Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
Z minulé odpovědi: "tak sem to nechal pres noc v nouzovym rezimu a tak je jeste ted" (nedoběhl do konce)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Nevidím log z RK po výmazech..
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Uz sem se soustredil na ten zoek a RK sem nevlozil, takze RK po výmazech..
RogueKiller V10.9.3.0 (x64) [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Sid [Práva správce]
Started from : C:\Users\Sid\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 07/30/2015 15:57:52
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 9 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DC7F98-3C26-49C1-B876-3762B6BFF167} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ECDAF7E4-65C5-47B0-95ED-77BC0399215E} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D0DC7F98-3C26-49C1-B876-3762B6BFF167} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ECDAF7E4-65C5-47B0-95ED-77BC0399215E} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{D0DC7F98-3C26-49C1-B876-3762B6BFF167} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ECDAF7E4-65C5-47B0-95ED-77BC0399215E} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhostSmazáno
¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CREATE[0] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_POWER[22] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_PNP[27] : Unknown @ 0x419a7f4b00000000
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[FIREFX:Addon] yok235fx.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00L6A0 ATA Device +++++
--- User ---
[MBR] 6d248495573ec4528a0a879d48fc1671
[BSP] 96fe066b785949f8822ac8c3bfac4be1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 99998 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 205236 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD50 SCSI Disk Device +++++
--- User ---
[MBR] 1ffc34a096d62f07b1ccffcd2631046a
[BSP] fa642b6d9e77ba6594671d130ba72a63 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 476929 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )
+++++ PhysicalDrive2: WDC WD12 SCSI Disk Device +++++
--- User ---
[MBR] b7d95260eab0071d55f904912c3c6cc2
[BSP] 8e7720fd80085eab9d516992139fbf23 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 114463 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )
Mam stahovat ten ComboFix? Pockam, co napises, diky.
RogueKiller V10.9.3.0 (x64) [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Sid [Práva správce]
Started from : C:\Users\Sid\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 07/30/2015 15:57:52
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 9 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DC7F98-3C26-49C1-B876-3762B6BFF167} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ECDAF7E4-65C5-47B0-95ED-77BC0399215E} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D0DC7F98-3C26-49C1-B876-3762B6BFF167} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ECDAF7E4-65C5-47B0-95ED-77BC0399215E} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{D0DC7F98-3C26-49C1-B876-3762B6BFF167} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ECDAF7E4-65C5-47B0-95ED-77BC0399215E} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhostSmazáno
¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CREATE[0] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_POWER[22] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x419a7f4b00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_PNP[27] : Unknown @ 0x419a7f4b00000000
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[FIREFX:Addon] yok235fx.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00L6A0 ATA Device +++++
--- User ---
[MBR] 6d248495573ec4528a0a879d48fc1671
[BSP] 96fe066b785949f8822ac8c3bfac4be1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 99998 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 205236 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD50 SCSI Disk Device +++++
--- User ---
[MBR] 1ffc34a096d62f07b1ccffcd2631046a
[BSP] fa642b6d9e77ba6594671d130ba72a63 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 476929 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )
+++++ PhysicalDrive2: WDC WD12 SCSI Disk Device +++++
--- User ---
[MBR] b7d95260eab0071d55f904912c3c6cc2
[BSP] 8e7720fd80085eab9d516992139fbf23 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 114463 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )
Mam stahovat ten ComboFix? Pockam, co napises, diky.
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
RK ok, dodej log z CF. 
