Dobrý den,
prosím o kontrolu logu.
Můj syn přes veškerá varování stahoval na svém PC různé hry a začala mu na ploše opakovaně problikávat systémová okna procesu cmd.exe.
Počítač byl téměř nepoužitelný, zpomalený a neobvykle se zahříval.
Děkuji předem za pomoc.
Nancy
Log HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:42:06, on 6.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
FIREFOX: 39.0 (x86 cs)
Boot mode: Normal
Running processes:
C:\Users\Domácí\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: inet32g.exe
O4 - Startup: ntchk32.exe
O4 - Startup: winupd32c.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iWinTrusted - Unknown owner - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Death to Spies Drivers Auto Removal (pr2apc6b) (pr2apc6b) - Unknown owner - C:\Windows\system32\pr2apc6b.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8241 bytes
Provedla jsem nějaké skeny a pak udělala log HijackJack.
TFC - po kontrole se stav zlepšil, po restartu se vše opakovalo.
AdwCleaner by Xplode
# AdwCleaner v4.208 - Log vytvořen 06/08/2015 v 19:33:59
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-08-01.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Domácí - DOMÁCÍ-PC
# Spuštěno z : C:\Users\Domácí\Desktop\AdwCleaner.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17909
-\\ Mozilla Firefox v39.0 (x86 cs)
-\\ Google Chrome v44.0.2403.125
-\\ Opera v31.0.1889.99
*************************
AdwCleaner[R0].txt - [6153 bytů] - [06/08/2015 16:13:22]
AdwCleaner[R1].txt - [6211 bytů] - [06/08/2015 17:21:05]
AdwCleaner[R2].txt - [381 bytů] - [06/08/2015 17:33:52]
AdwCleaner[R3].txt - [1057 bytů] - [06/08/2015 19:30:39]
AdwCleaner[S0].txt - [5670 bytů] - [06/08/2015 17:28:01]
AdwCleaner[S1].txt - [984 bytů] - [06/08/2015 19:33:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1041 bytů] ##########
Sken programem Malwarebytes.
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 6.8.2015
Čas skenování: 20:01
Protokol: Log_3malwarebytes.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.08.06.06
Databáze rootkitů: v2015.08.04.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Domácí
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 357337
Uplynulý čas: 22 min, 38 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
PUP.Optional.Multiplug, C:\Users\Domácí\Downloads\Spore Game (1).zip, , [544aad584348ee48fb64a22ab34ef60a],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe Vyřešeno
Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
Naposledy upravil(a) Orcus dne 06 srp 2015 21:45, celkem upraveno 1 x.
Důvod: Odmazány spoilery. :-)
Důvod: Odmazány spoilery. :-)
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - vyskakuje systémové okno cmd.exe
Ahoj,
logy nedávej prosím do spoileru.
- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
====================================================
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
====================================================
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
logy nedávej prosím do spoileru.
- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
====================================================
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
====================================================
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
Upozornění na spojlery beru na vědomí
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 6.8.2015
Čas skenování: 22:48
Protokol: Log_malwarebytes4.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.08.06.06
Databáze rootkitů: v2015.08.04.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Domácí
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 357381
Uplynulý čas: 20 min, 41 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dom cˇ on źt 06.08.2015 at 23:16:35,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\Dom cˇ\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\Dom cˇ\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Users\Dom cˇ\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\statfoobar
Successfully deleted: [Folder] C:\Windows\SysWOW64\amd64
Successfully deleted: [Folder] C:\Windows\SysWOW64\x86
~~~ FireFox
Emptied folder: C:\Users\Dom cˇ\AppData\Roaming\mozilla\firefox\profiles\5cas14th.default-1437122688180\minidumps [1 files]
~~~ Chrome
[C:\Users\Dom cˇ\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Dom cˇ\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Dom cˇ\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Dom cˇ\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
ogminpmldncgcmokldnmmapddoccmhfl
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 06.08.2015 at 23:25:05,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Domácí [Práva správce]
Started from : C:\Users\Domácí\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/06/2015 23:37:47
