prosím o kontrolu logu nefunkční automatické aktualizace Vyřešeno
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu nefunkční automatické aktualizace
A log z RK po opravě?
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: prosím o kontrolu logu nefunkční automatické aktualizace
Pardon:RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : dawos [Práva správce]
Mód : Odebrat -- Datum : 03/03/2014 20:13:56
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NAHRAZENO (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[BROK VAL] HKCR\[...]\command : () -> vytvořené ("%1" %*)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 5fb1aa6404a0753385a8823ef9e02da1
[BSP] 1581d758a26a98437a3293d561cb5e8c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_03032014_201356.txt >>
RKreport[0]_S_03032014_155030.txt
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : dawos [Práva správce]
Mód : Odebrat -- Datum : 03/03/2014 20:13:56
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NAHRAZENO (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[BROK VAL] HKCR\[...]\command : () -> vytvořené ("%1" %*)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 5fb1aa6404a0753385a8823ef9e02da1
[BSP] 1581d758a26a98437a3293d561cb5e8c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_03032014_201356.txt >>
RKreport[0]_S_03032014_155030.txt
intel core i5-2400cpu@3.2Ghz,8gb ram ddr 3,NVIDIA GeForce GTX 560 Ti,PH67-UD3-B3,Windows 7 home premium.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu nefunkční automatické aktualizace
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu nefunkční automatické aktualizace
ComboFix 14-03-04.03 - dawos 04.03.2014 19:41:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6713 [GMT 1:00]
Spuštěný z: c:\users\dawos\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1383861437.bdinstall.bin
c:\users\Public\AlexaNSISPlugin.3360.dll
c:\windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-04 do 2014-03-04 )))))))))))))))))))))))))))))))
.
.
2014-03-04 14:06 . 2014-03-04 14:06 -------- d-----w- c:\users\dawos\AppData\Local\ElevatedDiagnostics
2014-03-03 14:35 . 2014-03-03 14:35 -------- d-----w- c:\windows\ERUNT
2014-03-02 20:16 . 2014-03-03 14:32 -------- d-----w- C:\AdwCleaner
2014-03-02 20:14 . 2014-03-04 14:10 -------- d-----w- c:\users\dawos\AppData\Local\Google
2014-03-02 09:21 . 2014-03-02 09:21 -------- d-----w- c:\users\dawos\AppData\Local\Nokia
2014-03-02 08:35 . 2014-03-02 08:35 -------- d-----w- c:\users\dawos\AppData\Local\Programs
2014-03-02 08:21 . 2014-03-02 08:21 -------- d-----w- c:\program files\CCleaner
2014-03-02 08:19 . 2014-03-02 08:19 -------- d-----w- c:\users\dawos\AppData\Local\NVIDIA Corporation
2014-03-02 08:09 . 2014-03-02 08:09 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-03-02 07:07 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E77156CA-A4B9-4E96-B508-D8483B0255F8}\mpengine.dll
2014-03-02 07:07 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-02 07:07 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-22 15:26 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-14 00:52 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-14 00:52 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 06:05 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 14:36 . 2013-02-25 23:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-22 14:36 . 2012-01-22 17:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 17:16 . 2012-01-22 17:18 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-08 18:34 . 2013-06-08 05:46 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2013-06-08 05:46 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-02-08 18:34 . 2013-06-07 14:35 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-08 18:34 . 2013-06-07 14:35 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-02-08 18:34 . 2013-03-26 15:40 947296 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2013-03-26 15:40 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2013-03-26 15:40 3090184 ----a-w- c:\windows\system32\nvapi64.dll
2014-02-08 17:42 . 2013-06-07 14:36 6712608 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2013-06-07 14:36 3498272 ----a-w- c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2013-06-07 14:36 923936 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2013-06-07 14:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2013-06-07 14:36 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-08 17:42 . 2013-06-07 14:36 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2014-02-05 17:52 . 2013-06-07 14:36 3573739 ----a-w- c:\windows\system32\nvcoproc.bin