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu
ComboFix 15-08-02.01 - Sid 02.08.2015 17:50:03.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6861 [GMT 2:00]
Spuštěný z: c:\users\Sid\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sid\AppData\Roaming\steam_api.dlu
c:\users\Sid\AppData\Roaming\Taskmgr
c:\users\Sid\AppData\Roaming\Taskmgr\com.apple.Safari.plist
c:\users\Sid\AppData\Roaming\Taskmgr\klite.dat
c:\users\Sid\AppData\Roaming\Taskmgr\oldfilenotused
c:\users\Sid\AppData\Roaming\Taskmgr\Prefaddon
c:\users\Sid\AppData\Roaming\Taskmgr\Preferences
c:\users\Sid\AppData\Roaming\Taskmgr\Secure Preferences
c:\users\Sid\AppData\Roaming\Taskmgr\setting.dat
c:\users\Sid\AppData\Roaming\Taskmgr\starter.xml
c:\users\Sid\AppData\Roaming\Taskmgr\taskmgr.exe
c:\users\Sid\AppData\Roaming\Taskmgr\user.js
c:\users\Sid\AppData\Roaming\Taskmgr\Web Data
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-02 do 2015-08-02 )))))))))))))))))))))))))))))))
.
.
2015-08-02 17:22 . 2015-08-02 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-02 16:38 . 2015-08-02 16:38 -------- d-----w- c:\users\Sid\AppData\Local\CrashDumps
2015-07-30 20:48 . 2015-07-30 20:48 -------- d-----w- C:\zoek
2015-07-27 13:54 . 2015-07-28 14:18 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-27 13:53 . 2015-07-27 13:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-27 13:53 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-27 13:53 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-27 13:53 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-24 13:00 . 2015-07-24 13:00 -------- d-----w- c:\programdata\ATI
2015-07-19 14:19 . 2015-07-19 14:19 -------- d-----w- c:\users\Sid\AppData\Roaming\AVG
2015-07-19 14:18 . 2015-07-19 14:18 -------- d-----w- c:\program files (x86)\AVG
2015-07-19 14:18 . 2015-07-19 14:18 -------- d-----w- c:\users\Sid\AppData\Local\Avg
2015-07-19 14:17 . 2015-07-19 14:21 -------- d-----w- c:\programdata\AVG
2015-07-19 14:17 . 2015-07-19 14:17 -------- d--h--w- c:\programdata\Common Files
2015-07-19 14:17 . 2015-07-19 14:18 -------- d-----w- c:\users\Sid\AppData\Roaming\PeaZip
2015-07-19 14:17 . 2015-07-19 14:17 -------- d-----w- c:\program files (x86)\PeaZip
2015-07-19 14:02 . 2015-07-19 14:02 -------- d-----w- c:\users\Sid\AppData\Local\Steam
2015-07-19 13:47 . 2015-07-19 13:51 -------- d-----w- c:\program files (x86)\Your Uninstaller 2008
2015-07-08 07:05 . 2015-07-08 07:05 -------- d-----w- c:\programdata\McAfee
2015-07-06 13:11 . 2015-05-09 03:27 98304 ----a-w- c:\windows\system32\wudriver.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-30 13:52 . 2015-02-14 14:46 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-19 13:59 . 2014-06-01 11:42 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-19 13:59 . 2014-06-01 11:42 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 02:08 . 2014-12-14 19:28 152056 ----a-w- c:\windows\system32\atiuxp64.dll
2015-06-23 02:08 . 2014-12-14 19:28 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-06-23 02:08 . 2014-12-14 19:28 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-06-23 02:08 . 2014-12-14 19:28 1440592 ----a-w- c:\windows\system32\aticfx64.dll
2015-06-23 02:08 . 2014-12-14 19:28 1191320 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-06-23 02:08 . 2014-12-14 19:28 11941000 ----a-w- c:\windows\system32\atidxx64.dll
2015-06-23 02:08 . 2014-12-14 19:28 10087472 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-06-23 02:08 . 2014-12-14 19:28 7927568 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-06-23 02:08 . 2014-12-14 19:28 8890576 ----a-w- c:\windows\system32\atiumd6a.dll
2015-06-23 02:08 . 2014-12-14 19:28 8786040 ----a-w- c:\windows\system32\atiumd64.dll
2015-06-23 01:58 . 2014-12-14 19:28 39712256 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-06-23 01:11 . 2014-12-14 19:28 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-06-23 01:10 . 2014-12-14 19:28 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-05-25 18:19 . 2015-07-06 13:16 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-07-06 13:16 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-07-06 13:16 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-07-06 13:16 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-07-06 13:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-06 14:54 . 2015-06-28 17:03 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-07-27 56080]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-05-02 884440]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-06-22 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys;c:\windows\SYSNATIVE\DRIVERS\l1c51x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-01 13:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-02-24 5581888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Sid\AppData\Roaming\Mozilla\Firefox\Profiles\yok235fx.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{F28E880D-EB49-10F7-4AC0-A5D2D4811F3D}_is1 - c:\program files (x86)\ESET PureFix v2.02 - Eset fix v3.3.8.1
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2015-08-02 19:51:41
ComboFix-quarantined-files.txt 2015-08-02 17:51
.