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
¤¤¤ Úlohy : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\MyCoach.job -- c:\programdata\{8d269725-eb40-f887-8d26-69725eb45c97}\blackhole free download.exe (--startup=1 --single) -> Nalezeno
[Suspicious.Path] %WINDIR%\Tasks\SunRun.job -- c:\programdata\{ca30efd0-0bac-18c3-ca30-0efd00babf40}\spore game.exe (--startup=1 --single) -> Nalezeno
[Suspicious.Path] \MyCoach -- c:\programdata\{8d269725-eb40-f887-8d26-69725eb45c97}\blackhole free download.exe (--startup=1 --single) -> Nalezeno
[Suspicious.Path] \SunRun -- c:\programdata\{ca30efd0-0bac-18c3-ca30-0efd00babf40}\spore game.exe (--startup=1 --single) -> Nalezeno
¤¤¤ Soubory : 2 ¤¤¤
[Suspicious.Path|Suspicious.Startup|VT.HEUR:Trojan.Win32.Generic][Soubor] C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inet32g.exe -> Nalezeno
[Suspicious.Path|Suspicious.Startup|VT.HEUR:Trojan.Win32.Generic][Soubor] C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd32c.exe -> Nalezeno
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUP][FIREFX:Addon] 5cas14th.default-1437122688180 : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD321KJ ATA Device +++++
--- User ---
[MBR] 1d5719f9ddd28d58e7f65baeb3c053e6
[BSP] 7ef033ea6408f35490ad33c08e536a06 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 6.8.2015
Čas skenování: 22:48
Protokol: Log_malwarebytes4.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.08.06.06
Databáze rootkitů: v2015.08.04.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Domácí
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 357381
Uplynulý čas: 20 min, 41 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dom cˇ on źt 06.08.2015 at 23:16:35,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\Dom cˇ\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\Dom cˇ\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Users\Dom cˇ\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\statfoobar
Successfully deleted: [Folder] C:\Windows\SysWOW64\amd64
Successfully deleted: [Folder] C:\Windows\SysWOW64\x86
~~~ FireFox
Emptied folder: C:\Users\Dom cˇ\AppData\Roaming\mozilla\firefox\profiles\5cas14th.default-1437122688180\minidumps [1 files]
~~~ Chrome
[C:\Users\Dom cˇ\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Dom cˇ\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Dom cˇ\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Dom cˇ\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
ogminpmldncgcmokldnmmapddoccmhfl
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 06.08.2015 at 23:25:05,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Domácí [Práva správce]
Started from : C:\Users\Domácí\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/06/2015 23:37:47
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nalezeno
¤¤¤ Úlohy : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\MyCoach.job -- c:\programdata\{8d269725-eb40-f887-8d26-69725eb45c97}\blackhole free download.exe (--startup=1 --single) -> Nalezeno
[Suspicious.Path] %WINDIR%\Tasks\SunRun.job -- c:\programdata\{ca30efd0-0bac-18c3-ca30-0efd00babf40}\spore game.exe (--startup=1 --single) -> Nalezeno
[Suspicious.Path] \MyCoach -- c:\programdata\{8d269725-eb40-f887-8d26-69725eb45c97}\blackhole free download.exe (--startup=1 --single) -> Nalezeno
[Suspicious.Path] \SunRun -- c:\programdata\{ca30efd0-0bac-18c3-ca30-0efd00babf40}\spore game.exe (--startup=1 --single) -> Nalezeno
¤¤¤ Soubory : 2 ¤¤¤
[Suspicious.Path|Suspicious.Startup|VT.HEUR:Trojan.Win32.Generic][Soubor] C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inet32g.exe -> Nalezeno
[Suspicious.Path|Suspicious.Startup|VT.HEUR:Trojan.Win32.Generic][Soubor] C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd32c.exe -> Nalezeno
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUP][FIREFX:Addon] 5cas14th.default-1437122688180 : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD321KJ ATA Device +++++
--- User ---
[MBR] 1d5719f9ddd28d58e7f65baeb3c053e6
[BSP] 7ef033ea6408f35490ad33c08e536a06 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
O4 - Startup: inet32g.exe
O4 - Startup: ntchk32.exe
O4 - Startup: winupd32c.exe
později to fixneme..
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
O4 - Startup: ntchk32.exe
O4 - Startup: winupd32c.exe
později to fixneme..
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
Problémy:
- vyskakují okna: chyba aplikace, interakce na adrese ....
- nefungují prohlížeče (chrome, explorer, firefox) - dala jsem zatržítko při kontrole RK také u web.prohlížečů, "něco" tam našel - to byla asi chyba nebo se mýlím?
- počítač je pomalejší, stále něco chroustá a v krátkých intervalech se intenzivně se chladí
p.s. chci se dodatečně zeptat, jak se zbavit reklamy jako takové a vyskakovacích oken s reklamou - zakázat vyskakovací okna?
