Kontrola logu a pc Vyřešeno
Re: Kontrola logu a pc
Ok, dojíždí mi MBAM a dodám pak zbytek.
Re: Kontrola logu a pc
MBAM detektovaných 0
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 3.8.2015
Èas skenování: 10:27
Protokol: MBAM.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.08.03.01
Databáze rootkitù: v2015.07.30.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: KAJA
Typ skenu: Sken hrozeb
Výsledek: Dokonèeno
Prohledaných objektù: 351634
Uplynulý èas: 26 min, 43 sek
Pamì�: Zapnuto
Po spuštìní: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíèe registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 3.8.2015
Èas skenování: 10:27
Protokol: MBAM.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.08.03.01
Databáze rootkitù: v2015.07.30.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: KAJA
Typ skenu: Sken hrozeb
Výsledek: Dokonèeno
Prohledaných objektù: 351634
Uplynulý èas: 26 min, 43 sek
Pamì�: Zapnuto
Po spuštìní: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíèe registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Re: Kontrola logu a pc
poslední log Roque...výkon stále 100%
RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : KAJA [Práva správce]
Started from : C:\Users\KAJA\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/03/2015 11:12:45
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 15 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP|Suspicious.Path|Keylogger] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BDMWrench_x64 (system32\DRIVERS\BDMWrench_x64.sys) -> Nalezeno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 213.46.172.36 213.46.172.37 ([CZECH REPUBLIC (CZ)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 910021828ca74b5f397a84def8ec3525
[BSP] 87b1c455795cf148ceb5af642eb58b8c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 304842 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : KAJA [Práva správce]
Started from : C:\Users\KAJA\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/03/2015 11:12:45
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 15 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP|Suspicious.Path|Keylogger] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BDMWrench_x64 (system32\DRIVERS\BDMWrench_x64.sys) -> Nalezeno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 213.46.172.36 213.46.172.37 ([CZECH REPUBLIC (CZ)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 910021828ca74b5f397a84def8ec3525
[BSP] 87b1c455795cf148ceb5af642eb58b8c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 304842 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Re: Kontrola logu a pc
Mám v roque něco smazat?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu a pc
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu a pc
Log Roque
RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : KAJA [Práva správce]
Started from : C:\Users\KAJA\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/04/2015 11:08:15
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 19 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP|Suspicious.Path|Keylogger] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BDMWrench_x64 (system32\DRIVERS\BDMWrench_x64.sys) -> Nalezeno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 213.46.172.36 213.46.172.37 ([CZECH REPUBLIC (CZ)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 910021828ca74b5f397a84def8ec3525
[BSP] 87b1c455795cf148ceb5af642eb58b8c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 304842 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : KAJA [Práva správce]
Started from : C:\Users\KAJA\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/04/2015 11:08:15
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 19 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP|Suspicious.Path|Keylogger] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bd0002 (system32\DRIVERS\bd0002.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BDMWrench_x64 (system32\DRIVERS\BDMWrench_x64.sys) -> Nalezeno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 213.46.172.36 213.46.172.37 ([CZECH REPUBLIC (CZ)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 910021828ca74b5f397a84def8ec3525