Před spuštěním: Volných bajtů: 21 276 971 008
Po spuštění: Volných bajtů: 20 662 743 040
.
- - End Of File - - B29742A21F490989DDC4E9BFD74E3E0D
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6861 [GMT 2:00]
Spuštěný z: c:\users\Sid\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sid\AppData\Roaming\steam_api.dlu
c:\users\Sid\AppData\Roaming\Taskmgr
c:\users\Sid\AppData\Roaming\Taskmgr\com.apple.Safari.plist
c:\users\Sid\AppData\Roaming\Taskmgr\klite.dat
c:\users\Sid\AppData\Roaming\Taskmgr\oldfilenotused
c:\users\Sid\AppData\Roaming\Taskmgr\Prefaddon
c:\users\Sid\AppData\Roaming\Taskmgr\Preferences
c:\users\Sid\AppData\Roaming\Taskmgr\Secure Preferences
c:\users\Sid\AppData\Roaming\Taskmgr\setting.dat
c:\users\Sid\AppData\Roaming\Taskmgr\starter.xml
c:\users\Sid\AppData\Roaming\Taskmgr\taskmgr.exe
c:\users\Sid\AppData\Roaming\Taskmgr\user.js
c:\users\Sid\AppData\Roaming\Taskmgr\Web Data
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-02 do 2015-08-02 )))))))))))))))))))))))))))))))
.
.
2015-08-02 17:22 . 2015-08-02 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-02 16:38 . 2015-08-02 16:38 -------- d-----w- c:\users\Sid\AppData\Local\CrashDumps
2015-07-30 20:48 . 2015-07-30 20:48 -------- d-----w- C:\zoek
2015-07-27 13:54 . 2015-07-28 14:18 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-27 13:53 . 2015-07-27 13:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-27 13:53 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-27 13:53 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-27 13:53 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-24 13:00 . 2015-07-24 13:00 -------- d-----w- c:\programdata\ATI
2015-07-19 14:19 . 2015-07-19 14:19 -------- d-----w- c:\users\Sid\AppData\Roaming\AVG
2015-07-19 14:18 . 2015-07-19 14:18 -------- d-----w- c:\program files (x86)\AVG
2015-07-19 14:18 . 2015-07-19 14:18 -------- d-----w- c:\users\Sid\AppData\Local\Avg
2015-07-19 14:17 . 2015-07-19 14:21 -------- d-----w- c:\programdata\AVG
2015-07-19 14:17 . 2015-07-19 14:17 -------- d--h--w- c:\programdata\Common Files
2015-07-19 14:17 . 2015-07-19 14:18 -------- d-----w- c:\users\Sid\AppData\Roaming\PeaZip
2015-07-19 14:17 . 2015-07-19 14:17 -------- d-----w- c:\program files (x86)\PeaZip
2015-07-19 14:02 . 2015-07-19 14:02 -------- d-----w- c:\users\Sid\AppData\Local\Steam
2015-07-19 13:47 . 2015-07-19 13:51 -------- d-----w- c:\program files (x86)\Your Uninstaller 2008
2015-07-08 07:05 . 2015-07-08 07:05 -------- d-----w- c:\programdata\McAfee
2015-07-06 13:11 . 2015-05-09 03:27 98304 ----a-w- c:\windows\system32\wudriver.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-30 13:52 . 2015-02-14 14:46 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-19 13:59 . 2014-06-01 11:42 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-19 13:59 . 2014-06-01 11:42 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 02:08 . 2014-12-14 19:28 152056 ----a-w- c:\windows\system32\atiuxp64.dll
2015-06-23 02:08 . 2014-12-14 19:28 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-06-23 02:08 . 2014-12-14 19:28 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-06-23 02:08 . 2014-12-14 19:28 1440592 ----a-w- c:\windows\system32\aticfx64.dll
2015-06-23 02:08 . 2014-12-14 19:28 1191320 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-06-23 02:08 . 2014-12-14 19:28 11941000 ----a-w- c:\windows\system32\atidxx64.dll
2015-06-23 02:08 . 2014-12-14 19:28 10087472 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-06-23 02:08 . 2014-12-14 19:28 7927568 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-06-23 02:08 . 2014-12-14 19:28 8890576 ----a-w- c:\windows\system32\atiumd6a.dll
2015-06-23 02:08 . 2014-12-14 19:28 8786040 ----a-w- c:\windows\system32\atiumd64.dll