Původně se nic takového nedělo a já netuším, co všechno syn "pořešil" a co natáhl do pc :roll
===============================================================================================================
edit.:
- pc jsem ještě jednou restartovala a prohlížeče fungují
- deaktivovala jsem v rozšíření Chrome jakýsi paskvil BlockIt Ad remover a reklamy zmizely
- chroustání ustalo a zběsilý ventilátor se uklidnil
==============================================================================================================
RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Domácí [Práva správce]
Started from : C:\Users\Domácí\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 08/07/2015 11:43:51
¤¤¤ Procesy : 2 ¤¤¤
[Suspicious.Path] DismHost.exe(8908) -- C:\Windows\Temp\1195B5FE-E367-4E05-8976-EEDBC5D4C7A8\DismHost.exe[x] -> Zastaveno [TermThr]
[Suspicious.Path|VT.HEUR:Trojan.Win32.Generic] inet32g.exe(2960) -- C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inet32g.exe[-] -> Zastaveno [TermProc]
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
¤¤¤ Úlohy : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\MyCoach.job -- c:\programdata\{8d269725-eb40-f887-8d26-69725eb45c97}\blackhole free download.exe (--startup=1 --single) -> Smazáno
[Suspicious.Path] %WINDIR%\Tasks\SunRun.job -- c:\programdata\{ca30efd0-0bac-18c3-ca30-0efd00babf40}\spore game.exe (--startup=1 --single) -> Smazáno
[Suspicious.Path] \MyCoach -- c:\programdata\{8d269725-eb40-f887-8d26-69725eb45c97}\blackhole free download.exe (--startup=1 --single) -> Smazáno
[Suspicious.Path] \SunRun -- c:\programdata\{ca30efd0-0bac-18c3-ca30-0efd00babf40}\spore game.exe (--startup=1 --single) -> ERROR [0]
¤¤¤ Soubory : 2 ¤¤¤
[Suspicious.Path|Suspicious.Startup|VT.HEUR:Trojan.Win32.Generic][Soubor] C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inet32g.exe -> Smazáno
[Suspicious.Path|Suspicious.Startup|VT.HEUR:Trojan.Win32.Generic][Soubor] C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd32c.exe -> Smazáno
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUP][FIREFX:Addon] 5cas14th.default-1437122688180 : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Dom cˇ on p 07.08.2015 at 11:53:48,95.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\DOMC~1\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
7.8.2015 11:58:28 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\duke3d deleted successfully
C:\PROGRA~2\NewGen deleted successfully
C:\PROGRA~2\StrengthPlus deleted successfully
C:\PROGRA~2\TampaEdit deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\DOMC~1\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\prefs.js:
Added to C:\Users\DOMC~1\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\duke3d not found
C:\PROGRA~2\NewGen not found
C:\PROGRA~2\StrengthPlus not found
C:\PROGRA~2\TampaEdit not found
C:\PROGRA~2\SystemHelp deleted
C:\PROGRA~2\Bitly Unleash the power of the link deleted
C:\PROGRA~2\Stylish Themes Stylish Theming Gallery App deleted
C:\found.000 deleted
C:\Users\Public\inject.exe deleted
C:\Users\Public\RegSetup.exe deleted
C:\Users\Public\STARTW.EXE deleted
C:\Users\Public\uhcls.exe deleted
C:\Users\Public\unpack.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\DOMC~1\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11 folders=5 2712241 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:39:26, on 7.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
FIREFOX: 39.0 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntchk32.exe
C:\Users\Domácí\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: ntchk32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iWinTrusted - Unknown owner - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Death to Spies Drivers Auto Removal (pr2apc6b) (pr2apc6b) - Unknown owner - C:\Windows\system32\pr2apc6b.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8372 bytes
- vyskakují okna: chyba aplikace, interakce na adrese ....
- nefungují prohlížeče (chrome, explorer, firefox) - dala jsem zatržítko při kontrole RK také u web.prohlížečů, "něco" tam našel - to byla asi chyba nebo se mýlím?
- počítač je pomalejší, stále něco chroustá a v krátkých intervalech se intenzivně se chladí
p.s. chci se dodatečně zeptat, jak se zbavit reklamy jako takové a vyskakovacích oken s reklamou - zakázat vyskakovací okna?