2014-01-22 07:52 . 2014-01-22 07:52 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-22 07:52 . 2014-01-22 07:52 108800 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-15 23:13 . 2014-01-30 22:37 1885472 ----a-w- c:\windows\system32\nvdispco6433467.dll
2014-01-15 23:13 . 2014-01-30 22:37 1515296 ----a-w- c:\windows\system32\nvdispgenco6433467.dll
2013-12-19 20:33 . 2014-01-08 06:35 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-08 06:35 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2013-12-18 20:09 . 2014-01-15 17:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 17:35 . 2013-08-03 03:40 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-18 17:35 . 2012-01-23 17:42 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-18 13:56 . 2013-11-07 22:05 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-18 13:56 . 2013-11-07 22:05 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-18 13:56 . 2013-11-07 22:05 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-18 05:13 . 2012-01-22 16:49 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-15 09:57 . 2012-01-23 15:37 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-10 02:13 . 2013-10-29 14:48 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-10-29 14:48 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-09 14:50 . 2013-10-30 17:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-12-09 14:50 . 2013-10-30 17:51 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-12-07 00:15 . 2013-11-16 00:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-12-07 00:15 . 2013-11-16 00:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-12-05 08:42 . 2013-12-18 13:55 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-12-05 08:42 . 2013-12-18 13:55 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-12-05 08:42 . 2013-07-31 12:51 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-10-27 13:07 . 2013-10-25 06:00 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-18 1090912]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"RoccatIsku"="c:\program files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE" [2013-09-13 536576]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 DES2 Service;DES2 Service for Energy Saving.; [x]
R4 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 13:49 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 14:36]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02 08:03]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02 08:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-26 13626072]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1840720]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Spybot-S&D Cleaning - c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
Wow6432Node-HKLM-Run-ZyngaGamesAgent - c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
Wow6432Node-HKLM-Run-STCAgent - c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe
Wow6432Node-HKLM-Run-SDTray - c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe
Wow6432Node-HKLM-Run-ROCCATTalk - c:\program files (x86)\ROCCAT\Talk\TalkMonitor.EXE
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk - c:\windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1645738313-2668078682-3545954798-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,95,7c,33,5d,5b,0f,4c,5b,e0,06,4c,68,b9,4f,e9,1a,37,c5,ca,df,
32,af,2c,dc,f8,d9,df,87,23,34,68,ef,5a,a6,0e,2b,c1,c0,27,ea,37,d1,fe,b4,1a,\
"rkeysecu"=hex:72,45,86,40,8c,6c,ee,b4,6e,4b,08,88,d5,b8,1f,66
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-03-04 19:54:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-04 18:54
.
Před spuštěním: Volných bajtů: 825 854 226 432
Po spuštění: Volných bajtů: 825 239 486 464
.
- - End Of File - - E9FBDE5117430A34E5B27A5187308065
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6713 [GMT 1:00]
Spuštěný z: c:\users\dawos\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1383861437.bdinstall.bin
c:\users\Public\AlexaNSISPlugin.3360.dll
c:\windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-04 do 2014-03-04 )))))))))))))))))))))))))))))))
.
.