[BSP] 87b1c455795cf148ceb5af642eb58b8c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 304842 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Re: Kontrola logu a pc
log
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by KAJA on Łt 04.08.2015 at 11:17:06,44.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\KAJA\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
4.8.2015 11:18:18 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~3\ioloGovernor deleted successfully
C:\Users\KAJA\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\KAJA\AppData\Local\EmieSiteList deleted successfully
C:\Users\KAJA\AppData\Local\EmieUserList deleted successfully
C:\Users\KAJA\AppData\Local\Secunia PSI deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Windows\SysNative\config\systemprofile\Searches deleted
==== Chromium Look ======================
==== Chromium Startpages ======================
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Preferences
h":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\44.0.2403.125\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13083009700622303","lastpingday":"13083058804612331","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"cs","default_locale":"en","description":"RychlĂ˝ e-mail s moĹľnostĂ vyhledávánĂ a menšĂm mnoĹľstvĂm spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"ECD371CF676EC7C7DAD4725DE23619EC29CEF9E5DDDC08A1196BFA53A0FA18D9"},"default_search_provider":{"keyword":"2C684DCF08304031A6585E87FCB5B896E829F4A8E058CB9C1910A4B213106EE4","name":"72377A023396020D43BD3C8C2CE548FEEB99641605089E5306C2C0592B565095","search_url":"58CE3EF2749335C4222596E46703315DC3787A5E652E4D0382465AA572DC2EF8"},"default_search_provider_data":{"template_url_data":"2120F1AAF47B59A841C93B05573B10C4F805ED71CED0A1E366463C3AE1307A34"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"127BA5FD1E842207A3A00DBAA67A8058EC85E1067366D3B4E3FBDFB4E352A48A","ahfgeienlihckogmohjhadlkjgocpleb":"976ADB40FC86E553FBCA353A1B06A7C07C9853FC9176607B493CE5E448BC7B07","aohghmighlieiainnegkcijnfilokake":"6E6544B47B6C19DD7EADEF40CDBD812DA1B2C13D7EBED067EBBEFFE8F51C9C70","apdfllckaahabafndbhieahigkjlhalf":"2324DE116D37C55C97A379F1072D0682BE57FE56F38E00268DCB2229EA2F9398","bepbmhgboaologfdajaanbcjmnhjmhfn":"9B69B244756D412826356BBC8A2EFA3004433A76DB51FC7BE7834CC5D00CF02E","blpcfgokakmgnkcojhhkbfbldkacnbeo":"BADAF16AA50BC8B4FFA8BF175898B9B7B2B5E938F4600FAEA7D6790FE4AAE75F","cfhdojbkjhnklbpkdaibdccddilifddb":"FE7DF8C358555E18F371A757ED7AA19ED68E31FAEAE08E4317BAC1A8C6B9A56D","coobgpohoikkiipiblmjeljniedjpjpf":"B83ED26A3A1A2D762A80A22C14925567CBC1FC5632205CCA545721F6AF43AE7D","eemcgdkfndhakfknompkggombfjjjeno":"A29EC2795536B17BB5D0B56212D01CBA9CF7FA1E9B1DFCBC37B09A01FCACF1C9","ennkphjdgehloodpbhlhldgbnhmacadg":"664B3EF83371B5063E096BCEA138AAD27FEB189DF962B3C9DE862853E9E4F2F9","felcaaldnbdncclmgdcncolpebgiejap":"36B275A0619896A98B7A3EBC7827DF7DCF58F039683CD45D2689E957269564D6","gfdkimpbcpahaombhbimeihdjnejgicl":"4ABE5E9013C9B55F1CC16988138B01D4A646DE1DBB5B45F07CB55BDF21CA3603","kmendfapggjehodndflmmgagdbamhnfd":"A6C9F60760609868CBA467B00F791E3F95ED1040DCFC29569A74A884F4155FC4","mfehgcgbbipciphmccgaenjidiccnmng":"2BE2A827C2BEA519D0D14F8C27F3F8A1B1C3CBAC4C79D59CBADDF354909850D8","mfffpogegjflfpflabcdkioaeobkgjik":"9960DADAD5CFB87A702434108697C7D218483FB001C1046B3CFDD2DEC785545A","mgndgikekgjfcpckkfioiadnlibdjbkf":"8F0BBDEAE12C57E93AD901F9A74E8F3F2D2E814E4B3763F361E4F9173148878A","mhjfbmdgcfjbbpaeojofohoefgiehjai":"C009DC41FA9373F5AD4B134D200F7607E2BA403D4005C68DC821054ACFA5A41B","neajdppkdcdipfabeoofebfddakdcjhd":"5A4D19D641D3714C63B89D5A901C01A0BAC3788702D41A245C6BF181D631CFC5","nkeimhogjdpnpccoofpliimaahmaaome":"6AFE345132D1C64033161970795706E08C6FE15A91AF0DD5CD83945A4695A450","nmmhkkegccagdldgiimedpiccmgmieda":"145B8843273D8F50DFF4F812115171C9F9066B9BCF079632DD07BE27113DC5F3","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"000E7ADE28AEE