2015-06-23 01:58 . 2014-12-14 19:28 39712256 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-06-23 01:11 . 2014-12-14 19:28 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-06-23 01:10 . 2014-12-14 19:28 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-05-25 18:19 . 2015-07-06 13:16 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-07-06 13:16 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-07-06 13:16 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-07-06 13:16 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-07-06 13:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-06 14:54 . 2015-06-28 17:03 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-07-27 56080]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-05-02 884440]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-06-22 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys;c:\windows\SYSNATIVE\DRIVERS\l1c51x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-01 13:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-02-24 5581888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Sid\AppData\Roaming\Mozilla\Firefox\Profiles\yok235fx.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{F28E880D-EB49-10F7-4AC0-A5D2D4811F3D}_is1 - c:\program files (x86)\ESET PureFix v2.02 - Eset fix v3.3.8.1
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2015-08-02 19:51:41
ComboFix-quarantined-files.txt 2015-08-02 17:51
.
Před spuštěním: Volných bajtů: 21 276 971 008
Po spuštění: Volných bajtů: 20 662 743 040
.
- - End Of File - - B29742A21F490989DDC4E9BFD74E3E0D
A36C5E4F47E84449FF07ED3517B43A31
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:
ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job
Folder::
c:\programdata\AVG
c:\users\Sid\AppData\Local\Avg
c:\users\Sid\AppData\Roaming\AVG
Driver::
SkypeUpdate
RegLock::
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
====================================================
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
====================================================
Jsou tam zbytky po AVG, prožeň počítač ještě AVGRemoverem z odkazu níže:
http://download.avg.com/filedir/util/su ... 5_5501.exe
====================================================
Na Virustotal.com otestuj tyto soubor(y) a dodej odkaz(y)
c:\windows\SysWow64\DLLDEV32i.dll
Zkopíruj do něj následující celý text označený červeně:
ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job
Folder::
c:\programdata\AVG
c:\users\Sid\AppData\Local\Avg
c:\users\Sid\AppData\Roaming\AVG
Driver::
SkypeUpdate
RegLock::
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
====================================================
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
====================================================
Jsou tam zbytky po AVG, prožeň počítač ještě AVGRemoverem z odkazu níže:
http://download.avg.com/filedir/util/su ... 5_5501.exe
====================================================
Na Virustotal.com otestuj tyto soubor(y) a dodej odkaz(y)
c:\windows\SysWow64\DLLDEV32i.dll
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu
ComboFix 15-08-02.01 - Sid 02.08.2015 22:15:50.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6424 [GMT 2:00]
Spuštěný z: c:\users\Sid\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Sid\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AVG
c:\programdata\AVG\AWL\AvgRep.xml
c:\programdata\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\programdata\AVG\AWL\TUProgMan.10.tudb
c:\programdata\AVG\AWL\TUProgManagerCache.10.tudb
c:\programdata\AVG\AWL\TUTuningIndex.10.2.tudb
c:\programdata\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\programdata\AVG\AWL0088C5E0E79A66869DEDDD5D7F219D49.xml
c:\programdata\AVG\AWL00CE347C4744394DB725CC85042C50CF.xml
c:\programdata\AVG\AWL00E7EB4E3B002BEF54F160B6239CD5B9.xml
c:\programdata\AVG\AWL2015\TTUSvc.tt
c:\programdata\AVG\AWL2015\TUProgRating.10.tudb
c:\programdata\AVG\AWL2015\TUReportData.10.tudb
c:\users\Sid\AppData\Local\Avg
c:\users\Sid\AppData\Local\Avg\AWL2015\log\avglng.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\avglng.log.lock
c:\users\Sid\AppData\Local\Avg\AWL2015\log\integrator.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\oneclick.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\oneclickstarter.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\settingcenter.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\sqldb.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\tuinstallhelper.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\tuneupsystemstatuscheck.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\tupk.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\tupk.log.lock
c:\users\Sid\AppData\Local\Avg\AWL2015\log\updatewizard.log
c:\users\Sid\AppData\Roaming\AVG
c:\users\Sid\AppData\Roaming\AVG\AWL2015\Dashboard\IntegratorStates_cs-CZ.xml
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-02 do 2015-08-02 )))))))))))))))))))))))))))))))
.
