan Time: 15:15:22
Logfile: MB.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.24.03
Rootkit Database: v2015.02.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Travnicek
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373350
Time Elapsed: 9 min, 33 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
Dvě různé Opery neísou problém..
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 118
- Registrován: leden 10
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
# AdwCleaner v4.111 - Logfile created 24/02/2015 at 20:42:16
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Travnicek - TRAVNICEK-PC
# Running from : C:\Users\Travnicek\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\DriverToolkit
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Google Chrome v40.0.2214.115
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [874 bytes] - [24/02/2015 20:35:57]
AdwCleaner[S0].txt - [757 bytes] - [24/02/2015 20:42:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [815 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Travnicek on Łt 24.02.2015 at 20:49:53,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 24.02.2015 at 20:56:15,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V10.4.3.0 (x64) [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Travnicek [Práva správce]
Mód : Prohledat -- Datum : 02/24/2015 21:05:30
¤¤¤ Procesy : 4 ¤¤¤
[Suspicious.Path] HWDeviceService64.exe(1408) -- C:\ProgramData\DatacardService\HWDeviceService64.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] DCSHelper.exe(1844) -- C:\ProgramData\DatacardService\DCSHelper.exe[7] -> Zastaveno [TermProc]
[Tr.Zeus] mbamservice.exe(2284) -- C:\Program Files\Programy\Malwarebytes Anti-Malware\mbamservice.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] ouc.exe(3932) -- C:\ProgramData\O2 Internet\OnlineUpdate\ouc.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 23 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.120.57.239 8.8.8.8 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 64.120.57.239 8.8.8.8 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \\{9E92F928-2813-4154-948F-AB262CAB58D7} -- C:\Users\Travnicek\Desktop\PaintToolSAI\sai.exe -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 3d1049821a8f5850163c504e0245b36d
[BSP] 5146d2dcec573080627944e802b22ca1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ADATA SSD S396 30GB ATA Device +++++
--- User ---
[MBR] 9a66d23731b2865859f68b2502188601
[BSP] 6931236ea13701452be9f78f6b23f07a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 30531 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive5: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Travnicek - TRAVNICEK-PC
# Running from : C:\Users\Travnicek\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\DriverToolkit
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Google Chrome v40.0.2214.115
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [874 bytes] - [24/02/2015 20:35:57]
AdwCleaner[S0].txt - [757 bytes] - [24/02/2015 20:42:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [815 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Travnicek on Łt 24.02.2015 at 20:49:53,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 24.02.2015 at 20:56:15,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V10.4.3.0 (x64) [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Travnicek [Práva správce]
Mód : Prohledat -- Datum : 02/24/2015 21:05:30
¤¤¤ Procesy : 4 ¤¤¤
[Suspicious.Path] HWDeviceService64.exe(1408) -- C:\ProgramData\DatacardService\HWDeviceService64.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] DCSHelper.exe(1844) -- C:\ProgramData\DatacardService\DCSHelper.exe[7] -> Zastaveno [TermProc]
[Tr.Zeus] mbamservice.exe(2284) -- C:\Program Files\Programy\Malwarebytes Anti-Malware\mbamservice.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] ouc.exe(3932) -- C:\ProgramData\O2 Internet\OnlineUpdate\ouc.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 23 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.120.57.239 8.8.8.8 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 64.120.57.239 8.8.8.8 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \\{9E92F928-2813-4154-948F-AB262CAB58D7} -- C:\Users\Travnicek\Desktop\PaintToolSAI\sai.exe -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 3d1049821a8f5850163c504e0245b36d
[BSP] 5146d2dcec573080627944e802b22ca1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ADATA SSD S396 30GB ATA Device +++++
--- User ---
[MBR] 9a66d23731b2865859f68b2502188601
[BSP] 6931236ea13701452be9f78f6b23f07a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 30531 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive5: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 118
- Registrován: leden 10
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
RogueKiller V10.4.3.0 (x64) [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Travnicek [Práva správce]
Mód : Smazat -- Datum : 02/26/2015 00:12:58
¤¤¤ Procesy : 3 ¤¤¤
[Suspicious.Path] HWDeviceService64.exe(1240) -- C:\ProgramData\DatacardService\HWDeviceService64.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] ouc.exe(2416) -- C:\ProgramData\O2 Internet\OnlineUpdate\ouc.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] DCSHelper.exe(4016) -- C:\ProgramData\DatacardService\DCSHelper.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HWDeviceService64.exe -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HWDeviceService64.exe -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HWDeviceService64.exe -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xhunter1 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HWDeviceService64.exe -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xhunter1 -> Smazáno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.120.57.239 8.8.8.8 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 64.120.57.239 8.8.8.8 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \\{9E92F928-2813-4154-948F-AB262CAB58D7} -- C:\Users\Travnicek\Desktop\PaintToolSAI\sai.exe -> Smazáno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 3d1049821a8f5850163c504e0245b36d
[BSP] 5146d2dcec573080627944e802b22ca1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ADATA SSD S396 30GB ATA Device +++++
--- User ---
[MBR] 9a66d23731b2865859f68b2502188601
[BSP] 6931236ea13701452be9f78f6b23f07a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 30531 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive5: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
============================================
RKreport_SCN_02242015_210530.log - RKreport_SCN_02262015_001105.log
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Travnicek on źt 26.02.2015 at 14:51:34,34.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Travnicek\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26.2.2015 14:58:24 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~4\AGEIA Technologies deleted successfully
C:\Program Files\Catche instalatory origin deleted successfully
C:\PRB5D9~1\LumaEmu_SteamCloud deleted successfully
C:\Users\Travnicek\AppData\Roaming\Mozilla deleted successfully
C:\Users\Travnicek\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Travnicek\AppData\Local\DCS deleted successfully
C:\Users\Travnicek\AppData\Local\WarThunder deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C8C7D9-CE4E-406e-8D98-2B84BBE5E897} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~4\AGEIA Technologies not found
C:\PROGRA~4\COMMON~1\DVDVideoSoft\bin deleted
C:\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_cs.exe deleted
C:\install.exe deleted
C:\PRB5D9~1\Avg_Update_0414c deleted
C:\PRB5D9~1\Avg_Update_0814tb deleted
C:\PRB5D9~1\Avg_Update_1114tb deleted
C:\PRB5D9~1\Avg_Update_1214tb deleted
C:\PRB5D9~1\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Travnicek\AppData\Local\LumaEmu" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [23.02.2015 14:07]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [08.10.2014 19:07]
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[23.02.2015 13:36]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fkkcgfbgohboipdhliafmacjnhjbhmim - No path found[]
Avast Online Security - Travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=UP97&ocid=UP97DHP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=UP97&ocid=UP97DHP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Travnicek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Travnicek\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Travnicek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Travnicek\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Travnicek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Travnicek\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Travnicek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=187 folders=56 179950074 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Travnicek\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\TRAVNI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on źt 26.02.2015 at 15:37:59,93 ======================
ComboFix 15-02-16.01 - Travnicek 26.02.2015 15:47:11.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4093.2592 [GMT 1:00]
Spuštěný z: c:\users\Travnicek\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-26 do 2015-02-26 )))))))))))))))))))))))))))))))
.