47604EAAD64AEDEAA9E13C841EB234B3B71F12F9EF8A6C4FA2C","pjkljhegncpnkpknbcohdijeoejaedia":"33A635DAF4C9A4658072428FD522B85117560966248A7AE0E23D563FF736DD19"}},"google":{"services":{"account_id":"8C6A2103B5DBD9D7D3E35963240ECBE5D558B3DBE995A44CA7174E60AE6A6E4A","last_username":"396B81800E4C39B273E8B6A46EB7069DB9059C39CE0F0F2697BE909D2E1BA6F1","username":"D6A149E903984BF6E6E4848A5F1E2124FA7AEC364F4BBECB860CA62B5D994FC1"}},"homepage":"D98B2DBFCD43869C0A6CA118E2838947679D1DA65AE44515BFFEFAC861617A15","homepage_is_newtabpage":"AE3EDE7A532C33718BFE1C17EA8027A7B1E214F2E9065867D6DD109AE027EDB4","pinned_tabs":"D1E7473AB4941DE3FFA1325CE81F52556AFF94C788882CBD700B693C00C30797","prefs":{"preference_reset_time":"3E4A328C3C4931FB2FD0AA0CA48F4CD6E718A2E95E0CA5D676E69A48961A0384"},"profile":{"reset_prompt_memento":"41A7972CA29A14FFA17203F2CAE22E0FB6FF504093F2AEDD1C2AC2DFCD1AF0B5"},"safebrowsing":{"incidents_sent":"03EEC8D29C846D73DCF45AE40BBA64FDD470CF14FFF0E1F3E5A4950E189BECF1"},"search_provider_overrides":"A7956B8525F5DB7B9CE1623D5BD5026B1CBAE3AD4D8F8D74A65E6813BF63F6F6","session":{"restore_on_startup":"483B8E2DFE682FFF4D384D7493710A4277315B18A9B8F03BF86F902B95DDDCF2","startup_urls":"10BAA9794DB4F290CD1B6D3D64047F905671FDB837173EFBDA786B8A2F02641B"},"software_reporter":{"prompt_reason":"097C5C9096626931C37FBE25842C5280D8A1755D3DA4BB556540C4D165FEB584","prompt_seed":"94FD7FAC3F5D0405D72E15DD4A21464266BF270491311C32D882A16C3100D6AD","prompt_version":"A2DE1999408A929650D5582A37E56E661AB61C005964DF3B7DC298195E8BDC95"},"sync":{"remaining_rollback_tries":"D500343113897BDC27B912332418398A742BCED484528039333DC3D9A507F20D"}},"super_mac":"DF1454AC61765EC34367BDE198383AE07DB790A358817FC40706F456BFBE2710"}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KAJA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=4 folders=1 1131 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\KAJA\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\KAJA\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Łt 04.08.2015 at 12:13:05,16 ======================
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by KAJA on Łt 04.08.2015 at 11:17:06,44.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\KAJA\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
4.8.2015 11:18:18 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~3\ioloGovernor deleted successfully
C:\Users\KAJA\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\KAJA\AppData\Local\EmieSiteList deleted successfully
C:\Users\KAJA\AppData\Local\EmieUserList deleted successfully
C:\Users\KAJA\AppData\Local\Secunia PSI deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Windows\SysNative\config\systemprofile\Searches deleted
==== Chromium Look ======================
==== Chromium Startpages ======================
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Preferences
h":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\44.0.2403.125\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13083009700622303","lastpingday":"13083058804612331","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"cs","default_locale":"en","description":"RychlĂ˝ e-mail s moĹľnostĂ vyhledávánĂ a menšĂm mnoĹľstvĂm spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"ECD371CF676EC7C7DAD4725DE23619EC29CEF9E5DDDC08A1196BFA53A0FA18D9"},"default_search_provider":{"keyword":"2C684DCF08304031A6585E87FCB5B896E829F4A8E058CB9C1910A4B213106EE4","name":"72377A023396020D43BD3C8C2CE548FEEB99641605089E5306C2C0592B565095","search_url":"58CE3EF2749335C4222596E46703315DC3787A5E652E4D0382465AA572DC2EF8"},"default_search_provider_data":{"template_url_data":"2120F1AAF47B59A841C93B05573B10C4F805ED71CED0A1E366463C3AE1307A34"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"127BA5FD1E842207A3A00DBAA67A8058EC85E1067366D3B4E3FBDFB4E352A48A","ahfgeienlihckogmohjhadlkjgocpleb":"976ADB40FC86E553FBCA353A1B06A7C07C9853FC9176607B493CE5E448BC7B07","aohghmighlieiainnegkcijnfilokake":"6E6544B47B6C19DD7EADEF40CDBD812DA1B2C13D7EBED067EBBEFFE8F51C9C70","apdfllckaahabafndbhieahigkjlhalf":"2324DE116D37C55C97A379F1072D0682