.
2015-08-02 20:35 . 2015-08-02 20:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-02 20:35 . 2015-08-02 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-02 16:38 . 2015-08-02 16:38 -------- d-----w- c:\users\Sid\AppData\Local\CrashDumps
2015-07-30 20:48 . 2015-07-30 20:48 -------- d-----w- C:\zoek
2015-07-27 13:54 . 2015-07-28 14:18 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-27 13:53 . 2015-07-27 13:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-27 13:53 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-27 13:53 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-27 13:53 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-24 13:00 . 2015-07-24 13:00 -------- d-----w- c:\programdata\ATI
2015-07-19 14:18 . 2015-07-19 14:18 -------- d-----w- c:\program files (x86)\AVG
2015-07-19 14:17 . 2015-07-19 14:17 -------- d--h--w- c:\programdata\Common Files
2015-07-19 14:17 . 2015-07-19 14:18 -------- d-----w- c:\users\Sid\AppData\Roaming\PeaZip
2015-07-19 14:17 . 2015-07-19 14:17 -------- d-----w- c:\program files (x86)\PeaZip
2015-07-19 14:02 . 2015-07-19 14:02 -------- d-----w- c:\users\Sid\AppData\Local\Steam
2015-07-19 13:47 . 2015-07-19 13:51 -------- d-----w- c:\program files (x86)\Your Uninstaller 2008
2015-07-08 07:05 . 2015-07-08 07:05 -------- d-----w- c:\programdata\McAfee
2015-07-06 13:11 . 2015-05-09 03:27 98304 ----a-w- c:\windows\system32\wudriver.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-30 13:52 . 2015-02-14 14:46 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-19 13:59 . 2014-06-01 11:42 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-19 13:59 . 2014-06-01 11:42 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 02:08 . 2014-12-14 19:28 152056 ----a-w- c:\windows\system32\atiuxp64.dll
2015-06-23 02:08 . 2014-12-14 19:28 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-06-23 02:08 . 2014-12-14 19:28 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-06-23 02:08 . 2014-12-14 19:28 1440592 ----a-w- c:\windows\system32\aticfx64.dll
2015-06-23 02:08 . 2014-12-14 19:28 1191320 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-06-23 02:08 . 2014-12-14 19:28 11941000 ----a-w- c:\windows\system32\atidxx64.dll
2015-06-23 02:08 . 2014-12-14 19:28 10087472 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-06-23 02:08 . 2014-12-14 19:28 7927568 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-06-23 02:08 . 2014-12-14 19:28 8890576 ----a-w- c:\windows\system32\atiumd6a.dll
2015-06-23 02:08 . 2014-12-14 19:28 8786040 ----a-w- c:\windows\system32\atiumd64.dll
2015-06-23 01:58 . 2014-12-14 19:28 39712256 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-06-23 01:11 . 2014-12-14 19:28 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-06-23 01:10 . 2014-12-14 19:28 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-05-25 18:19 . 2015-07-06 13:16 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-07-06 13:16 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-07-06 13:16 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-07-06 13:16 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-07-06 13:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-06 14:54 . 2015-06-28 17:03 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-07-27 56080]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-05-02 884440]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-06-22 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys;c:\windows\SYSNATIVE\DRIVERS\l1c51x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-02-24 5581888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Sid\AppData\Roaming\Mozilla\Firefox\Profiles\yok235fx.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{F28E880D-EB49-10F7-4AC0-A5D2D4811F3D}_is1 - c:\program files (x86)\ESET PureFix v2.02 - Eset fix v3.3.8.1
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\progra~2\Raptr\raptr.exe
c:\progra~2\Raptr\raptr_im.exe
.