2014-03-04 14:06 . 2014-03-04 14:06 -------- d-----w- c:\users\dawos\AppData\Local\ElevatedDiagnostics
2014-03-03 14:35 . 2014-03-03 14:35 -------- d-----w- c:\windows\ERUNT
2014-03-02 20:16 . 2014-03-03 14:32 -------- d-----w- C:\AdwCleaner
2014-03-02 20:14 . 2014-03-04 14:10 -------- d-----w- c:\users\dawos\AppData\Local\Google
2014-03-02 09:21 . 2014-03-02 09:21 -------- d-----w- c:\users\dawos\AppData\Local\Nokia
2014-03-02 08:35 . 2014-03-02 08:35 -------- d-----w- c:\users\dawos\AppData\Local\Programs
2014-03-02 08:21 . 2014-03-02 08:21 -------- d-----w- c:\program files\CCleaner
2014-03-02 08:19 . 2014-03-02 08:19 -------- d-----w- c:\users\dawos\AppData\Local\NVIDIA Corporation
2014-03-02 08:09 . 2014-03-02 08:09 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-03-02 07:07 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E77156CA-A4B9-4E96-B508-D8483B0255F8}\mpengine.dll
2014-03-02 07:07 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-02 07:07 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-22 15:26 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-14 00:52 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-14 00:52 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 06:05 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 14:36 . 2013-02-25 23:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-22 14:36 . 2012-01-22 17:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 17:16 . 2012-01-22 17:18 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-08 18:34 . 2013-06-08 05:46 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2013-06-08 05:46 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-02-08 18:34 . 2013-06-07 14:35 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-08 18:34 . 2013-06-07 14:35 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-02-08 18:34 . 2013-03-26 15:40 947296 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2013-03-26 15:40 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2013-03-26 15:40 3090184 ----a-w- c:\windows\system32\nvapi64.dll
2014-02-08 17:42 . 2013-06-07 14:36 6712608 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2013-06-07 14:36 3498272 ----a-w- c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2013-06-07 14:36 923936 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2013-06-07 14:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2013-06-07 14:36 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-08 17:42 . 2013-06-07 14:36 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2014-02-05 17:52 . 2013-06-07 14:36 3573739 ----a-w- c:\windows\system32\nvcoproc.bin
2014-01-22 07:52 . 2014-01-22 07:52 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-22 07:52 . 2014-01-22 07:52 108800 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-15 23:13 . 2014-01-30 22:37 1885472 ----a-w- c:\windows\system32\nvdispco6433467.dll
2014-01-15 23:13 . 2014-01-30 22:37 1515296 ----a-w- c:\windows\system32\nvdispgenco6433467.dll
2013-12-19 20:33 . 2014-01-08 06:35 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-08 06:35 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2013-12-18 20:09 . 2014-01-15 17:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 17:35 . 2013-08-03 03:40 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-18 17:35 . 2012-01-23 17:42 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-18 13:56 . 2013-11-07 22:05 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-18 13:56 . 2013-11-07 22:05 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-18 13:56 . 2013-11-07 22:05 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-18 05:13 . 2012-01-22 16:49 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-15 09:57 . 2012-01-23 15:37 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-10 02:13 . 2013-10-29 14:48 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-10-29 14:48 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-09 14:50 . 2013-10-30 17:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-12-09 14:50 . 2013-10-30 17:51 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-12-07 00:15 . 2013-11-16 00:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-12-07 00:15 . 2013-11-16 00:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-12-05 08:42 . 2013-12-18 13:55 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-12-05 08:42 . 2013-12-18 13:55 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-12-05 08:42 . 2013-07-31 12:51 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-10-27 13:07 . 2013-10-25 06:00 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-18 1090912]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"RoccatIsku"="c:\program files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE" [2013-09-13 536576]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 DES2 Service;DES2 Service for Energy Saving.; [x]
R4 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 13:49 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 14:36]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02 08:03]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02 08:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-26 13626072]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1840720]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Spybot-S&D Cleaning - c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
Wow6432Node-HKLM-Run-ZyngaGamesAgent - c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
Wow6432Node-HKLM-Run-STCAgent - c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe
Wow6432Node-HKLM-Run-SDTray - c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe
Wow6432Node-HKLM-Run-ROCCATTalk - c:\program files (x86)\ROCCAT\Talk\TalkMonitor.EXE
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk - c:\windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1645738313-2668078682-3545954798-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,95,7c,33,5d,5b,0f,4c,5b,e0,06,4c,68,b9,4f,e9,1a,37,c5,ca,df,
32,af,2c,dc,f8,d9,df,87,23,34,68,ef,5a,a6,0e,2b,c1,c0,27,ea,37,d1,fe,b4,1a,\
"rkeysecu"=hex:72,45,86,40,8c,6c,ee,b4,6e,4b,08,88,d5,b8,1f,66
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-03-04 19:54:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-04 18:54
.