BE57FE56F38E00268DCB2229EA2F9398","bepbmhgboaologfdajaanbcjmnhjmhfn":"9B69B244756D412826356BBC8A2EFA3004433A76DB51FC7BE7834CC5D00CF02E","blpcfgokakmgnkcojhhkbfbldkacnbeo":"BADAF16AA50BC8B4FFA8BF175898B9B7B2B5E938F4600FAEA7D6790FE4AAE75F","cfhdojbkjhnklbpkdaibdccddilifddb":"FE7DF8C358555E18F371A757ED7AA19ED68E31FAEAE08E4317BAC1A8C6B9A56D","coobgpohoikkiipiblmjeljniedjpjpf":"B83ED26A3A1A2D762A80A22C14925567CBC1FC5632205CCA545721F6AF43AE7D","eemcgdkfndhakfknompkggombfjjjeno":"A29EC2795536B17BB5D0B56212D01CBA9CF7FA1E9B1DFCBC37B09A01FCACF1C9","ennkphjdgehloodpbhlhldgbnhmacadg":"664B3EF83371B5063E096BCEA138AAD27FEB189DF962B3C9DE862853E9E4F2F9","felcaaldnbdncclmgdcncolpebgiejap":"36B275A0619896A98B7A3EBC7827DF7DCF58F039683CD45D2689E957269564D6","gfdkimpbcpahaombhbimeihdjnejgicl":"4ABE5E9013C9B55F1CC16988138B01D4A646DE1DBB5B45F07CB55BDF21CA3603","kmendfapggjehodndflmmgagdbamhnfd":"A6C9F60760609868CBA467B00F791E3F95ED1040DCFC29569A74A884F4155FC4","mfehgcgbbipciphmccgaenjidiccnmng":"2BE2A827C2BEA519D0D14F8C27F3F8A1B1C3CBAC4C79D59CBADDF354909850D8","mfffpogegjflfpflabcdkioaeobkgjik":"9960DADAD5CFB87A702434108697C7D218483FB001C1046B3CFDD2DEC785545A","mgndgikekgjfcpckkfioiadnlibdjbkf":"8F0BBDEAE12C57E93AD901F9A74E8F3F2D2E814E4B3763F361E4F9173148878A","mhjfbmdgcfjbbpaeojofohoefgiehjai":"C009DC41FA9373F5AD4B134D200F7607E2BA403D4005C68DC821054ACFA5A41B","neajdppkdcdipfabeoofebfddakdcjhd":"5A4D19D641D3714C63B89D5A901C01A0BAC3788702D41A245C6BF181D631CFC5","nkeimhogjdpnpccoofpliimaahmaaome":"6AFE345132D1C64033161970795706E08C6FE15A91AF0DD5CD83945A4695A450","nmmhkkegccagdldgiimedpiccmgmieda":"145B8843273D8F50DFF4F812115171C9F9066B9BCF079632DD07BE27113DC5F3","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"000E7ADE28AEE47604EAAD64AEDEAA9E13C841EB234B3B71F12F9EF8A6C4FA2C","pjkljhegncpnkpknbcohdijeoejaedia":"33A635DAF4C9A4658072428FD522B85117560966248A7AE0E23D563FF736DD19"}},"google":{"services":{"account_id":"8C6A2103B5DBD9D7D3E35963240ECBE5D558B3DBE995A44CA7174E60AE6A6E4A","last_username":"396B81800E4C39B273E8B6A46EB7069DB9059C39CE0F0F2697BE909D2E1BA6F1","username":"D6A149E903984BF6E6E4848A5F1E2124FA7AEC364F4BBECB860CA62B5D994FC1"}},"homepage":"D98B2DBFCD43869C0A6CA118E2838947679D1DA65AE44515BFFEFAC861617A15","homepage_is_newtabpage":"AE3EDE7A532C33718BFE1C17EA8027A7B1E214F2E9065867D6DD109AE027EDB4","pinned_tabs":"D1E7473AB4941DE3FFA1325CE81F52556AFF94C788882CBD700B693C00C30797","prefs":{"preference_reset_time":"3E4A328C3C4931FB2FD0AA0CA48F4CD6E718A2E95E0CA5D676E69A48961A0384"},"profile":{"reset_prompt_memento":"41A7972CA29A14FFA17203F2CAE22E0FB6FF504093F2AEDD1C2AC2DFCD1AF0B5"},"safebrowsing":{"incidents_sent":"03EEC8D29C846D73DCF45AE40BBA64FDD470CF14FFF0E1F3E5A4950E189BECF1"},"search_provider_overrides":"A7956B8525F5DB7B9CE1623D5BD5026B1CBAE3AD4D8F8D74A65E6813BF63F6F6","session":{"restore_on_startup":"483B8E2DFE682FFF4D384D7493710A4277315B18A9B8F03BF86F902B95DDDCF2","startup_urls":"10BAA9794DB4F290CD1B6D3D64047F905671FDB837173EFBDA786B8A2F02641B"},"software_reporter":{"prompt_reason":"097C5C9096626931C37FBE25842C5280D8A1755D3DA4BB556540C4D165FEB584","prompt_seed":"94FD7FAC3F5D0405D72E15DD4A21464266BF270491311C32D882A16C3100D6AD","prompt_version":"A2DE1999408A929650D5582A37E56E661AB61C005964DF3B7DC298195E8BDC95"},"sync":{"remaining_rollback_tries":"D500343113897BDC27B912332418398A742BCED484528039333DC3D9A507F20D"}},"super_mac":"DF1454AC61765EC34367BDE198383AE07DB790A358817FC40706F456BFBE2710"}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KAJA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=4 folders=1 1131 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\KAJA\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\KAJA\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Łt 04.08.2015 at 12:13:05,16 ======================
Re: Kontrola logu a pc
log combo
ComboFix 15-08-03.01 - KAJA 04.08.2015 12:43:58.1.1 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2937.1115 [GMT 2:00]
Spuštěný z: c:\users\KAJA\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-04 do 2015-08-04 )))))))))))))))))))))))))))))))
.