.
2015-02-26 14:56 . 2015-02-26 14:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-26 14:56 . 2015-02-26 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-26 14:49 . 2015-02-26 14:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6E1A735-923C-498F-B7AA-BC1C86506A15}\offreg.dll
2015-02-26 14:13 . 2015-02-26 14:56 -------- d-----w- c:\users\Travnicek\AppData\Local\Temp
2015-02-26 14:13 . 2015-02-26 13:51 24064 ----a-w- c:\windows\zoek-delete.exe
2015-02-26 10:57 . 2015-02-26 10:57 -------- d-----w- c:\users\Travnicek\AppData\Local\CrashDumps
2015-02-25 23:17 . 2015-02-26 14:10 -------- d-----w- C:\zoek_backup
2015-02-25 19:25 . 2015-02-25 19:25 -------- d-----w- c:\users\Travnicek\AppData\Local\Adobe
2015-02-24 20:37 . 2015-02-24 20:37 -------- d-----w- c:\users\Travnicek\AppData\Local\Apps
2015-02-24 19:59 . 2015-02-25 23:04 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-24 19:58 . 2015-02-24 19:58 -------- d-----w- c:\programdata\RogueKiller
2015-02-24 19:35 . 2015-02-24 19:42 -------- d-----w- C:\AdwCleaner
2015-02-24 18:14 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6E1A735-923C-498F-B7AA-BC1C86506A15}\mpengine.dll
2015-02-23 12:37 . 2015-02-23 12:37 -------- d-----w- c:\users\Travnicek\AppData\Roaming\AVAST Software
2015-02-23 12:36 . 2015-02-23 12:36 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-02-23 12:36 . 2015-02-23 12:36 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-23 12:36 . 2015-02-23 12:36 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-23 12:36 . 2015-02-23 12:36 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-23 12:36 . 2015-02-23 12:37 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-23 12:36 . 2015-02-23 12:36 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-23 12:36 . 2015-02-23 12:36 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-23 12:36 . 2015-02-23 12:37 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-23 12:36 . 2015-02-23 12:36 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-23 12:36 . 2015-02-23 12:36 43152 ----a-w- c:\windows\avastSS.scr
2015-02-23 12:32 . 2015-02-23 12:32 -------- d-----w- c:\program files\AVAST Software
2015-02-23 12:30 . 2015-02-23 12:32 -------- d-----w- c:\programdata\AVAST Software
2015-02-23 09:52 . 2015-02-26 14:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-23 09:52 . 2015-02-23 09:52 -------- d-----w- c:\programdata\Malwarebytes
2015-02-23 09:52 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-23 09:52 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-23 09:52 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-23 09:48 . 2013-04-05 17:59 963488 ----a-w- c:\windows\system32\deployJava1.dll
2015-02-23 09:48 . 2013-04-05 17:59 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2015-02-23 09:48 . 2015-02-23 09:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-19 15:33 . 2015-02-19 15:33 -------- d-----w- c:\users\Travnicek\AppData\Local\Steam
2015-02-13 17:37 . 2015-02-13 17:37 -------- d-----r- C:\Sandbox
2015-02-12 15:07 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 15:07 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 15:07 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 15:07 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-11 16:10 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-11 16:09 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 16:07 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 16:07 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 16:07 . 2014-07-07 02:07 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-11 16:07 . 2014-07-07 02:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-11 16:07 . 2014-07-07 01:40 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-11 16:07 . 2014-07-07 01:40 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-02-11 16:06 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 16:06 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 16:06 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-02-11 16:06 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-02-11 16:06 . 2014-10-04 01:42 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-02-11 16:02 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 16:02 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 16:02 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 16:02 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 16:02 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 16:02 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 16:02 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 16:02 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 16:02 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 15:52 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-04 16:18 . 2015-02-24 13:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-02-04 16:18 . 2015-02-24 13:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-01-30 17:39 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2015-01-30 17:23 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2015-01-30 17:23 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2015-01-30 17:23 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2015-01-30 17:23 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2015-01-30 17:23 . 2015-01-30 17:23 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2015-01-30 17:23 . 2015-01-30 17:23 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-23 09:47 . 2013-04-05 17:59 319912 ----a-w- c:\windows\system32\javaws.exe
2015-02-23 09:47 . 2013-04-05 17:59 191400 ----a-w- c:\windows\system32\javaw.exe
2015-02-23 09:47 . 2013-04-05 17:59 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-23 09:47 . 2013-04-05 17:59 190888 ----a-w- c:\windows\system32\java.exe
2015-02-23 09:46 . 2014-10-20 18:26 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-11 21:50 . 2013-04-14 08:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 16:54 . 2013-04-05 19:32 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:54 . 2013-04-05 19:32 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-31 19:53 . 2013-04-06 16:48 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-12-31 19:53 . 2013-04-06 14:14 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-12-31 19:53 . 2013-04-06 14:14 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-12-22 23:41 . 2013-04-04 15:34 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 13:43 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 13:43 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-17 15:41 . 2014-06-18 09:30 182304 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-12-11 17:47 . 2015-01-14 13:43 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 13:43 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 13:43 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 13:43 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Hry\steam\steam.exe" [2015-02-18 2874048]
"HS TOOL"="c:\program files (x86)\MKJogo\MKHSTOOL\HS_TOOL.exe" [2014-05-05 881864]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"SandboxieControl"="c:\program files\Programy\SandBoxie\SbieCtrl.exe" [2014-10-14 784904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\Programy na hry\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-23 5227112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files\Programy\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files\Programy\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 O2 Internet. RunOuc;O2 Internet. OUC;c:\program files (x86)\O2 Internet\UpdateDog\ouc.exe;c:\program files (x86)\O2 Internet\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files\Programy na hry\Origin\OriginClientService.exe;c:\program files\Programy na hry\Origin\OriginClientService.exe [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtenic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-23 15:37 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-05 16:54]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 13:08]
.