Původně se nic takového nedělo a já netuším, co všechno syn "pořešil" a co natáhl do pc :roll
===============================================================================================================
edit.:
- pc jsem ještě jednou restartovala a prohlížeče fungují
- deaktivovala jsem v rozšíření Chrome jakýsi paskvil BlockIt Ad remover a reklamy zmizely
- chroustání ustalo a zběsilý ventilátor se uklidnil
==============================================================================================================
RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Domácí [Práva správce]
Started from : C:\Users\Domácí\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 08/07/2015 11:43:51
¤¤¤ Procesy : 2 ¤¤¤
[Suspicious.Path] DismHost.exe(8908) -- C:\Windows\Temp\1195B5FE-E367-4E05-8976-EEDBC5D4C7A8\DismHost.exe[x] -> Zastaveno [TermThr]
[Suspicious.Path|VT.HEUR:Trojan.Win32.Generic] inet32g.exe(2960) -- C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inet32g.exe[-] -> Zastaveno [TermProc]
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{358C878F-D390-46A2-9F71-6E85342CEB23} | DhcpNameServer : 10.100.1.234 8.8.8.8 ([(Private Address) (XX)][-]) -> Nahrazeno ()
¤¤¤ Úlohy : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\MyCoach.job -- c:\programdata\{8d269725-eb40-f887-8d26-69725eb45c97}\blackhole free download.exe (--startup=1 --single) -> Smazáno
[Suspicious.Path] %WINDIR%\Tasks\SunRun.job -- c:\programdata\{ca30efd0-0bac-18c3-ca30-0efd00babf40}\spore game.exe (--startup=1 --single) -> Smazáno
[Suspicious.Path] \MyCoach -- c:\programdata\{8d269725-eb40-f887-8d26-69725eb45c97}\blackhole free download.exe (--startup=1 --single) -> Smazáno
[Suspicious.Path] \SunRun -- c:\programdata\{ca30efd0-0bac-18c3-ca30-0efd00babf40}\spore game.exe (--startup=1 --single) -> ERROR [0]
¤¤¤ Soubory : 2 ¤¤¤
[Suspicious.Path|Suspicious.Startup|VT.HEUR:Trojan.Win32.Generic][Soubor] C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inet32g.exe -> Smazáno
[Suspicious.Path|Suspicious.Startup|VT.HEUR:Trojan.Win32.Generic][Soubor] C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd32c.exe -> Smazáno
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUP][FIREFX:Addon] 5cas14th.default-1437122688180 : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Dom cˇ on p 07.08.2015 at 11:53:48,95.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\DOMC~1\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
7.8.2015 11:58:28 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\duke3d deleted successfully
C:\PROGRA~2\NewGen deleted successfully
C:\PROGRA~2\StrengthPlus deleted successfully
C:\PROGRA~2\TampaEdit deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\DOMC~1\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\prefs.js:
Added to C:\Users\DOMC~1\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\duke3d not found
C:\PROGRA~2\NewGen not found
C:\PROGRA~2\StrengthPlus not found
C:\PROGRA~2\TampaEdit not found
C:\PROGRA~2\SystemHelp deleted
C:\PROGRA~2\Bitly Unleash the power of the link deleted
C:\PROGRA~2\Stylish Themes Stylish Theming Gallery App deleted
C:\found.000 deleted
C:\Users\Public\inject.exe deleted
C:\Users\Public\RegSetup.exe deleted
C:\Users\Public\STARTW.EXE deleted
C:\Users\Public\uhcls.exe deleted
C:\Users\Public\unpack.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\DOMC~1\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11 folders=5 2712241 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:39:26, on 7.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
FIREFOX: 39.0 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Domácí\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntchk32.exe
C:\Users\Domácí\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: ntchk32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iWinTrusted - Unknown owner - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Death to Spies Drivers Auto Removal (pr2apc6b) (pr2apc6b) - Unknown owner - C:\Windows\system32\pr2apc6b.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8372 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: ntchk32.exe
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
Vše proběhlo hladce bez popsaných komplikací.
Po akci (doufám, že jsem vše udělala správně) zatím nevidím žádné problémy.
Pokud je to vše, po tom, co kontrolujete log z ComboFix označím téma za uzavřené.
Děkuji Vám oběma za pomoc.