.
2015-08-04 11:33 . 2015-08-04 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-04 09:45 . 2015-08-04 09:16 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-04 09:45 . 2015-08-04 11:37 -------- d-----w- c:\users\KAJA\AppData\Local\Temp
2015-08-04 09:16 . 2015-08-04 09:40 -------- d-----w- C:\zoek_backup
2015-08-03 09:24 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{897D19E6-32A8-41CE-A56E-235E155DB5AA}\mpengine.dll
2015-08-03 08:57 . 2015-08-04 08:58 -------- d-----w- c:\programdata\RogueKiller
2015-08-03 08:14 . 2015-08-03 08:14 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-02 20:12 . 2015-08-02 20:12 -------- d-----w- c:\users\KAJA\AppData\Local\CEF
2015-08-02 20:08 . 2015-08-02 20:12 -------- d-----w- c:\users\KAJA\AppData\Local\Adobe
2015-08-02 19:52 . 2015-08-02 19:52 -------- d-----w- c:\program files (x86)\Secunia
2015-08-02 19:01 . 2015-08-03 08:12 -------- d-----w- C:\AdwCleaner
2015-08-02 08:13 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-29 06:21 . 2015-07-29 06:21 -------- d-----w- C:\809ec74dcd5ce2a484
2015-07-24 08:16 . 2015-07-24 08:16 -------- d-----w- c:\program files (x86)\AAC Player
2015-07-24 08:13 . 2015-07-24 08:13 -------- d-----w- c:\users\KAJA\AppData\Roaming\IsolatedStorage
2015-07-24 08:08 . 2015-07-24 08:08 -------- d-----w- C:\Spacekace
2015-07-18 07:01 . 2015-07-01 09:33 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D71AF8F2-5F96-410F-8CE9-1499B1C9AFA9}\gapaengine.dll
2015-07-06 19:07 . 2015-07-06 19:07 -------- d-----w- C:\38cfb5a85c6a9e4ce7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-04 08:59 . 2015-06-29 22:20 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-03 08:27 . 2014-07-23 20:59 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-02 22:40 . 2015-06-23 07:30 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-02 22:40 . 2015-06-23 07:30 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-01 09:33 . 2014-12-18 11:24 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-07-01 09:07 . 2015-07-01 09:07 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2015-06-21 08:35 . 2015-02-27 15:40 73728 ----a-w- c:\windows\SysWow64\tasks.dll
2015-06-18 06:41 . 2014-07-23 20:58 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-07-23 20:58 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-07-23 20:58 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-01 19:16 . 2015-06-23 08:00 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-23 08:00 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-26 22:04 . 2014-07-23 20:19 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:24 . 2015-06-23 08:05 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-23 08:05 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-23 08:05 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-23 08:05 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-23 08:05 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-23 08:05 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-23 08:04 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-23 08:05 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-23 08:05 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-23 08:05 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-23 08:05 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-23 08:05 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-23 08:05 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-23 08:04 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-23 08:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-23 08:05 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-23 08:04 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-23 08:04 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-23 08:05 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-23 08:05 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-23 08:05 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-23 08:04 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-23 08:05 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-23 08:05 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-23 08:05 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:19 . 2015-06-23 08:05 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:18 . 2015-06-23 08:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-23 08:04 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-23 08:05 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-23 08:05 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-23 08:05 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-23 08:05 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-23 08:05 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-23 08:05 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-23 08:05 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-23 08:05 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-23 08:04 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-23 08:05 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-23 08:05 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-23 08:04 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-23 08:04 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-23 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:05 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-23 08:05 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-23 08:05 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-23 08:05 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-23 08:05 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-23 08:05 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-23 08:05 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-23 08:04 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-23 08:05 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-23 08:05 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-23 08:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-23 08:05 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-23 08:04 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-23 08:05 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-23 08:05 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-23 08:04 17408 ----a-w- c:\windows\SysWow64\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2014-11-28 591576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R4 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-02 17:16 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23 22:40]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02 17:14]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02 17:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-29 1794856]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Search_URL = 68007400740070003a002f002f007700770077002e006d006900630072006f0073006f00660074002e0063006f006d002f00690073006100700069002f00720065006400690072002e0064006c006c003f007000720064003d00690065002600610072003d00690065007300650061007200630068000000
mDefault_Page_URL = 68007400740070003a002f002f007700770077002e006d006900630072006f0073006f00660074002e0063006f006d002f00690073006100700069002f00720065006400690072002e0064006c006c003f007000720064003d0069006500260070007600650072003d0036002600610072003d006d0073006e0068006f006d0065000000
mSearch Page = 68007400740070003a002f002f0067006f002e006d006900630072006f0073006f00660074002e0063006f006d002f00660077006c0069006e006b002f003f004c0069006e006b00490064003d00350034003800390036000000
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.88.1.2 10.89.1.2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - (no file)
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Celkový čas: 2015-08-04 13:43:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-04 11:43
.
