RogueKiller:
RogueKiller V10.11.5.0 [Nov 9 2015] (Free) by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebová stránka :
http://www.adlice.com/software/roguekiller/Blog :
http://www.adlice.comOperační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : Josef [Práva správce]
Started from : C:\Documents and Settings\Josef\Plocha\RogueKiller.exe
Mód : Smazat -- Datum : 11/16/2015 10:21:26
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SpyHunter Security Suite : "C:\DOCUME~1\Josef\LOCALS~1\Temp\RarSFX0\SpyHunter4.exe" [x] -> Smazáno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2659733977-570214497-571619954-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Nahrazeno (1)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 214 ¤¤¤
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2079403$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2115168$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2229593$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2296011$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2345886$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2347290$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2360937$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2378111_WM9$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2387149$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2393802$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2412687$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2419632$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2423089$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2440591$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2443105$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2467659$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2476490$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2478960$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2478971$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2479943$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2481109$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2483185$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2485663$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2492386$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2506212$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2507618$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2507938$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2508272$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2508429$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2509553$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2510581$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2535512$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2536276-v2$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2541763$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2544521$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2544893-v2$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2562937$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2564958$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2566454$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2567053$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2567680$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2570222$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2570791$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2570947$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2584146$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2585542$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2586448$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2592799$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2598479$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2603381$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2618451$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2619339$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2620712$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2621440$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2624667$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2631813$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2633171$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2633952$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2639417$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2641653$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2641690$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2646524$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2647518$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2653956$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2655992$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2659262$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2660465$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2661254-v2$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2661637$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2676562$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2685939$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2686509$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2691442$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2695962$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2698365$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2705219$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2707511$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2709162$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2712808$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2718523$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2718704$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2719985$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2723135$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2724197$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2727528$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2731847$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2736233$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2749655$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2753842$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2753842-v2$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2756822$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2757638$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2758857$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2761226$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2770660$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2778344$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2779030$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2779562$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2780091$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2799494$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2802968$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2807986$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2808679$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2808735$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2813170$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2813345$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2820197$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2820917$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2829361$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2834886$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