Před spuštěním: Volných bajtů: 825 854 226 432
Po spuštění: Volných bajtů: 825 239 486 464
.
- - End Of File - - E9FBDE5117430A34E5B27A5187308065
A36C5E4F47E84449FF07ED3517B43A31
intel core i5-2400cpu@3.2Ghz,8gb ram ddr 3,NVIDIA GeForce GTX 560 Ti,PH67-UD3-B3,Windows 7 home premium.
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu nefunkční automatické aktualizace
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:
ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
RegLock::
[HKEY_USERS\S-1-5-21-1645738313-2668078682-3545954798-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,95,7c,33,5d,5b,0f,4c,5b,e0,06,4c,68,b9,4f,e9,1a,37,c5,ca,df,
32,af,2c,dc,f8,d9,df,87,23,34,68,ef,5a,a6,0e,2b,c1,c0,27,ea,37,d1,fe,b4,1a,\
"rkeysecu"=hex:72,45,86,40,8c,6c,ee,b4,6e,4b,08,88,d5,b8,1f,66
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Zkopíruj do něj následující celý text označený červeně:
ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
RegLock::
[HKEY_USERS\S-1-5-21-1645738313-2668078682-3545954798-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,95,7c,33,5d,5b,0f,4c,5b,e0,06,4c,68,b9,4f,e9,1a,37,c5,ca,df,
32,af,2c,dc,f8,d9,df,87,23,34,68,ef,5a,a6,0e,2b,c1,c0,27,ea,37,d1,fe,b4,1a,\
"rkeysecu"=hex:72,45,86,40,8c,6c,ee,b4,6e,4b,08,88,d5,b8,1f,66
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: prosím o kontrolu logu nefunkční automatické aktualizace
ComboFix 14-03-04.03 - dawos 05.03.2014 14:52:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6914 [GMT 1:00]
Spuštěný z: c:\users\dawos\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\dawos\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-05 do 2014-03-05 )))))))))))))))))))))))))))))))
.
.
2014-03-05 13:56 . 2014-03-05 13:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-05 13:56 . 2014-03-05 13:56 -------- d-----w- c:\users\UpdatusUser.dawos-PC\AppData\Local\temp
2014-03-05 13:56 . 2014-03-05 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-04 19:41 . 2014-03-04 19:41 17268616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-04 18:52 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAFA2DB1-DEA9-4F66-A97A-F83FA23B8C60}\mpengine.dll
2014-03-04 14:06 . 2014-03-04 14:06 -------- d-----w- c:\users\dawos\AppData\Local\ElevatedDiagnostics
2014-03-03 14:35 . 2014-03-03 14:35 -------- d-----w- c:\windows\ERUNT
2014-03-02 20:16 . 2014-03-03 14:32 -------- d-----w- C:\AdwCleaner
2014-03-02 20:14 . 2014-03-04 14:10 -------- d-----w- c:\users\dawos\AppData\Local\Google
2014-03-02 09:21 . 2014-03-02 09:21 -------- d-----w- c:\users\dawos\AppData\Local\Nokia
2014-03-02 08:35 . 2014-03-02 08:35 -------- d-----w- c:\users\dawos\AppData\Local\Programs
2014-03-02 08:21 . 2014-03-02 08:21 -------- d-----w- c:\program files\CCleaner
2014-03-02 08:19 . 2014-03-02 08:19 -------- d-----w- c:\users\dawos\AppData\Local\NVIDIA Corporation
2014-03-02 08:09 . 2014-03-02 08:09 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-03-02 07:07 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-02 07:07 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-22 15:26 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-14 00:52 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-14 00:52 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 06:05 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 19:41 . 2013-02-25 23:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 19:41 . 2012-01-22 17:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 17:16 . 2012-01-22 17:18 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-08 18:34 . 2013-06-08 05:46 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2013-06-08 05:46 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-02-08 18:34 . 2013-06-07 14:35 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-08 18:34 . 2013-06-07 14:35 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-02-08 18:34 . 2013-03-26 15:40 947296 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2013-03-26 15:40 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2013-03-26 15:40 3090184 ----a-w- c:\windows\system32\nvapi64.dll