Před spuštěním: Volných bajtů: 272 742 719 488
Po spuštění: Volných bajtů: 272 474 533 888
.
- - End Of File - - 2E9303F62A59C796FDCF4DEC134D2EA3
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 15-08-03.01 - KAJA 04.08.2015 12:43:58.1.1 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2937.1115 [GMT 2:00]
Spuštěný z: c:\users\KAJA\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-04 do 2015-08-04 )))))))))))))))))))))))))))))))
.
.
2015-08-04 11:33 . 2015-08-04 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-04 09:45 . 2015-08-04 09:16 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-04 09:45 . 2015-08-04 11:37 -------- d-----w- c:\users\KAJA\AppData\Local\Temp
2015-08-04 09:16 . 2015-08-04 09:40 -------- d-----w- C:\zoek_backup
2015-08-03 09:24 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{897D19E6-32A8-41CE-A56E-235E155DB5AA}\mpengine.dll
2015-08-03 08:57 . 2015-08-04 08:58 -------- d-----w- c:\programdata\RogueKiller
2015-08-03 08:14 . 2015-08-03 08:14 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-02 20:12 . 2015-08-02 20:12 -------- d-----w- c:\users\KAJA\AppData\Local\CEF
2015-08-02 20:08 . 2015-08-02 20:12 -------- d-----w- c:\users\KAJA\AppData\Local\Adobe
2015-08-02 19:52 . 2015-08-02 19:52 -------- d-----w- c:\program files (x86)\Secunia
2015-08-02 19:01 . 2015-08-03 08:12 -------- d-----w- C:\AdwCleaner
2015-08-02 08:13 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-29 06:21 . 2015-07-29 06:21 -------- d-----w- C:\809ec74dcd5ce2a484
2015-07-24 08:16 . 2015-07-24 08:16 -------- d-----w- c:\program files (x86)\AAC Player
2015-07-24 08:13 . 2015-07-24 08:13 -------- d-----w- c:\users\KAJA\AppData\Roaming\IsolatedStorage
2015-07-24 08:08 . 2015-07-24 08:08 -------- d-----w- C:\Spacekace
2015-07-18 07:01 . 2015-07-01 09:33 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D71AF8F2-5F96-410F-8CE9-1499B1C9AFA9}\gapaengine.dll
2015-07-06 19:07 . 2015-07-06 19:07 -------- d-----w- C:\38cfb5a85c6a9e4ce7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-04 08:59 . 2015-06-29 22:20 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-03 08:27 . 2014-07-23 20:59 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-02 22:40 . 2015-06-23 07:30 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-02 22:40 . 2015-06-23 07:30 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-01 09:33 . 2014-12-18 11:24 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-07-01 09:07 . 2015-07-01 09:07 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2015-06-21 08:35 . 2015-02-27 15:40 73728 ----a-w- c:\windows\SysWow64\tasks.dll
2015-06-18 06:41 . 2014-07-23 20:58 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-07-23 20:58 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-07-23 20:58 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-01 19:16 . 2015-06-23 08:00 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-23 08:00 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-26 22:04 . 2014-07-23 20:19 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:24 . 2015-06-23 08:05 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-23 08:05 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-23 08:05 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-23 08:05 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-23 08:05 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-23 08:05 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-23 08:04 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-23 08:05 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-23 08:05 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-23 08:05 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-23 08:05 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-23 08:05 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-23 08:05 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-23 08:04 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-23 08:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-23 08:05 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-23 08:04 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-23 08:04 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-23 08:05 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-23 08:05 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-23 08:05 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-23 08:04 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-23 08:05 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-23 08:05 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-23 08:05 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:19 . 2015-06-23 08:05 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:18 . 