2834904_WM11$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2839229$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2845187$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2847311$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2849470$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2850851$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2850869$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2859537$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2862152$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2862330$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2862335$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2863058$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2864063$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2868038$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2868626$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2876217$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2876315$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2876331$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2883150$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2892075$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2893294$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2893984$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2898715$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2900986$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2904266$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2916036$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB2929961$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB832353$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB898461$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB915800-v4$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB923561$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB929399$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB939683$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB940157$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB941569$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB942288-v3$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB946648$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB950762$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB950974$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB951376-v2$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB951978$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB952004$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB952069_WM9$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB952287$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB952954$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB954154_WM11$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB954155_WM9$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB954459$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB955759$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB956572$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB956744$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB956802$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB956844$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB958644$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB959426$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB960803$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB960859$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB961118$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB961501$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB963093$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB968389$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB968930$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB969059$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB970430$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB971029$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB971657$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB971737$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB972270$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB973507$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB973540_WM9$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB973687$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB973815$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB973869$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB973904$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB974112$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB974318$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB974392$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB974571$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB975025$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB975467$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB975558_WM8$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB975560$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB975562$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB975713$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB977816$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB977914$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB978338$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB978542$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB978601$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB978695_WM9$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB978706$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB979309$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB979482$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB979687$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB980436$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB981322$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB981997$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB982132$ -> Smazáno
[ZeroAccess][Složka] C:\WINDOWS\$NtUninstallKB982665$ -> Smazáno
[PUP][Složka] C:\Documents and Settings\All Users\Data aplikací\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} -> Smazáno
[Hj.Name][Soubor] C:\RECYCLER\S-1-5-21-2659733977-570214497-571619954-1004\Dc34\Windows\rundll32.exe -> Smazáno
[Hj.Name][Soubor] C:\RECYCLER\S-1-5-21-2659733977-570214497-571619954-1004\Dc34\Windows\svchost.exe -> Smazáno
[Hj.Name][Soubor] C:\RECYCLER\S-1-5-21-2659733977-570214497-571619954-1004\Dc34\Windows\winlogon.exe -> Smazáno
¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 3 ¤¤¤
[FIREFX:Addon] pvst96ez.default-1447488994359 : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> Smazáno
[FIREFX:Addon] pvst96ez.default-1447488994359 : RealDownloader [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] -> Smazáno
[PUM.HomePage][FIREFX:Config] pvst96ez.default-1447488994359 : user_pref("browser.startup.homepage", "https://www.seznam.cz/"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: HDT722525DLA380 41N3150LEN +++++
--- User ---
[MBR] f67de06e6ce4904d155cd536a1a9b3c1
[BSP] 3b3a93081167d64c1672dc7270f73629 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 131618 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 269554635 | Size: 106854 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 7cff954acd819733a1aa50b979a73e1e
[BSP] d823fe3b1f3c755e246aecd7413cfcfa : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 61483 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 125917471 | Size: 91142 MB