2014-02-08 17:42 . 2013-06-07 14:36 6712608 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2013-06-07 14:36 3498272 ----a-w- c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2013-06-07 14:36 923936 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2013-06-07 14:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2013-06-07 14:36 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-08 17:42 . 2013-06-07 14:36 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2014-02-05 17:52 . 2013-06-07 14:36 3573739 ----a-w- c:\windows\system32\nvcoproc.bin
2014-01-22 07:52 . 2014-01-22 07:52 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-22 07:52 . 2014-01-22 07:52 108800 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-15 23:13 . 2014-01-30 22:37 1885472 ----a-w- c:\windows\system32\nvdispco6433467.dll
2014-01-15 23:13 . 2014-01-30 22:37 1515296 ----a-w- c:\windows\system32\nvdispgenco6433467.dll
2013-12-19 20:33 . 2014-01-08 06:35 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-08 06:35 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2013-12-18 20:09 . 2014-01-15 17:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 17:35 . 2013-08-03 03:40 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-18 17:35 . 2012-01-23 17:42 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-18 13:56 . 2013-11-07 22:05 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-18 13:56 . 2013-11-07 22:05 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-18 13:56 . 2013-11-07 22:05 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-18 05:13 . 2012-01-22 16:49 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-15 09:57 . 2012-01-23 15:37 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-10 02:13 . 2013-10-29 14:48 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-10-29 14:48 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-09 14:50 . 2013-10-30 17:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-12-09 14:50 . 2013-10-30 17:51 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-12-07 00:15 . 2013-11-16 00:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-12-07 00:15 . 2013-11-16 00:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-10-27 13:07 . 2013-10-25 06:00 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-18 1090912]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"RoccatIsku"="c:\program files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE" [2013-09-13 536576]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 DES2 Service;DES2 Service for Energy Saving.; [x]
R4 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 13:49 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-26 13626072]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1840720]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1645738313-2668078682-3545954798-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,95,7c,33,5d,5b,0f,4c,5b,e0,06,4c,68,b9,4f,e9,1a,37,c5,ca,df,
32,af,2c,dc,f8,d9,df,87,23,34,68,ef,5a,a6,0e,2b,c1,c0,27,ea,37,d1,fe,b4,1a,\
"rkeysecu"=hex:72,45,86,40,8c,6c,ee,b4,6e,4b,08,88,d5,b8,1f,66
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-03-05 15:00:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-05 14:00
ComboFix2.txt 2014-03-04 18:54
.
Před spuštěním: Volných bajtů: 825 457 135 616
Po spuštění: Volných bajtů: 825 129 992 192
.
- - End Of File - - 9970FB7C5DF35F552242A28C5BDFE44E
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6914 [GMT 1:00]
Spuštěný z: c:\users\dawos\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\dawos\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-05 do 2014-03-05 )))))))))))))))))))))))))))))))
.
.