2015-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 13:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-23 12:36 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-d8be6c3f847d7d92 - c:\users\Travnicek\AppData\Local\Apps\2.0\YJDE22GX.8VG\M7C9EOQK.YRY\laun...app_59711684aa47878d_0001.0022_dbc7638856abd3d0\Uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-02-26 15:59:26
ComboFix-quarantined-files.txt 2015-02-26 14:59
.
Před spuštěním: Volných bajtů: 1 113 926 332 416
Po spuštění: Volných bajtů: 1 113 352 916 992
.
- - End Of File - - A6C63D3F00C3B3EDDCB5E330C1BFBD6D
A36C5E4F47E84449FF07ED3517B43A31
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Travnicek [Práva správce]
Mód : Smazat -- Datum : 02/26/2015 00:12:58
¤¤¤ Procesy : 3 ¤¤¤
[Suspicious.Path] HWDeviceService64.exe(1240) -- C:\ProgramData\DatacardService\HWDeviceService64.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] ouc.exe(2416) -- C:\ProgramData\O2 Internet\OnlineUpdate\ouc.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] DCSHelper.exe(4016) -- C:\ProgramData\DatacardService\DCSHelper.exe[7] -> Zastaveno [TermProc]
¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HWDeviceService64.exe -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HWDeviceService64.exe -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HWDeviceService64.exe -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xhunter1 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HWDeviceService64.exe -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xhunter1 -> Smazáno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.120.57.239 8.8.8.8 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 64.120.57.239 8.8.8.8 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{51EACC9C-1A84-467F-86DF-D393983ECE21} | DhcpNameServer : 195.238.181.164 8.8.8.8 [UNITED KINGDOM (GB)] -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \\{9E92F928-2813-4154-948F-AB262CAB58D7} -- C:\Users\Travnicek\Desktop\PaintToolSAI\sai.exe -> Smazáno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 3d1049821a8f5850163c504e0245b36d
[BSP] 5146d2dcec573080627944e802b22ca1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ADATA SSD S396 30GB ATA Device +++++
--- User ---
[MBR] 9a66d23731b2865859f68b2502188601
[BSP] 6931236ea13701452be9f78f6b23f07a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 30531 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive5: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
============================================
RKreport_SCN_02242015_210530.log - RKreport_SCN_02262015_001105.log
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Travnicek on źt 26.02.2015 at 14:51:34,34.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Travnicek\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26.2.2015 14:58:24 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~4\AGEIA Technologies deleted successfully
C:\Program Files\Catche instalatory origin deleted successfully
C:\PRB5D9~1\LumaEmu_SteamCloud deleted successfully
C:\Users\Travnicek\AppData\Roaming\Mozilla deleted successfully
C:\Users\Travnicek\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Travnicek\AppData\Local\DCS deleted successfully
C:\Users\Travnicek\AppData\Local\WarThunder deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3459949777-1150606491-3500883377-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C8C7D9-CE4E-406e-8D98-2B84BBE5E897} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~4\AGEIA Technologies not found
C:\PROGRA~4\COMMON~1\DVDVideoSoft\bin deleted
C:\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_cs.exe deleted
C:\install.exe deleted
C:\PRB5D9~1\Avg_Update_0414c deleted
C:\PRB5D9~1\Avg_Update_0814tb deleted
C:\PRB5D9~1\Avg_Update_1114tb deleted
C:\PRB5D9~1\Avg_Update_1214tb deleted
C:\PRB5D9~1\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Travnicek\AppData\Local\LumaEmu" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [23.02.2015 14:07]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [08.10.2014 19:07]
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[23.02.2015 13:36]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fkkcgfbgohboipdhliafmacjnhjbhmim - No path found[]
Avast Online Security - Travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=UP97&ocid=UP97DHP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=UP97&ocid=UP97DHP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Travnicek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Travnicek\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Travnicek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Travnicek\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Travnicek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Travnicek\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Travnicek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=187 folders=56 179950074 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Travnicek\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\TRAVNI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on źt 26.02.2015 at 15:37:59,93 ======================
ComboFix 15-02-16.01 - Travnicek 26.02.2015 15:47:11.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4093.2592 [GMT 1:00]
Spuštěný z: c:\users\Travnicek\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-26 do 2015-02-26 )))))))))))))))))))))))))))))))
.