User = LL1 ... OK
User = LL2 ... OK
Zoek.exe :
Zoek.exe v5.0.0.1 Updated 15-November-2015
Tool run by Josef on po 16.11.2015 at 10:27:31,32.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Josef\Plocha\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
16.11.2015 10:29:19 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Disabled:@xpsp2res.dll,-22009"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP"="5985:TCP:*:Disabled:Vzdálená správa systému Windows "
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Disabled:@xpsp2res.dll,-22009"
==== Empty Folders Check ======================
C:\Program Files\BlazeVideo deleted successfully
C:\Program Files\iOrgSoft deleted successfully
C:\Program Files\Opera deleted successfully
C:\Program Files\Saving Flash deleted successfully
C:\Program Files\WinAVI deleted successfully
C:\Documents and Settings\All Users\Nabídka Start\Programy\DriverEasy deleted successfully
C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy deleted successfully
C:\Documents and Settings\Josef\Nabídka Start\Programy\PC Translator deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Atheros deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\BigFishCache deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\BlazeVideo deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\DAEMON Tools Pro deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\DivX deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\install_clap deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\LangSoft deleted successfully
C:\Documents and Settings\Administrator\Data aplikací\WinRAR deleted successfully
C:\Documents and Settings\Josef\Data aplikací\Broad Intelligence deleted successfully
C:\Documents and Settings\Josef\Data aplikací\DVDVideoSoft deleted successfully
C:\Documents and Settings\Josef\Data aplikací\Opera Software deleted successfully
C:\Documents and Settings\Josef\Data aplikací\Vso deleted successfully
C:\Documents and Settings\LocalService\Data aplikací\QuickScan deleted successfully
C:\Documents and Settings\NetworkService\Data aplikací\QuickScan deleted successfully
C:\Documents and Settings\Josef\Local Settings\Data aplikací\Downloaded Installations deleted successfully
C:\Documents and Settings\Josef\Local Settings\Data aplikací\Opera Software deleted successfully
C:\Documents and Settings\Josef\Local Settings\Data aplikací\Samsung deleted successfully
C:\Documents and Settings\Josef\Local Settings\Data aplikací\SubtitleCreator deleted successfully
C:\Documents and Settings\Josef\Local Settings\Data aplikací\WMTools Downloaded Files deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\o3t1ixmf.default-1399573057593\prefs.js:
Added to C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\o3t1ixmf.default-1399573057593\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\pvst96ez.default-1447488994359\prefs.js:
Added to C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\pvst96ez.default-1447488994359\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Program Files\BlazeVideo not found
C:\Program Files\iOrgSoft not found
C:\Program Files\Opera not found
C:\Program Files\Saving Flash not found
C:\Program Files\WinAVI not found
C:\Program Files\WindowsUpdate deleted
C:\Program Files\0ef7eb06-bfac-47be-ad8f-e6aed6cc1173 deleted
C:\Documents and Settings\Josef\Data aplikací\calibre deleted
C:\Documents and Settings\Josef\.android deleted
C:\Documents and Settings\Josef\Data aplikací\MPUI.ini deleted
C:\Documents and Settings\Josef\Data aplikací\HPCOM_48BitScanUpdate.log deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\DriverGenius deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\system32\GroupPolicy\ADM deleted
C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\pvst96ez.default-1447488994359\Invalidprefs.js deleted
C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\pvst96ez.default-1447488994359\jetpack deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\o3t1ixmf.default-1399573057593
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\pvst96ez.default-1447488994359
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [22.03.2015 15:52]
==== Firefox Extensions ======================
ExtDir: C:\Documents and Settings\Josef\Data aplikací\Mozilla\Extensions
- WebSite Recommendation - %ExtDir%\WebSiteRecommendation@weliketheweb.com
- Google Translator for Firefox - %ExtDir%\translator@zoli.bod.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\pvst96ez.default-1447488994359
D33D39A318AEA70691CED7530E2D9DF9 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
CFBC726A1712BD8DC9914EA06DBCE20B - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
7E54D1EC87CE306CB1A26CE59AFE6E37 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
A06C5E4980D2B235B510E3EBB6183446 - C:\Program Files\Google\Update\1.3.28.17\npGoogleUpdate3.dll - Google Update
0FCEAA7D12B7B0BA825E5C770B1DCA48 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
3A9E1940B4459CC97FDCBB24FCB69004 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
F114FBA6246530B89DD1E04351E0EAC5 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
==== Deleted Firefox Extensions ======================
C:\Documents and Settings\Josef\Data aplikací\Mozilla\Extensions\WebSiteRecommendation@weliketheweb.com deleted
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14.08.2013 15:24]
RealDownloader - Josef\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/es-es/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/es-es/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/searchHKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} -
http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
==== Reset Google Chrome ======================
C:\Documents and Settings\Josef\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Josef\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\Josef\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Josef\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\Josef\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\pvst96ez.default-1447488994359\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\Josef\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=52 folders=23 6573390 bytes)
==== Empty Temp Folders ======================
C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\Josef\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\LocalService\Local Settings\temp will be emptied at reboot
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Josef\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\Josef\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\temp\Cookies" not found
"C:\Documents and Settings\LocalService\Local Settings\temp\History" not found
"C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files" not found
==== EOF on po 16.11.2015 at 10:49:15,79 ======================
ComboFix :
ComboFix 15-11-15.01 - Josef 16.11.2015 10:58:06.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3062.2367 [GMT 1:00]
Spuštěný z: c:\documents and settings\Josef\Plocha\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Josef\WINDOWS
c:\program files\ACD Systems\92778b05-fd08-4164-9512-a1d5a67df1ae.dll
c:\program files\Common
c:\program files\Common\cookies.txt
.
c:\windows\system32\drivers\i8042prt.sys . . . chybí !!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GLOBALUPDATE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-16 do 2015-11-16 )))))))))))))))))))))))))))))))
.
.