2014-03-05 13:56 . 2014-03-05 13:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-05 13:56 . 2014-03-05 13:56 -------- d-----w- c:\users\UpdatusUser.dawos-PC\AppData\Local\temp
2014-03-05 13:56 . 2014-03-05 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-04 19:41 . 2014-03-04 19:41 17268616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-04 18:52 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAFA2DB1-DEA9-4F66-A97A-F83FA23B8C60}\mpengine.dll
2014-03-04 14:06 . 2014-03-04 14:06 -------- d-----w- c:\users\dawos\AppData\Local\ElevatedDiagnostics
2014-03-03 14:35 . 2014-03-03 14:35 -------- d-----w- c:\windows\ERUNT
2014-03-02 20:16 . 2014-03-03 14:32 -------- d-----w- C:\AdwCleaner
2014-03-02 20:14 . 2014-03-04 14:10 -------- d-----w- c:\users\dawos\AppData\Local\Google
2014-03-02 09:21 . 2014-03-02 09:21 -------- d-----w- c:\users\dawos\AppData\Local\Nokia
2014-03-02 08:35 . 2014-03-02 08:35 -------- d-----w- c:\users\dawos\AppData\Local\Programs
2014-03-02 08:21 . 2014-03-02 08:21 -------- d-----w- c:\program files\CCleaner
2014-03-02 08:19 . 2014-03-02 08:19 -------- d-----w- c:\users\dawos\AppData\Local\NVIDIA Corporation
2014-03-02 08:09 . 2014-03-02 08:09 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-03-02 07:07 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-02 07:07 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-22 15:26 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-14 00:52 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-14 00:52 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 06:05 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 19:41 . 2013-02-25 23:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 19:41 . 2012-01-22 17:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 17:16 . 2012-01-22 17:18 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-08 18:34 . 2013-06-08 05:46 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2013-06-08 05:46 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-02-08 18:34 . 2013-06-07 14:35 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-08 18:34 . 2013-06-07 14:35 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-02-08 18:34 . 2013-03-26 15:40 947296 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2013-03-26 15:40 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2013-03-26 15:40 3090184 ----a-w- c:\windows\system32\nvapi64.dll
2014-02-08 17:42 . 2013-06-07 14:36 6712608 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2013-06-07 14:36 3498272 ----a-w- c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2013-06-07 14:36 923936 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2013-06-07 14:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2013-06-07 14:36 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-08 17:42 . 2013-06-07 14:36 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2014-02-05 17:52 . 2013-06-07 14:36 3573739 ----a-w- c:\windows\system32\nvcoproc.bin
2014-01-22 07:52 . 2014-01-22 07:52 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-22 07:52 . 2014-01-22 07:52 108800 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-15 23:13 . 2014-01-30 22:37 1885472 ----a-w- c:\windows\system32\nvdispco6433467.dll
2014-01-15 23:13 . 2014-01-30 22:37 1515296 ----a-w- c:\windows\system32\nvdispgenco6433467.dll
2013-12-19 20:33 . 2014-01-08 06:35 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-08 06:35 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2013-12-18 20:09 . 2014-01-15 17:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 17:35 . 2013-08-03 03:40 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-18 17:35 . 2012-01-23 17:42 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-18 13:56 . 2013-11-07 22:05 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-18 13:56 . 2013-11-07 22:05 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-18 13:56 . 2013-11-07 22:05 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-18 05:13 . 2012-01-22 16:49 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-15 09:57 . 2012-01-23 15:37 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-10 02:13 . 2013-10-29 14:48 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-10-29 14:48 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-09 14:50 . 2013-10-30 17:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-12-09 14:50 . 2013-10-30 17:51 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-12-07 00:15 . 2013-11-16 00:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-12-07 00:15 . 2013-11-16 00:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-10-27 13:07 . 2013-10-25 06:00 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-18 1090912]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"RoccatIsku"="c:\program files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE" [2013-09-13 536576]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 DES2 Service;DES2 Service for Energy Saving.; [x]
R4 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 13:49 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-26 13626072]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1840720]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1645738313-2668078682-3545954798-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,95,7c,33,5d,5b,0f,4c,5b,e0,06,4c,68,b9,4f,e9,1a,37,c5,ca,df,
32,af,2c,dc,f8,d9,df,87,23,34,68,ef,5a,a6,0e,2b,c1,c0,27,ea,37,d1,fe,b4,1a,\
"rkeysecu"=hex:72,45,86,40,8c,6c,ee,b4,6e,4b,08,88,d5,b8,1f,66
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-03-05 15:00:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-05 14:00
ComboFix2.txt 2014-03-04 18:54
.