**************************************************************************
.
Celkový čas: 2015-08-02 23:09:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-02 21:08
ComboFix2.txt 2015-08-02 17:52
.
Před spuštěním: Volných bajtů: 20 739 289 088
Po spuštění: Volných bajtů: 20 422 094 848
.
- - End Of File - - 266FC47C1879073971F1A539F77A67F7
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6424 [GMT 2:00]
Spuštěný z: c:\users\Sid\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Sid\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AVG
c:\programdata\AVG\AWL\AvgRep.xml
c:\programdata\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\programdata\AVG\AWL\TUProgMan.10.tudb
c:\programdata\AVG\AWL\TUProgManagerCache.10.tudb
c:\programdata\AVG\AWL\TUTuningIndex.10.2.tudb
c:\programdata\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\programdata\AVG\AWL0088C5E0E79A66869DEDDD5D7F219D49.xml
c:\programdata\AVG\AWL00CE347C4744394DB725CC85042C50CF.xml
c:\programdata\AVG\AWL00E7EB4E3B002BEF54F160B6239CD5B9.xml
c:\programdata\AVG\AWL2015\TTUSvc.tt
c:\programdata\AVG\AWL2015\TUProgRating.10.tudb
c:\programdata\AVG\AWL2015\TUReportData.10.tudb
c:\users\Sid\AppData\Local\Avg
c:\users\Sid\AppData\Local\Avg\AWL2015\log\avglng.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\avglng.log.lock
c:\users\Sid\AppData\Local\Avg\AWL2015\log\integrator.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\oneclick.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\oneclickstarter.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\settingcenter.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\sqldb.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\tuinstallhelper.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\tuneupsystemstatuscheck.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\tupk.log
c:\users\Sid\AppData\Local\Avg\AWL2015\log\tupk.log.lock
c:\users\Sid\AppData\Local\Avg\AWL2015\log\updatewizard.log
c:\users\Sid\AppData\Roaming\AVG
c:\users\Sid\AppData\Roaming\AVG\AWL2015\Dashboard\IntegratorStates_cs-CZ.xml
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-02 do 2015-08-02 )))))))))))))))))))))))))))))))
.
.