.
2015-02-26 14:56 . 2015-02-26 14:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-26 14:56 . 2015-02-26 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-26 14:49 . 2015-02-26 14:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6E1A735-923C-498F-B7AA-BC1C86506A15}\offreg.dll
2015-02-26 14:13 . 2015-02-26 14:56 -------- d-----w- c:\users\Travnicek\AppData\Local\Temp
2015-02-26 14:13 . 2015-02-26 13:51 24064 ----a-w- c:\windows\zoek-delete.exe
2015-02-26 10:57 . 2015-02-26 10:57 -------- d-----w- c:\users\Travnicek\AppData\Local\CrashDumps
2015-02-25 23:17 . 2015-02-26 14:10 -------- d-----w- C:\zoek_backup
2015-02-25 19:25 . 2015-02-25 19:25 -------- d-----w- c:\users\Travnicek\AppData\Local\Adobe
2015-02-24 20:37 . 2015-02-24 20:37 -------- d-----w- c:\users\Travnicek\AppData\Local\Apps
2015-02-24 19:59 . 2015-02-25 23:04 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-24 19:58 . 2015-02-24 19:58 -------- d-----w- c:\programdata\RogueKiller
2015-02-24 19:35 . 2015-02-24 19:42 -------- d-----w- C:\AdwCleaner
2015-02-24 18:14 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6E1A735-923C-498F-B7AA-BC1C86506A15}\mpengine.dll
2015-02-23 12:37 . 2015-02-23 12:37 -------- d-----w- c:\users\Travnicek\AppData\Roaming\AVAST Software
2015-02-23 12:36 . 2015-02-23 12:36 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-02-23 12:36 . 2015-02-23 12:36 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-23 12:36 . 2015-02-23 12:36 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-23 12:36 . 2015-02-23 12:36 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-23 12:36 . 2015-02-23 12:37 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-23 12:36 . 2015-02-23 12:36 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-23 12:36 . 2015-02-23 12:36 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-23 12:36 . 2015-02-23 12:37 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-23 12:36 . 2015-02-23 12:36 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-23 12:36 . 2015-02-23 12:36 43152 ----a-w- c:\windows\avastSS.scr
2015-02-23 12:32 . 2015-02-23 12:32 -------- d-----w- c:\program files\AVAST Software
2015-02-23 12:30 . 2015-02-23 12:32 -------- d-----w- c:\programdata\AVAST Software
2015-02-23 09:52 . 2015-02-26 14:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-23 09:52 . 2015-02-23 09:52 -------- d-----w- c:\programdata\Malwarebytes
2015-02-23 09:52 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-23 09:52 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-23 09:52 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-23 09:48 . 2013-04-05 17:59 963488 ----a-w- c:\windows\system32\deployJava1.dll
2015-02-23 09:48 . 2013-04-05 17:59 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2015-02-23 09:48 . 2015-02-23 09:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-19 15:33 . 2015-02-19 15:33 -------- d-----w- c:\users\Travnicek\AppData\Local\Steam
2015-02-13 17:37 . 2015-02-13 17:37 -------- d-----r- C:\Sandbox
2015-02-12 15:07 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 15:07 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 15:07 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 15:07 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-11 16:10 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-11 16:09 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 16:07 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 16:07 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 16:07 . 2014-07-07 02:07 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-11 16:07 . 2014-07-07 02:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-11 16:07 . 2014-07-07 01:40 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-11 16:07 . 2014-07-07 01:40 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-02-11 16:06 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 16:06 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 16:06 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-02-11 16:06 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-02-11 16:06 . 2014-10-04 01:42 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-02-11 16:02 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 16:02 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 16:02 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 16:02 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 16:02 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 16:02 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 16:02 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 16:02 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 16:02 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 15:52 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-04 16:18 . 2015-02-24 13:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-02-04 16:18 . 2015-02-24 13:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-01-30 17:39 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2015-01-30 17:23 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2015-01-30 17:23 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2015-01-30 17:23 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2015-01-30 17:23 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2015-01-30 17:23 . 2015-01-30 17:23 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2015-01-30 17:23 . 2015-01-30 17:23 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-23 09:47 . 2013-04-05 17:59 319912 ----a-w- c:\windows\system32\javaws.exe
2015-02-23 09:47 . 2013-04-05 17:59 191400 ----a-w- c:\windows\system32\javaw.exe
2015-02-23 09:47 . 2013-04-05 17:59 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-23 09:47 . 2013-04-05 17:59 190888 ----a-w- c:\windows\system32\java.exe
2015-02-23 09:46 . 2014-10-20 18:26 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-11 21:50 . 2013-04-14 08:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 16:54 . 2013-04-05 19:32 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:54 . 2013-04-05 19:32 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-31 19:53 . 2013-04-06 16:48 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-12-31 19:53 . 2013-04-06 14:14 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-12-31 19:53 . 2013-04-06 14:14 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-12-22 23:41 . 2013-04-04 15:34 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 13:43 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 13:43 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-17 15:41 . 2014-06-18 09:30 182304 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-12-11 17:47 . 2015-01-14 13:43 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 13:43 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 13:43 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 13:43 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Hry\steam\steam.exe" [2015-02-18 2874048]
"HS TOOL"="c:\program files (x86)\MKJogo\MKHSTOOL\HS_TOOL.exe" [2014-05-05 881864]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"SandboxieControl"="c:\program files\Programy\SandBoxie\SbieCtrl.exe" [2014-10-14 784904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\Programy na hry\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-23 5227112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files\Programy\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files\Programy\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 O2 Internet. RunOuc;O2 Internet. OUC;c:\program files (x86)\O2 Internet\UpdateDog\ouc.exe;c:\program files (x86)\O2 Internet\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files\Programy na hry\Origin\OriginClientService.exe;c:\program files\Programy na hry\Origin\OriginClientService.exe [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtenic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-23 15:37 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-05 16:54]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 13:08]
.