Před spuštěním: Volných bajtů: 825 457 135 616
Po spuštění: Volných bajtů: 825 129 992 192
.
- - End Of File - - 9970FB7C5DF35F552242A28C5BDFE44E
A36C5E4F47E84449FF07ED3517B43A31
intel core i5-2400cpu@3.2Ghz,8gb ram ddr 3,NVIDIA GeForce GTX 560 Ti,PH67-UD3-B3,Windows 7 home premium.
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu nefunkční automatické aktualizace
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy? + nový log z HJT
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy? + nový log z HJT
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: prosím o kontrolu logu nefunkční automatické aktualizace
# DelFix v10.6 - Logfile created 06/03/2014 at 15:24:57
# Updated 11/11/2013 by Xplode
# Username : dawos - DAWOS-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\AdwCleaner
Deleted : C:\Users\dawos\Desktop\RK_Quarantine
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.2.8.16.0_03.03.2014_20.17.03_log.txt
Deleted : C:\Users\dawos\Desktop\adwcleaner.exe
Deleted : C:\Users\dawos\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\dawos\Desktop\JRT (1).exe
Deleted : C:\Users\dawos\Desktop\JRT.txt
Deleted : C:\Users\dawos\Desktop\RKreport[0]_D_03032014_201356.txt
Deleted : C:\Users\dawos\Desktop\RKreport[0]_S_03032014_155030.txt
Deleted : C:\Users\dawos\Desktop\RogueKillerX64.exe
Deleted : C:\Users\dawos\Desktop\tdsskiller (1).zip
Deleted : C:\Users\dawos\Desktop\TDSSKiller.3.0.0.25_03.03.2014_20.17.44_log.txt
Deleted : C:\Users\dawos\Desktop\tdsskiller.zip
Deleted : C:\Users\dawos\Downloads\adwcleaner.exe
Deleted : C:\Users\dawos\Downloads\ComboFix.exe
Deleted : C:\Users\dawos\Downloads\JRT (1).exe
Deleted : C:\Users\dawos\Downloads\JRT.exe
Deleted : C:\Users\dawos\Downloads\HijackThis.exe
Deleted : C:\Users\dawos\Downloads\RogueKillerX64.exe
Deleted : C:\Users\dawos\Downloads\tdsskiller (1).zip
Deleted : C:\Users\dawos\Downloads\tdsskiller.zip
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #389 [Windows Update | 02/26/2014 11:05:47]
Deleted : RP #390 [Windows Update | 03/02/2014 07:07:09]
Deleted : RP #391 [Revo Uninstaller's restore point - AVG SafeGuard toolbar | 03/02/2014 08:09:55]
Deleted : RP #392 [Revo Uninstaller's restore point - Avira Free Antivirus | 03/02/2014 08:13:30]
Deleted : RP #393 [Revo Uninstaller's restore point - Avira SearchFree Toolbar | 03/02/2014 08:14:41]
Deleted : RP #394 [Revo Uninstaller's restore point - Malwarebytes Anti-Malware verze 1.75.0.1300 | 03/02/2014 08:15:26]
Deleted : RP #395 [Created by Wise Disk Cleaner | 03/02/2014 08:36:03]
Deleted : RP #396 [ComboFix created restore point | 03/04/2014 18:40:17]
Deleted : RP #397 [ComboFix created restore point | 03/06/2014 14:21:53]
New restore point created !