Určitě přispěju na provoz fóra. Vyberu si to pak od syna z kapesného
Měl by vědět, že za blbost se platí
ComboFix 15-08-06.01 - Domácí 07.08.2015 15:44:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.979 [GMT 2:00]
Spuštěný z: c:\users\DomßcÝ\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Domácí\AppData\Roaming\Temp\161A9F8B42934981956F431674A5F72A\Opera_NI_stable.exe
c:\users\Domácí\AppData\Roaming\Temp\F4E7ADEC593448FE8F282CFAA880C189\PCTU-CS-1-day-2200632.exe
c:\users\Public\System
c:\users\Public\System\00000409.016
c:\users\Public\System\00000409.256
c:\users\Public\System\00000c0a.016
c:\users\Public\System\00000c0a.256
c:\users\Public\System\Core.dll
c:\users\Public\System\Core.int
c:\users\Public\System\D3DDrv.dll
c:\users\Public\System\D3DDrv.int
c:\users\Public\System\Default.ini
c:\users\Public\System\DefUser.ini
c:\users\Public\System\Dobby.int
c:\users\Public\System\Editor.dll
c:\users\Public\System\Editor.int
c:\users\Public\System\Engine.dll
c:\users\Public\System\Engine.int
c:\users\Public\System\Fire.dll
c:\users\Public\System\Galaxy.dll
c:\users\Public\System\Galaxy.int
c:\users\Public\System\HP.exe
c:\users\Public\System\hp.ico
c:\users\Public\System\HP.int
c:\users\Public\System\hpcredits.int
c:\users\Public\System\hpdialog.int
c:\users\Public\System\HPMenu.int
c:\users\Public\System\HPSounds.u_00018ee4_00000368.wav
c:\users\Public\System\HPSounds.u_0033ef5b_00001000.wav
c:\users\Public\System\IpDrv.dll
c:\users\Public\System\IpDrv.int
c:\users\Public\System\IpServer.int
c:\users\Public\System\MeTaLDrv.int
c:\users\Public\System\Multimesh.int
c:\users\Public\System\Pickup.int
c:\users\Public\System\Pickup2.int
c:\users\Public\System\PolFont.exec
c:\users\Public\System\Render.dll
c:\users\Public\System\SAPFont.jap
c:\users\Public\System\SAPFont.kor
c:\users\Public\System\SAPFont.sim
c:\users\Public\System\SAPFont.tha
c:\users\Public\System\SAPFont.tra
c:\users\Public\System\Setup.int
c:\users\Public\System\SglDrv.int
c:\users\Public\System\SoftDrv.dll
c:\users\Public\System\SoftDrv.int
c:\users\Public\System\Startup.int
c:\users\Public\System\UBrowser.int
c:\users\Public\System\UMenu.int
c:\users\Public\System\UTMenu.int
c:\users\Public\System\UWeb.dll
c:\users\Public\System\Window.dll
c:\users\Public\System\Window.int
c:\users\Public\System\WinDrv.dll
c:\users\Public\System\WinDrv.int
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-07 do 2015-08-07 )))))))))))))))))))))))))))))))
.
.
2015-08-07 13:54 . 2015-08-07 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-07 12:41 . 2015-08-07 12:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\offreg.4836.dll
2015-08-07 12:36 . 2015-08-07 12:37 -------- d-----w- c:\program files (x86)\Skillbrains
2015-08-07 11:30 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\mpengine.dll
2015-08-07 10:30 . 2015-08-07 09:53 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-07 10:30 . 2015-08-07 13:54 -------- d-----w- c:\users\Domácí\AppData\Local\Temp
2015-08-07 10:21 . 2015-08-07 10:30 -------- d-----w- C:\zoek
2015-08-06 21:29 . 2015-08-07 09:28 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-06 21:29 . 2015-08-07 09:27 -------- d-----w- c:\programdata\RogueKiller
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 14:39 . 2015-08-07 09:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-06 14:38 . 2015-08-06 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-06 14:38 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-06 14:38 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-06 14:38 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-06 14:13 . 2015-08-06 17:34 -------- d-----w- C:\AdwCleaner
2015-08-05 14:31 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Common Files\LENOVO
2015-08-05 14:30 . 2015-08-05 14:30 -------- d-----w- c:\windows\Downloaded Installations
2015-08-05 14:30 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Lenovo
2015-08-05 14:29 . 2015-08-06 13:08 -------- d-----w- c:\users\Domácí\AppData\Roaming\BitTorrent
2015-08-05 14:07 . 2015-08-01 23:45 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-05 14:07 . 2005-02-14 16:03 164864 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\unzip.exe
2015-08-03 14:48 . 2015-08-03 14:48 -------- d-----w- c:\program files\Codemasters
2015-08-03 13:47 . 2015-08-03 13:56 -------- d-----w- c:\program files\Richard Burns Rally
2015-07-29 17:55 . 2015-07-29 17:55 -------- d-----w- c:\program files (x86)\TopCD
2015-07-28 19:26 . 2015-08-05 17:10 -------- d-----w- c:\users\Domácí\AppData\Roaming\TS3Client
2015-07-28 19:25 . 2015-07-28 19:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-07-28 12:30 . 2015-07-25 18:04 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 12:30 . 2015-07-25 18:04 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 12:30 . 2015-07-25 18:03 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 12:30 . 2015-07-25 18:03 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 12:30 . 2015-07-25 18:03 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 12:30 . 2015-07-25 17:55 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 12:30 . 2015-07-25 18:07 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 12:30 . 2015-07-25 18:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-27 18:29 . 2015-07-27 18:29 -------- d-----w- c:\program files (x86)\Illusion Softworks