2015-11-16 09:46 . 2015-11-16 09:27 24064 ----a-w- c:\windows\zoek-delete.exe
2015-11-16 09:27 . 2015-11-16 09:49 -------- d-----w- C:\zoek_backup
2015-11-15 09:41 . 2015-11-16 08:54 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-15 09:41 . 2015-11-15 10:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-11-14 19:47 . 2015-11-14 19:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2015-11-14 19:47 . 2015-10-05 08:50 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-14 19:47 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-14 19:40 . 2015-11-15 09:20 -------- d-----w- C:\AdwCleaner
2015-11-14 16:37 . 2015-11-14 16:37 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2015-11-14 16:37 . 2015-11-14 16:51 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-14 16:37 . 2015-11-14 16:51 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-11-14 16:35 . 2015-11-14 16:35 2324216 ----a-w- c:\windows\system32\ssins.exe
2015-11-14 08:40 . 2010-05-13 17:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2015-11-01 18:53 . 2015-11-01 18:53 -------- d-----w- c:\documents and settings\Josef\Local Settings\Data aplikací\Showtime
2015-10-27 10:57 . 2015-10-29 10:09 -------- d-----w- C:\Output
2015-10-26 10:58 . 2015-10-26 11:27 -------- d-----w- c:\program files\pazera-software
2015-10-26 09:29 . 2015-10-26 09:29 -------- d-----w- C:\DVDFabDecrypter_Temp
2015-10-22 07:28 . 2015-10-22 07:28 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-05 13:05 . 2015-03-15 18:26 2260 -c--a-w- c:\program files\voucher.bin
2013-03-13 07:03 . 2013-03-13 07:03 2174976 -c--a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 08:44 97072 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5088456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"24c54e38"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nero\\Nero 11\\Nero BackItUp\\BackItUp.exe"=
"g:\\instalace\\GAME\\Kyodai Mahjongg\\kmj.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R?2 ssinstall;SInstalátor;c:\windows\system32\ssins.exe [14.11.2015 17:35 2324216]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [21.11.2011 12:30 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [21.11.2011 12:30 12464]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16.12.2012 9:41 13696]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [10.10.2014 8:59 191928]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10.10.2014 8:59 135296]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/04/16 14:52];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [1.9.2011 21:51 77296]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [16.4.2012 13:51 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [16.4.2012 13:51 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [16.4.2012 13:51 292136]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [1.10.2014 14:40 1349576]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [23.9.2011 18:37 641832]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Tools\InCD\NBHRegInCDSrv.exe [16.10.2009 9:44 53560]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [16.4.2012 13:51 71664]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [11.5.2014 16:00 167424]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14.8.2013 15:19 39056]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.7.2015 12:14 327296]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [25.11.2013 15:01 66944]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [1.3.2013 21:35 1763584]
S3 BioNT_BS;BioNT_BS;\??\g:\program files\bluescrn\BioNT_bs.sys --> g:\program files\bluescrn\BioNT_bs.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [19.3.2014 22:17 20032]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [28.11.2014 22:35 13896]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [14.2.2015 13:24 19984]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [28.11.2014 22:35 9160]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [11.5.2014 16:00 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [7.12.2012 17:27 21248]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.SYS [3.2.2013 15:20 145280]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29.11.2011 18:32 27064]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-11-16 c:\windows\Tasks\Component Rest.job
- c:\documents and settings\Josef\Local Settings\Application Data\Component Rest\xBin\ComponentRest.dll [2015-11-14 10:41]
.
2015-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-26 17:30]
.
2015-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-26 17:30]
.
2015-04-26 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2659733977-570214497-571619954-1004.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 14:19]
.
2015-11-16 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2659733977-570214497-571619954-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2015-11-14 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2659733977-570214497-571619954-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2015-11-16 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2659733977-570214497-571619954-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2015-11-16 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2659733977-570214497-571619954-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2015-11-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2659733977-570214497-571619954-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2015-10-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2659733977-570214497-571619954-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2015-11-15 c:\windows\Tasks\User_Feed_Synchronization-{02D609C1-B138-47A6-B631-4C8C2E89B3B5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\pvst96ez.default-1447488994359\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2015-11-16 11:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\9y5ht12u.TMP 616448 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(568)
c:\program files\Nero\Tools\InCD\NBHshx.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Nero\Tools\InCD\InCDSrv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2015-11-16 11:06:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-11-16 10:06
.
Před spuštěním: Volných bajtů: 80 079 347 712
Po spuštění: Volných bajtů: 79 893 786 624
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EF633BBACDBEA74D686A2E07D0C4C8CD
413FC2A0C716421B3158746D63736515