2015-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 13:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-23 12:36 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-d8be6c3f847d7d92 - c:\users\Travnicek\AppData\Local\Apps\2.0\YJDE22GX.8VG\M7C9EOQK.YRY\laun...app_59711684aa47878d_0001.0022_dbc7638856abd3d0\Uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-02-26 15:59:26
ComboFix-quarantined-files.txt 2015-02-26 14:59
.
Před spuštěním: Volných bajtů: 1 113 926 332 416
Po spuštění: Volných bajtů: 1 113 352 916 992
.
- - End Of File - - A6C63D3F00C3B3EDDCB5E330C1BFBD6D
A36C5E4F47E84449FF07ED3517B43A31
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
File::
c:\windows\system32\drivers\avgtpx64.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\programdata\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy 2
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update
Driver::
SkypeUpdate
avgtp
DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 118
- Registrován: leden 10
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
ComboFix 15-02-16.01 - Travnicek 26.02.2015 19:54:40.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4093.2686 [GMT 1:00]
Spuštěný z: c:\users\Travnicek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Travnicek\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\avgtpx64.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.26.9\goopdate.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.26.9\psmachine.dll
c:\program files (x86)\Google\Update\1.3.26.9\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.26.9\psuser.dll
c:\program files (x86)\Google\Update\1.3.26.9\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_chrome_installer.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{55090C3F-83CB-40E7-BDB7-C9A982DE0D3F}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{D4CF9013-B4EE-4706-BF28-25DA8D6BB393}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{E08688BF-F241-4B7A-8196-843ED4CE5C6F}\40.0.2214.115_chrome_installer.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\program files (x86)\Spybot - Search & Destroy 2
c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe.log
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-hux2.exe
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-nlx2.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Cleaning\150204-175600.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\150212-225256.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\150213-175342.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\150223-155840.xml
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Immunization.ini
c:\programdata\Spybot - Search & Destroy\Logs\150204-175600.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\150212-225256.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\150213-175342.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\150223-155840.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.150204-1849.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.150212-2319.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.150213-1753.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.150223-1645.txt
c:\programdata\Spybot - Search & Destroy\Logs\Immunization-Browsers.log
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Service_avgtp
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-26 do 2015-02-26 )))))))))))))))))))))))))))))))
.
.
2015-02-26 19:04 . 2015-02-26 19:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-26 14:13 . 2015-02-26 19:07 -------- d-----w- c:\users\Travnicek\AppData\Local\Temp
2015-02-26 14:13 . 2015-02-26 13:51 24064 ----a-w- c:\windows\zoek-delete.exe
2015-02-26 10:57 . 2015-02-26 10:57 -------- d-----w- c:\users\Travnicek\AppData\Local\CrashDumps
2015-02-25 23:17 . 2015-02-26 14:10 -------- d-----w- C:\zoek_backup
2015-02-25 19:25 . 2015-02-25 19:25 -------- d-----w- c:\users\Travnicek\AppData\Local\Adobe
2015-02-24 20:37 . 2015-02-24 20:37 -------- d-----w- c:\users\Travnicek\AppData\Local\Apps
2015-02-24 19:59 . 2015-02-25 23:04 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-24 19:58 . 2015-02-24 19:58 -------- d-----w- c:\programdata\RogueKiller
2015-02-24 19:35 . 2015-02-24 19:42 -------- d-----w- C:\AdwCleaner
2015-02-24 18:14 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6E1A735-923C-498F-B7AA-BC1C86506A15}\mpengine.dll
2015-02-23 12:37 . 2015-02-23 12:37 -------- d-----w- c:\users\Travnicek\AppData\Roaming\AVAST Software
2015-02-23 12:36 . 2015-02-23 12:36 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-02-23 12:36 . 2015-02-23 12:36 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-23 12:36 . 2015-02-23 12:36 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-23 12:36 . 2015-02-23 12:36 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-23 12:36 . 2015-02-23 12:37 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-23 12:36 . 2015-02-23 12:36 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-23 12:36 . 2015-02-23 12:36 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-23 12:36 . 2015-02-23 12:37 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-23 12:36 . 2015-02-23 12:36 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-23 12:36 . 2015-02-23 12:36 43152 ----a-w- c:\windows\avastSS.scr
2015-02-23 12:32 . 2015-02-23 12:32 -------- d-----w- c:\program files\AVAST Software
2015-02-23 12:30 . 2015-02-23 12:32 -------- d-----w- c:\programdata\AVAST Software
2015-02-23 09:52 . 2015-02-26 19:07 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-23 09:52 . 2015-02-23 09:52 -------- d-----w- c:\programdata\Malwarebytes
2015-02-23 09:52 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-23 09:52 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-23 09:52 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-23 09:48 . 2013-04-05 17:59 963488 ----a-w- c:\windows\system32\deployJava1.dll
2015-02-23 09:48 . 2013-04-05 17:59 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2015-02-23 09:48 . 2015-02-23 09:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-19 15:33 . 2015-02-19 15:33 -------- d-----w- c:\users\Travnicek\AppData\Local\Steam
2015-02-13 17:37 . 2015-02-13 17:37 -------- d-----r- C:\Sandbox
2015-02-12 15:07 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 15:07 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 15:07 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 15:07 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-11 16:10 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-11 16:09 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 16:07 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 16:07 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 16:07 . 2014-07-07 02:07 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-11 16:07 . 2014-07-07 02:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-11 16:07 . 2014-07-07 01:40 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-11 16:07 . 2014-07-07 01:40 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-02-11 16:06 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 16:06 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 16:06 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-02-11 16:06 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-02-11 16:06 . 2014-10-04 01:42 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-02-11 16:02 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 16:02 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 16:02 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 16:02 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 16:02 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 16:02 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 16:02 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 16:02 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 16:02 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 15:52 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-01-30 17:39 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2015-01-30 17:23 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2015-01-30 17:23 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2015-01-30 17:23 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2015-01-30 17:23 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2015-01-30 17:23 . 2015-01-30 17:23 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2015-01-30 17:23 . 2015-01-30 17:23 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-23 09:47 . 2013-04-05 17:59 319912 ----a-w- c:\windows\system32\javaws.exe