2015-07-27 17:59 . 2015-07-27 17:59 -------- d-----w- c:\program files (x86)\City Interactive
2015-07-27 15:40 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-27 15:40 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-27 15:40 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-27 15:40 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-27 15:40 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-27 15:40 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-27 15:40 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-27 15:40 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-26 17:39 . 2015-07-26 17:39 -------- d-----w- c:\program files (x86)\Cenega Czech
2015-07-26 17:38 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-07-26 17:38 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-07-26 17:38 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-07-26 17:38 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-07-26 17:38 . 2015-07-26 17:38 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-07-26 17:38 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-07-26 17:38 . 2015-07-26 17:38 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-07-26 17:04 . 2015-07-26 17:04 -------- d-----w- c:\programdata\Malwarebytes
2015-07-26 13:42 . 2015-07-26 13:42 -------- d-----w- c:\program files\CCleaner
2015-07-19 19:16 . 2015-07-19 19:16 -------- d-----w- c:\program files (x86)\Ubisoft
2015-07-19 19:09 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2015-07-19 19:09 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2015-07-19 19:09 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2015-07-19 19:09 . 2005-04-03 20:57 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2015-07-19 19:09 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2015-07-19 19:09 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2015-07-19 19:09 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2015-07-19 19:09 . 2015-07-19 19:09 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2015-07-19 19:08 . 2015-07-19 19:08 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\.swt
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\Incomplete
2015-07-19 12:39 . 2015-07-19 12:39 -------- d-----w- c:\users\Domácí\AppData\Roaming\AVG
2015-07-19 12:38 . 2015-07-19 12:38 -------- d-----w- c:\users\Domácí\AppData\Local\Avg
2015-07-19 12:36 . 2015-07-19 12:36 -------- d--h--w- c:\programdata\Common Files
2015-07-19 12:36 . 2015-07-19 12:43 -------- d-----w- c:\programdata\AVG
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Local\Opera Software
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Roaming\Opera Software
2015-07-19 12:33 . 2015-08-06 14:09 -------- d-----w- c:\program files (x86)\Opera
2015-07-19 12:32 . 2015-07-19 12:43 -------- d-----w- c:\users\Domácí\AppData\Roaming\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:41 -------- d-----w- c:\program files (x86)\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:31 -------- d-----w- c:\users\Domácí\AppData\Roaming\Temp
2015-07-19 08:54 . 2015-07-19 08:54 -------- d-----w- c:\users\Domácí\AppData\Roaming\YoudaGames
2015-07-19 08:53 . 2015-08-01 17:24 -------- d-----w- C:\Games
2015-07-18 19:12 . 2015-07-18 19:19 -------- d-----w- c:\program files (x86)\LAV Filters
2015-07-17 13:51 . 2015-07-17 13:51 -------- d-----w- c:\users\Domácí\AppData\Roaming\HeroesAndGeneralsDesktop
2015-07-17 12:07 . 2015-07-17 12:07 -------- d-----w- c:\users\Domácí\AppData\Local\Steam
2015-07-17 12:02 . 2015-07-26 17:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-07-17 12:02 . 2015-08-07 10:59 -------- d-----w- c:\program files (x86)\Steam
2015-07-17 11:19 . 2015-07-17 11:20 -------- d-----w- C:\commandos
2015-07-17 11:00 . 2015-07-17 11:00 3928 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2015-07-17 10:58 . 2015-07-17 10:58 -------- d-----w- c:\users\Domácí\AppData\Local\Downloaded Installations
2015-07-15 17:28 . 2015-07-15 17:28 -------- d-----w- c:\programdata\Riot Games
2015-07-15 17:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-07-15 17:25 . 2015-07-15 17:25 -------- d-----w- C:\Riot Games
2015-07-15 17:18 . 2015-07-15 17:26 -------- d-----w- c:\users\Domácí\AppData\Roaming\Riot Games
2015-07-15 12:46 . 2015-07-15 12:46 -------- d-----w- c:\users\Domácí\AppData\Local\UWebKit151
2015-07-15 12:46 . 2015-07-15 16:25 -------- d-----w- c:\programdata\boost_interprocess
2015-07-15 10:01 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