2015-06-23 08:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-23 08:04 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-23 08:05 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-23 08:05 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-23 08:05 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-23 08:05 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-23 08:05 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-23 08:05 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-23 08:05 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-23 08:05 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-23 08:04 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-23 08:05 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-23 08:05 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-23 08:04 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-23 08:04 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-23 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-23 08:05 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-23 08:05 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-23 08:05 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-23 08:05 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-23 08:05 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-23 08:05 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-23 08:05 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-23 08:04 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-23 08:05 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-23 08:05 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-23 08:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-23 08:05 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-23 08:04 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-23 08:05 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-23 08:05 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-23 08:04 17408 ----a-w- c:\windows\SysWow64\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2014-11-28 591576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R4 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-02 17:16 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23 22:40]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02 17:14]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02 17:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-29 1794856]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Search_URL = 68007400740070003a002f002f007700770077002e006d006900630072006f0073006f00660074002e0063006f006d002f00690073006100700069002f00720065006400690072002e0064006c006c003f007000720064003d00690065002600610072003d00690065007300650061007200630068000000
mDefault_Page_URL = 68007400740070003a002f002f007700770077002e006d006900630072006f0073006f00660074002e0063006f006d002f00690073006100700069002f00720065006400690072002e0064006c006c003f007000720064003d0069006500260070007600650072003d0036002600610072003d006d0073006e0068006f006d0065000000
mSearch Page = 68007400740070003a002f002f0067006f002e006d006900630072006f0073006f00660074002e0063006f006d002f00660077006c0069006e006b002f003f004c0069006e006b00490064003d00350034003800390036000000
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.88.1.2 10.89.1.2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - (no file)
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Celkový čas: 2015-08-04 13:43:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-04 11:43
.
Před spuštěním: Volných bajtů: 272 742 719 488
Po spuštění: Volných bajtů: 272 474 533 888
.
- - End Of File - - 2E9303F62A59C796FDCF4DEC134D2EA3
A36C5E4F47E84449FF07ED3517B43A31
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu a pc
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\SysWow64\mfc45.dat
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\SysWow64\mfc45.dat
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu a pc
RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : KAJA [Práva správce]
Started from : C:\Users\KAJA\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 08/04/2015 15:59:53
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([X][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([X][(Private Address) (XX)]) -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhostSmazáno
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 910021828ca74b5f397a84def8ec3525
[BSP] 87b1c455795cf148ceb5af642eb58b8c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 304842 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : KAJA [Práva správce]
Started from : C:\Users\KAJA\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 08/04/2015 15:59:53
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([X][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([(Private Address) (XX)][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 10.88.1.2 10.89.1.2 ([X][(Private Address) (XX)]) -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhostSmazáno
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 910021828ca74b5f397a84def8ec3525
[BSP] 87b1c455795cf148ceb5af642eb58b8c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 304842 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Re: Kontrola logu a pc
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-08-04 16:21:34
-----------------------------
16:21:34.062 OS Version: Windows x64 6.1.7601 Service Pack 1
16:21:34.062 Number of processors: 1 586 0x170A
16:21:34.064 ComputerName: KAJA-PC UserName: KAJA
16:21:34.997 Initialize success
16:21:35.046 VM: initialized successfully
16:21:35.048 VM: Intel CPU virtualization not supported
16:21:46.550 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:21:46.558 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