2015-02-23 09:47 . 2013-04-05 17:59 191400 ----a-w- c:\windows\system32\javaw.exe
2015-02-23 09:47 . 2013-04-05 17:59 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-23 09:47 . 2013-04-05 17:59 190888 ----a-w- c:\windows\system32\java.exe
2015-02-23 09:46 . 2014-10-20 18:26 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-11 21:50 . 2013-04-14 08:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 16:54 . 2013-04-05 19:32 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:54 . 2013-04-05 19:32 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-31 19:53 . 2013-04-06 16:48 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-12-31 19:53 . 2013-04-06 14:14 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-12-31 19:53 . 2013-04-06 14:14 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-12-22 23:41 . 2013-04-04 15:34 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 13:43 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 13:43 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-17 15:41 . 2014-06-18 09:30 182304 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-12-11 17:47 . 2015-01-14 13:43 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 13:43 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 13:43 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 13:43 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Hry\steam\steam.exe" [2015-02-18 2874048]
"HS TOOL"="c:\program files (x86)\MKJogo\MKHSTOOL\HS_TOOL.exe" [2014-05-05 881864]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"SandboxieControl"="c:\program files\Programy\SandBoxie\SbieCtrl.exe" [2014-10-14 784904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\Programy na hry\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-23 5227112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 O2 Internet. RunOuc;O2 Internet. OUC;c:\program files (x86)\O2 Internet\UpdateDog\ouc.exe;c:\program files (x86)\O2 Internet\UpdateDog\ouc.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files\Programy na hry\Origin\OriginClientService.exe;c:\program files\Programy na hry\Origin\OriginClientService.exe [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtenic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 MBAMService;MBAMService;c:\program files\Programy\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files\Programy\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-23 15:37 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-05 16:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-23 12:36 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\programdata\O2 Internet\OnlineUpdate\ouc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Programy\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Celkový čas: 2015-02-26 20:13:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-26 19:13
ComboFix2.txt 2015-02-26 14:59
.
Před spuštěním: Volných bajtů: 1 114 002 804 736
Po spuštění: Volných bajtů: 1 113 531 637 760
.
- - End Of File - - D352184C431403782245774FC68F932F
A36C5E4F47E84449FF07ED3517B43A31
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:17:50, on 26.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Travnicek\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\Programy na hry\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Hry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [HS TOOL] "C:\Program Files (x86)\MKJogo\MKHSTOOL\HS_TOOL.exe" -auto
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Programy\SandBoxie\SbieCtrl.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~4\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Programy\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O2 Internet. OUC (O2 Internet. RunOuc) - Unknown owner - C:\Program Files (x86)\O2 Internet\UpdateDog\ouc.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Programy na hry\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Programy\SandBoxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7986 bytes
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-02-26 20:19:33
-----------------------------
20:19:33.260 OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:33.260 Number of processors: 4 586 0xA00
20:19:33.260 ComputerName: TRAVNICEK-PC UserName: Travnicek
20:19:34.477 Initialize success
20:19:34.539 VM: initialized successfully
20:19:34.539 VM: Amd CPU BiosDisabled
20:19:39.437 AVAST engine defs: 15022600
20:19:58.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:19:58.953 Disk 0 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
20:19:58.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
20:19:59.000 Disk 1 Vendor: ADATA_SSD_S396_30GB 3.3.2 Size: 30533MB BusType: 3
20:19:59.109 Disk 0 MBR read successfully
20:19:59.125 Disk 0 MBR scan
20:19:59.125 Disk 0 Windows 7 default MBR code
20:19:59.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1907727 MB offset 2048
20:19:59.156 Disk 0 Boot: NTFS code=2
20:19:59.187 Disk 0 scanning C:\Windows\system32\drivers
20:20:09.140 Service scanning
20:20:26.549 Modules scanning
20:20:26.565 Disk 0 trace - called modules:
20:20:26.596 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:20:26.596 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a30060]
20:20:26.596 3 CLASSPNP.SYS[fffff880018fe43f] -> nt!IofCallDriver -> [0xfffffa80047dc520]
20:20:26.596 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047c6060]
20:20:27.704 AVAST engine scan C:\Windows
20:20:30.434 AVAST engine scan C:\Windows\system32
20:23:11.286 AVAST engine scan C:\Windows\system32\drivers
20:23:23.391 AVAST engine scan C:\Users\Travnicek
21:01:34.583 AVAST engine scan C:\ProgramData
21:03:16.467 Disk 0 statistics 6594388/0/0 @ 1,43 MB/s
21:03:16.482 Scan finished successfully
21:04:09.990 Disk 0 MBR has been saved successfully to "C:\Users\Travnicek\Desktop\MBR.dat"
21:04:10.006 The log file has been saved successfully to "C:\Users\Travnicek\Desktop\aswMBR 26.2.txt"
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4093.2686 [GMT 1:00]
Spuštěný z: c:\users\Travnicek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Travnicek\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\avgtpx64.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.26.9\goopdate.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.26.9\psmachine.dll
c:\program files (x86)\Google\Update\1.3.26.9\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.26.9\psuser.dll
c:\program files (x86)\Google\Update\1.3.26.9\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_chrome_installer.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{55090C3F-83CB-40E7-BDB7-C9A982DE0D3F}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{D4CF9013-B4EE-4706-BF28-25DA8D6BB393}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{E08688BF-F241-4B7A-8196-843ED4CE5C6F}\40.0.2214.115_chrome_installer.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\program files (x86)\Spybot - Search & Destroy 2
c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe.log
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-hux2.exe
c:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-nlx2.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Cleaning\150204-175600.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\150212-225256.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\150213-175342.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\150223-155840.xml
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Immunization.ini
c:\programdata\Spybot - Search & Destroy\Logs\150204-175600.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\150212-225256.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\150213-175342.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\150223-155840.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.150204-1849.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.150212-2319.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.150213-1753.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.150223-1645.txt
c:\programdata\Spybot - Search & Destroy\Logs\Immunization-Browsers.log
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Service_avgtp
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-26 do 2015-02-26 )))))))))))))))))))))))))))))))
.