2015-08-02 20:35 . 2015-08-02 20:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-02 20:35 . 2015-08-02 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-02 16:38 . 2015-08-02 16:38 -------- d-----w- c:\users\Sid\AppData\Local\CrashDumps
2015-07-30 20:48 . 2015-07-30 20:48 -------- d-----w- C:\zoek
2015-07-27 13:54 . 2015-07-28 14:18 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-27 13:53 . 2015-07-27 13:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-27 13:53 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-27 13:53 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-27 13:53 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-24 13:00 . 2015-07-24 13:00 -------- d-----w- c:\programdata\ATI
2015-07-19 14:18 . 2015-07-19 14:18 -------- d-----w- c:\program files (x86)\AVG
2015-07-19 14:17 . 2015-07-19 14:17 -------- d--h--w- c:\programdata\Common Files
2015-07-19 14:17 . 2015-07-19 14:18 -------- d-----w- c:\users\Sid\AppData\Roaming\PeaZip
2015-07-19 14:17 . 2015-07-19 14:17 -------- d-----w- c:\program files (x86)\PeaZip
2015-07-19 14:02 . 2015-07-19 14:02 -------- d-----w- c:\users\Sid\AppData\Local\Steam
2015-07-19 13:47 . 2015-07-19 13:51 -------- d-----w- c:\program files (x86)\Your Uninstaller 2008
2015-07-08 07:05 . 2015-07-08 07:05 -------- d-----w- c:\programdata\McAfee
2015-07-06 13:11 . 2015-05-09 03:27 98304 ----a-w- c:\windows\system32\wudriver.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-30 13:52 . 2015-02-14 14:46 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-19 13:59 . 2014-06-01 11:42 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-19 13:59 . 2014-06-01 11:42 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 02:08 . 2014-12-14 19:28 152056 ----a-w- c:\windows\system32\atiuxp64.dll
2015-06-23 02:08 . 2014-12-14 19:28 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-06-23 02:08 . 2014-12-14 19:28 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-06-23 02:08 . 2014-12-14 19:28 1440592 ----a-w- c:\windows\system32\aticfx64.dll
2015-06-23 02:08 . 2014-12-14 19:28 1191320 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-06-23 02:08 . 2014-12-14 19:28 11941000 ----a-w- c:\windows\system32\atidxx64.dll
2015-06-23 02:08 . 2014-12-14 19:28 10087472 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-06-23 02:08 . 2014-12-14 19:28 7927568 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-06-23 02:08 . 2014-12-14 19:28 8890576 ----a-w- c:\windows\system32\atiumd6a.dll
2015-06-23 02:08 . 2014-12-14 19:28 8786040 ----a-w- c:\windows\system32\atiumd64.dll
2015-06-23 01:58 . 2014-12-14 19:28 39712256 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-06-23 01:11 . 2014-12-14 19:28 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-06-23 01:10 . 2014-12-14 19:28 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-05-25 18:19 . 2015-07-06 13:16 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-07-06 13:16 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-07-06 13:16 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-07-06 13:16 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-07-06 13:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-06 14:54 . 2015-06-28 17:03 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-07-27 56080]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-05-02 884440]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-06-22 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys;c:\windows\SYSNATIVE\DRIVERS\l1c51x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-02-24 5581888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Sid\AppData\Roaming\Mozilla\Firefox\Profiles\yok235fx.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{F28E880D-EB49-10F7-4AC0-A5D2D4811F3D}_is1 - c:\program files (x86)\ESET PureFix v2.02 - Eset fix v3.3.8.1
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\progra~2\Raptr\raptr.exe
c:\progra~2\Raptr\raptr_im.exe
.
**************************************************************************
.
Celkový čas: 2015-08-02 23:09:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-02 21:08
ComboFix2.txt 2015-08-02 17:52
.
Před spuštěním: Volných bajtů: 20 739 289 088
Po spuštění: Volných bajtů: 20 422 094 848
.
- - End Of File - - 266FC47C1879073971F1A539F77A67F7
A36C5E4F47E84449FF07ED3517B43A31
Re: Prosím o kontrolu logu
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-08-02 23:13:58
-----------------------------
23:13:58.194 OS Version: Windows x64 6.1.7601 Service Pack 1
23:13:58.194 Number of processors: 2 586 0x603
23:13:58.194 ComputerName: SID-PC UserName: Sid
23:13:58.708 Initialize success
23:13:58.755 VM: initialized successfully
23:13:58.755 VM: Amd CPU BiosDisabled
23:14:03.057 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:14:03.072 Disk 0 Vendor: WDC_WD3200AAKS-00L6A0 01.03E01 Size: 305245MB BusType: 3