########## - EOF - ##########
# Updated 11/11/2013 by Xplode
# Username : dawos - DAWOS-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\AdwCleaner
Deleted : C:\Users\dawos\Desktop\RK_Quarantine
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.2.8.16.0_03.03.2014_20.17.03_log.txt
Deleted : C:\Users\dawos\Desktop\adwcleaner.exe
Deleted : C:\Users\dawos\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\dawos\Desktop\JRT (1).exe
Deleted : C:\Users\dawos\Desktop\JRT.txt
Deleted : C:\Users\dawos\Desktop\RKreport[0]_D_03032014_201356.txt
Deleted : C:\Users\dawos\Desktop\RKreport[0]_S_03032014_155030.txt
Deleted : C:\Users\dawos\Desktop\RogueKillerX64.exe
Deleted : C:\Users\dawos\Desktop\tdsskiller (1).zip
Deleted : C:\Users\dawos\Desktop\TDSSKiller.3.0.0.25_03.03.2014_20.17.44_log.txt
Deleted : C:\Users\dawos\Desktop\tdsskiller.zip
Deleted : C:\Users\dawos\Downloads\adwcleaner.exe
Deleted : C:\Users\dawos\Downloads\ComboFix.exe
Deleted : C:\Users\dawos\Downloads\JRT (1).exe
Deleted : C:\Users\dawos\Downloads\JRT.exe
Deleted : C:\Users\dawos\Downloads\HijackThis.exe
Deleted : C:\Users\dawos\Downloads\RogueKillerX64.exe
Deleted : C:\Users\dawos\Downloads\tdsskiller (1).zip
Deleted : C:\Users\dawos\Downloads\tdsskiller.zip
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #389 [Windows Update | 02/26/2014 11:05:47]
Deleted : RP #390 [Windows Update | 03/02/2014 07:07:09]
Deleted : RP #391 [Revo Uninstaller's restore point - AVG SafeGuard toolbar | 03/02/2014 08:09:55]
Deleted : RP #392 [Revo Uninstaller's restore point - Avira Free Antivirus | 03/02/2014 08:13:30]
Deleted : RP #393 [Revo Uninstaller's restore point - Avira SearchFree Toolbar | 03/02/2014 08:14:41]
Deleted : RP #394 [Revo Uninstaller's restore point - Malwarebytes Anti-Malware verze 1.75.0.1300 | 03/02/2014 08:15:26]
Deleted : RP #395 [Created by Wise Disk Cleaner | 03/02/2014 08:36:03]
Deleted : RP #396 [ComboFix created restore point | 03/04/2014 18:40:17]
Deleted : RP #397 [ComboFix created restore point | 03/06/2014 14:21:53]
New restore point created !
########## - EOF - ##########
intel core i5-2400cpu@3.2Ghz,8gb ram ddr 3,NVIDIA GeForce GTX 560 Ti,PH67-UD3-B3,Windows 7 home premium.
Re: prosím o kontrolu logu nefunkční automatické aktualizace
Jo aktualizace už jdou počítač se chová normálně.Díky moc za pomoc jste frajeři.
intel core i5-2400cpu@3.2Ghz,8gb ram ddr 3,NVIDIA GeForce GTX 560 Ti,PH67-UD3-B3,Windows 7 home premium.
Re: prosím o kontrolu logu nefunkční automatické aktualizace
Ješte něco nemužu odstranit.Zbytky Aviry cleaner pořád nachází toto:
Naposledy upravil(a) parmazan dne 06 bře 2014 15:47, celkem upraveno 1 x.
intel core i5-2400cpu@3.2Ghz,8gb ram ddr 3,NVIDIA GeForce GTX 560 Ti,PH67-UD3-B3,Windows 7 home premium.
Re: prosím o kontrolu logu nefunkční automatické aktualizace
Je to jen zbytek v registrech. Odkazuje to na neexistující soubor. Můžeš to smazat.
Prosím o nevstupování do HJT sekce.
Prosím o nevstupování do HJT sekce.
Naposledy upravil(a) Orcus dne 06 bře 2014 18:53, celkem upraveno 1 x.
Důvod: .
Důvod: .
Re: prosím o kontrolu logu nefunkční automatické aktualizace
Jo jasný,ale pořád to vyskakuje.Dám smazat dobrý dám znovu hledat a zase to vyskočí.
intel core i5-2400cpu@3.2Ghz,8gb ram ddr 3,NVIDIA GeForce GTX 560 Ti,PH67-UD3-B3,Windows 7 home premium.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 94 hostů