.
2015-02-26 19:04 . 2015-02-26 19:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-26 14:13 . 2015-02-26 19:07 -------- d-----w- c:\users\Travnicek\AppData\Local\Temp
2015-02-26 14:13 . 2015-02-26 13:51 24064 ----a-w- c:\windows\zoek-delete.exe
2015-02-26 10:57 . 2015-02-26 10:57 -------- d-----w- c:\users\Travnicek\AppData\Local\CrashDumps
2015-02-25 23:17 . 2015-02-26 14:10 -------- d-----w- C:\zoek_backup
2015-02-25 19:25 . 2015-02-25 19:25 -------- d-----w- c:\users\Travnicek\AppData\Local\Adobe
2015-02-24 20:37 . 2015-02-24 20:37 -------- d-----w- c:\users\Travnicek\AppData\Local\Apps
2015-02-24 19:59 . 2015-02-25 23:04 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-24 19:58 . 2015-02-24 19:58 -------- d-----w- c:\programdata\RogueKiller
2015-02-24 19:35 . 2015-02-24 19:42 -------- d-----w- C:\AdwCleaner
2015-02-24 18:14 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6E1A735-923C-498F-B7AA-BC1C86506A15}\mpengine.dll
2015-02-23 12:37 . 2015-02-23 12:37 -------- d-----w- c:\users\Travnicek\AppData\Roaming\AVAST Software
2015-02-23 12:36 . 2015-02-23 12:36 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-02-23 12:36 . 2015-02-23 12:36 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-23 12:36 . 2015-02-23 12:36 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-23 12:36 . 2015-02-23 12:36 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-23 12:36 . 2015-02-23 12:37 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-23 12:36 . 2015-02-23 12:36 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-23 12:36 . 2015-02-23 12:36 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-23 12:36 . 2015-02-23 12:37 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-23 12:36 . 2015-02-23 12:36 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-23 12:36 . 2015-02-23 12:36 43152 ----a-w- c:\windows\avastSS.scr
2015-02-23 12:32 . 2015-02-23 12:32 -------- d-----w- c:\program files\AVAST Software
2015-02-23 12:30 . 2015-02-23 12:32 -------- d-----w- c:\programdata\AVAST Software
2015-02-23 09:52 . 2015-02-26 19:07 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-23 09:52 . 2015-02-23 09:52 -------- d-----w- c:\programdata\Malwarebytes
2015-02-23 09:52 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-23 09:52 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-23 09:52 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-23 09:48 . 2013-04-05 17:59 963488 ----a-w- c:\windows\system32\deployJava1.dll
2015-02-23 09:48 . 2013-04-05 17:59 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2015-02-23 09:48 . 2015-02-23 09:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-19 15:33 . 2015-02-19 15:33 -------- d-----w- c:\users\Travnicek\AppData\Local\Steam
2015-02-13 17:37 . 2015-02-13 17:37 -------- d-----r- C:\Sandbox
2015-02-12 15:07 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 15:07 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 15:07 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 15:07 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-11 16:10 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-11 16:09 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 16:07 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 16:07 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 16:07 . 2014-07-07 02:07 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-11 16:07 . 2014-07-07 02:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-11 16:07 . 2014-07-07 01:40 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-11 16:07 . 2014-07-07 01:40 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-02-11 16:06 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 16:06 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 16:06 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-02-11 16:06 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-02-11 16:06 . 2014-10-04 01:42 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-02-11 16:02 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 16:02 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 16:02 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 16:02 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 16:02 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 16:02 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 16:02 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 16:02 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 16:02 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 15:52 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-01-30 17:39 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2015-01-30 17:23 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2015-01-30 17:23 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2015-01-30 17:23 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2015-01-30 17:23 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2015-01-30 17:23 . 2015-01-30 17:23 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2015-01-30 17:23 . 2015-01-30 17:23 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-23 09:47 . 2013-04-05 17:59 319912 ----a-w- c:\windows\system32\javaws.exe
2015-02-23 09:47 . 2013-04-05 17:59 191400 ----a-w- c:\windows\system32\javaw.exe
2015-02-23 09:47 . 2013-04-05 17:59 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-23 09:47 . 2013-04-05 17:59 190888 ----a-w- c:\windows\system32\java.exe
2015-02-23 09:46 . 2014-10-20 18:26 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-11 21:50 . 2013-04-14 08:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 16:54 . 2013-04-05 19:32 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:54 . 2013-04-05 19:32 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-31 19:53 . 2013-04-06 16:48 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-12-31 19:53 . 2013-04-06 14:14 348928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-12-31 19:53 . 2013-04-06 14:14 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-12-22 23:41 . 2013-04-04 15:34 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 13:43 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 13:43 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-17 15:41 . 2014-06-18 09:30 182304 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-12-11 17:47 . 2015-01-14 13:43 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 13:43 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 13:43 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 13:43 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Hry\steam\steam.exe" [2015-02-18 2874048]
"HS TOOL"="c:\program files (x86)\MKJogo\MKHSTOOL\HS_TOOL.exe" [2014-05-05 881864]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"SandboxieControl"="c:\program files\Programy\SandBoxie\SbieCtrl.exe" [2014-10-14 784904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\Programy na hry\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-23 5227112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 O2 Internet. RunOuc;O2 Internet. OUC;c:\program files (x86)\O2 Internet\UpdateDog\ouc.exe;c:\program files (x86)\O2 Internet\UpdateDog\ouc.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files\Programy na hry\Origin\OriginClientService.exe;c:\program files\Programy na hry\Origin\OriginClientService.exe [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtenic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 MBAMService;MBAMService;c:\program files\Programy\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files\Programy\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-23 15:37 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-05 16:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-23 12:36 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\programdata\O2 Internet\OnlineUpdate\ouc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Programy\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Celkový čas: 2015-02-26 20:13:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-26 19:13
ComboFix2.txt 2015-02-26 14:59
.