23:14:03.088 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006a
23:14:03.088 Disk 1 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
23:14:03.088 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006b
23:14:03.104 Disk 2 Vendor: WDC_WD12 08.0 Size: 114473MB BusType: 8
23:14:03.119 Disk 0 MBR read successfully
23:14:03.135 Disk 0 MBR scan
23:14:03.135 Disk 0 Windows 7 default MBR code
23:14:03.135 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
23:14:03.150 Disk 0 Boot: NTFS code=2
23:14:03.150 Disk 0 Partition - 00 0F Extended LBA 205236 MB offset 204796620
23:14:03.182 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 205236 MB offset 204796683
23:14:03.182 Disk 0 scanning C:\Windows\system32\drivers
23:14:09.406 Service scanning
23:14:19.624 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:14:22.916 Modules scanning
23:14:22.931 Disk 0 trace - called modules:
23:14:22.947 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069fd2c0]<<spaq.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:14:22.962 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a8a060]
23:14:22.962 3 CLASSPNP.SYS[fffff88001bb343f] -> nt!IofCallDriver -> [0xfffffa80078b0580]
23:14:22.962 5 ACPI.sys[fffff88000f6b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80078b2060]
23:14:22.978 \Driver\atapi[0xfffffa8007847280] -> IRP_MJ_CREATE -> 0xfffffa80069fd2c0
23:14:22.978 Disk 0 statistics 101483/0/0 @ 9,21 MB/s
23:14:22.978 Scan finished successfully
23:14:36.800 Disk 0 MBR has been saved successfully to "C:\Users\Sid\Desktop\MBR.dat"
23:14:36.831 The log file has been saved successfully to "C:\Users\Sid\Desktop\aswMBR.txt"
Run date: 2015-08-02 23:13:58
-----------------------------
23:13:58.194 OS Version: Windows x64 6.1.7601 Service Pack 1
23:13:58.194 Number of processors: 2 586 0x603
23:13:58.194 ComputerName: SID-PC UserName: Sid
23:13:58.708 Initialize success
23:13:58.755 VM: initialized successfully
23:13:58.755 VM: Amd CPU BiosDisabled
23:14:03.057 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:14:03.072 Disk 0 Vendor: WDC_WD3200AAKS-00L6A0 01.03E01 Size: 305245MB BusType: 3
23:14:03.088 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006a
23:14:03.088 Disk 1 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
23:14:03.088 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006b
23:14:03.104 Disk 2 Vendor: WDC_WD12 08.0 Size: 114473MB BusType: 8
23:14:03.119 Disk 0 MBR read successfully
23:14:03.135 Disk 0 MBR scan
23:14:03.135 Disk 0 Windows 7 default MBR code
23:14:03.135 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
23:14:03.150 Disk 0 Boot: NTFS code=2
23:14:03.150 Disk 0 Partition - 00 0F Extended LBA 205236 MB offset 204796620
23:14:03.182 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 205236 MB offset 204796683
23:14:03.182 Disk 0 scanning C:\Windows\system32\drivers
23:14:09.406 Service scanning
23:14:19.624 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:14:22.916 Modules scanning
23:14:22.931 Disk 0 trace - called modules:
23:14:22.947 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069fd2c0]<<spaq.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:14:22.962 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a8a060]
23:14:22.962 3 CLASSPNP.SYS[fffff88001bb343f] -> nt!IofCallDriver -> [0xfffffa80078b0580]
23:14:22.962 5 ACPI.sys[fffff88000f6b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80078b2060]
23:14:22.978 \Driver\atapi[0xfffffa8007847280] -> IRP_MJ_CREATE -> 0xfffffa80069fd2c0
23:14:22.978 Disk 0 statistics 101483/0/0 @ 9,21 MB/s
23:14:22.978 Scan finished successfully
23:14:36.800 Disk 0 MBR has been saved successfully to "C:\Users\Sid\Desktop\MBR.dat"
23:14:36.831 The log file has been saved successfully to "C:\Users\Sid\Desktop\aswMBR.txt"
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Vlož nový log z HJT + informuj o problémech.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:53:25, on 3.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
FIREFOX: 39.0 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Users\Sid\Desktop\DesktopOK.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Sid\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7980 bytes
Problémy zatím nevidím. Děkuju za trpělivost.
Scan saved at 13:53:25, on 3.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
FIREFOX: 39.0 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Users\Sid\Desktop\DesktopOK.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Sid\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7980 bytes
Problémy zatím nevidím. Děkuju za trpělivost.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu Vyřešeno
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 77 hostů