16:21:46.690 Disk 0 MBR read successfully
16:21:46.694 Disk 0 MBR scan
16:21:46.699 Disk 0 Windows 7 default MBR code
16:21:46.715 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
16:21:46.721 Disk 0 Boot: NTFS code=2
16:21:46.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304842 MB offset 821248
16:21:46.760 Disk 0 scanning C:\Windows\system32\drivers
16:21:52.835 Service scanning
16:22:16.853 Modules scanning
16:22:16.867 Disk 0 trace - called modules:
16:22:17.237 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys
16:22:17.244 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002ee5060]
16:22:17.252 3 CLASSPNP.SYS[fffff88001b3843f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8002ee2060]
16:22:17.260 5 thpdrv.sys[fffff8800144ecc0] -> nt!IofCallDriver -> [0xfffffa8002d37e40]
16:22:17.269 7 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8002d36050]
16:22:17.277 Disk 0 statistics 97192/0/0 @ 8,50 MB/s
16:22:17.286 Scan finished successfully
16:22:34.338 Disk 0 MBR has been saved successfully to "C:\Users\KAJA\Desktop\MBR.dat"
16:22:34.350 The log file has been saved successfully to "C:\Users\KAJA\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-08-04 16:23:59
-----------------------------
16:23:59.375 OS Version: Windows x64 6.1.7601 Service Pack 1
16:23:59.375 Number of processors: 1 586 0x170A
16:23:59.375 ComputerName: KAJA-PC UserName: KAJA
16:24:00.030 Initialize success
16:24:00.030 VM: initialized successfully
16:24:00.046 VM: Intel CPU virtualization not supported
16:24:03.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:24:03.677 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
16:24:03.818 Disk 0 MBR read successfully
16:24:03.818 Disk 0 MBR scan
16:24:03.833 Disk 0 Windows 7 default MBR code
16:24:03.849 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
16:24:03.849 Disk 0 Boot: NTFS code=2
16:24:03.880 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304842 MB offset 821248
16:24:03.958 Disk 0 scanning C:\Windows\system32\drivers
16:24:04.005 Scanning: C:\Windows\system32\drivers\1394bus.sys
16:24:07.016 Disk 0 statistics 1842/0/0 @ 2,87 MB/s
16:24:07.016 Scan stopped
16:24:20.057 Disk 0 MBR has been saved successfully to "C:\Users\KAJA\Desktop\MBR.dat"
16:24:20.057 The log file has been saved successfully to "C:\Users\KAJA\Desktop\aswMBR.txt"
Run date: 2015-08-04 16:21:34
-----------------------------
16:21:34.062 OS Version: Windows x64 6.1.7601 Service Pack 1
16:21:34.062 Number of processors: 1 586 0x170A
16:21:34.064 ComputerName: KAJA-PC UserName: KAJA
16:21:34.997 Initialize success
16:21:35.046 VM: initialized successfully
16:21:35.048 VM: Intel CPU virtualization not supported
16:21:46.550 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:21:46.558 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
16:21:46.690 Disk 0 MBR read successfully
16:21:46.694 Disk 0 MBR scan
16:21:46.699 Disk 0 Windows 7 default MBR code
16:21:46.715 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
16:21:46.721 Disk 0 Boot: NTFS code=2
16:21:46.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304842 MB offset 821248
16:21:46.760 Disk 0 scanning C:\Windows\system32\drivers
16:21:52.835 Service scanning
16:22:16.853 Modules scanning
16:22:16.867 Disk 0 trace - called modules:
16:22:17.237 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys
16:22:17.244 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002ee5060]
16:22:17.252 3 CLASSPNP.SYS[fffff88001b3843f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8002ee2060]
16:22:17.260 5 thpdrv.sys[fffff8800144ecc0] -> nt!IofCallDriver -> [0xfffffa8002d37e40]
16:22:17.269 7 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8002d36050]
16:22:17.277 Disk 0 statistics 97192/0/0 @ 8,50 MB/s
16:22:17.286 Scan finished successfully
16:22:34.338 Disk 0 MBR has been saved successfully to "C:\Users\KAJA\Desktop\MBR.dat"
16:22:34.350 The log file has been saved successfully to "C:\Users\KAJA\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-08-04 16:23:59
-----------------------------
16:23:59.375 OS Version: Windows x64 6.1.7601 Service Pack 1
16:23:59.375 Number of processors: 1 586 0x170A
16:23:59.375 ComputerName: KAJA-PC UserName: KAJA
16:24:00.030 Initialize success
16:24:00.030 VM: initialized successfully
16:24:00.046 VM: Intel CPU virtualization not supported
16:24:03.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:24:03.677 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
16:24:03.818 Disk 0 MBR read successfully
16:24:03.818 Disk 0 MBR scan
16:24:03.833 Disk 0 Windows 7 default MBR code
16:24:03.849 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
16:24:03.849 Disk 0 Boot: NTFS code=2
16:24:03.880 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304842 MB offset 821248
16:24:03.958 Disk 0 scanning C:\Windows\system32\drivers
16:24:04.005 Scanning: C:\Windows\system32\drivers\1394bus.sys
16:24:07.016 Disk 0 statistics 1842/0/0 @ 2,87 MB/s
16:24:07.016 Scan stopped
16:24:20.057 Disk 0 MBR has been saved successfully to "C:\Users\KAJA\Desktop\MBR.dat"
16:24:20.057 The log file has been saved successfully to "C:\Users\KAJA\Desktop\aswMBR.txt"
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 27 hostů