Před spuštěním: Volných bajtů: 1 114 002 804 736
Po spuštění: Volných bajtů: 1 113 531 637 760
.
- - End Of File - - D352184C431403782245774FC68F932F
A36C5E4F47E84449FF07ED3517B43A31
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:17:50, on 26.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Travnicek\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\Programy na hry\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Hry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [HS TOOL] "C:\Program Files (x86)\MKJogo\MKHSTOOL\HS_TOOL.exe" -auto
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Programy\SandBoxie\SbieCtrl.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~4\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Programy\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O2 Internet. OUC (O2 Internet. RunOuc) - Unknown owner - C:\Program Files (x86)\O2 Internet\UpdateDog\ouc.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Programy na hry\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Programy\SandBoxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7986 bytes
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-02-26 20:19:33
-----------------------------
20:19:33.260 OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:33.260 Number of processors: 4 586 0xA00
20:19:33.260 ComputerName: TRAVNICEK-PC UserName: Travnicek
20:19:34.477 Initialize success
20:19:34.539 VM: initialized successfully
20:19:34.539 VM: Amd CPU BiosDisabled
20:19:39.437 AVAST engine defs: 15022600
20:19:58.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:19:58.953 Disk 0 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
20:19:58.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
20:19:59.000 Disk 1 Vendor: ADATA_SSD_S396_30GB 3.3.2 Size: 30533MB BusType: 3
20:19:59.109 Disk 0 MBR read successfully
20:19:59.125 Disk 0 MBR scan
20:19:59.125 Disk 0 Windows 7 default MBR code
20:19:59.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1907727 MB offset 2048
20:19:59.156 Disk 0 Boot: NTFS code=2
20:19:59.187 Disk 0 scanning C:\Windows\system32\drivers
20:20:09.140 Service scanning
20:20:26.549 Modules scanning
20:20:26.565 Disk 0 trace - called modules:
20:20:26.596 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:20:26.596 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a30060]
20:20:26.596 3 CLASSPNP.SYS[fffff880018fe43f] -> nt!IofCallDriver -> [0xfffffa80047dc520]
20:20:26.596 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047c6060]
20:20:27.704 AVAST engine scan C:\Windows
20:20:30.434 AVAST engine scan C:\Windows\system32
20:23:11.286 AVAST engine scan C:\Windows\system32\drivers
20:23:23.391 AVAST engine scan C:\Users\Travnicek
21:01:34.583 AVAST engine scan C:\ProgramData
21:03:16.467 Disk 0 statistics 6594388/0/0 @ 1,43 MB/s
21:03:16.482 Scan finished successfully
21:04:09.990 Disk 0 MBR has been saved successfully to "C:\Users\Travnicek\Desktop\MBR.dat"
21:04:10.006 The log file has been saved successfully to "C:\Users\Travnicek\Desktop\aswMBR 26.2.txt"
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
c:\windows\system32\drivers\avgtpx64.sys
pokud najdeš tento označený soubor , smaž ho.
Co problémy?
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
c:\windows\system32\drivers\avgtpx64.sys
pokud najdeš tento označený soubor , smaž ho.
Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 118
- Registrován: leden 10
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
reklamy zmizely jak v opeře tak v chrome takže problém vyřešen. Ten soubor jsem odstranil, a jak jsem nahoře psal že by to mohlo být routerem tak to mohla být jedna z příčin protože jsem zjistil že mám doma router který má nějakou softwarovou chybu a že díky tomu je jednoduší se na něj dostat http://www.novinky.cz/internet-a-pc/bez ... ranit.html .
Jinak děkuj za pomoc mohl bych sem ještě dát log z HJT z notebooku se stejným problémem?
Ještě jednou děkuji.
Siola
Jinak děkuj za pomoc mohl bych sem ještě dát log z HJT z notebooku se stejným problémem?
Ještě jednou děkuji.
Siola
-
- Level 1.5
- Příspěvky: 118
- Registrován: leden 10
- Pohlaví:
- Stav:
Offline
Re: Zavirovaný PC
ještě na něco jsem přišel bratr mi řekl že když pustí hru CS:GO tak v hlavním panelu se mu zobrazují reklamy a jakoby skype okno které se odkazuje na nějaké ruské stránky aspoň podle malwarebytes který to okno částečně blokuje. Myslím si že by pomohla reinstalace hry nebo steámu ale radši bych se poradil.
PS: tu hru nehraji proto jsem o tom nenapsal dříve
PS: tu hru nehraji proto jsem o tom nenapsal dříve
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 75 hostů