2015-07-15 10:01 . 2015-06-15 21:45 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-15 10:01 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-15 10:01 . 2015-06-15 21:50 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-15 10:01 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:45 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-15 10:01 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:43 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-15 10:01 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-15 10:01 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-15 09:58 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-15 09:58 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 09:58 . 2015-06-25 08:57 3207168 ----a-w- c:\windows\system32\win32k.sys
2015-07-15 09:57 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-07-15 09:57 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-15 09:57 . 2015-06-27 02:47 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 02:43 5923840 ----a-w- c:\windows\system32\jscript9.dll
2015-07-15 09:57 . 2015-06-27 01:58 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 01:39 4520448 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-07-15 09:48 . 2015-06-11 17:56 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-15 09:48 . 2015-06-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 09:48 . 2015-06-11 17:57 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-15 09:48 . 2015-06-11 17:57 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-15 09:48 . 2015-06-11 17:57 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 62976 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-07-15 11:51 . 2015-05-31 19:21 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 11:51 . 2015-05-31 19:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 06:43 . 2015-05-31 14:35 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-01 20:49 . 2015-07-15 09:47 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-01 20:30 . 2015-07-15 09:47 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-23 20:40 . 2015-06-23 20:40 1945832 ----a-w- c:\program files (x86)\wrar521cz.exe
2015-06-23 18:14 . 2015-06-23 18:16 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-23 11:30 . 2015-05-31 14:02 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-01 01:16 . 2015-06-01 01:16 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 247808 ----a-w- c:\windows\system32\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-06-01 01:16 . 2015-06-01 01:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 81408 ----a-w- c:\windows\system32\icardie.dll
2015-06-01 01:16 . 2015-06-01 01:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-06-01 01:16 . 2015-06-01 01:16 235520 ----a-w- c:\windows\system32\url.dll
2015-06-01 01:16 . 2015-06-01 01:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-06-01 01:16 . 2015-06-01 01:16 101376 ----a-w- c:\windows\system32\inseng.dll
2015-06-01 01:16 . 2015-06-01 01:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 143872 ----a-w- c:\windows\system32\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-06-01 01:16 . 2015-06-01 01:16 147968 ----a-w- c:\windows\system32\occache.dll
2015-06-01 01:16 . 2015-06-01 01:16 13824 ----a-w- c:\windows\system32\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-01 01:00 . 2015-06-01 01:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-05-31 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-05-31 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-05-25 18:24 . 2015-06-17 15:21 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-17 15:21 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-17 15:21 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-17 15:21 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-17 15:21 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-17 15:21 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-17 15:21 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-17 15:21 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-17 15:21 503808 ----a-w- c:\windows\system32\srcore.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-23 2895552]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe;c:\program files (x86)\iWin Games\iWinTrusted.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 pr2apc6b;Death to Spies Drivers Auto Removal (pr2apc6b);c:\windows\system32\pr2apc6b.exe svc;c:\windows\SYSNATIVE\pr2apc6b.exe svc [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 pe3apc6b;Death to Spies Environment Driver (pe3apc6b);c:\windows\system32\drivers\pe3apc6b.sys;c:\windows\SYSNATIVE\drivers\pe3apc6b.sys [x]
S0 ps7apc6b;Death to Spies Synchronization Driver (ps7apc6b);c:\windows\system32\drivers\ps7apc6b.sys;c:\windows\SYSNATIVE\drivers\ps7apc6b.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-06 18:30 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-31 11:51]
.
2015-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23 21:16]
.
2015-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23 21:16]
.
2015-08-07 c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
2015-08-07 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-19 1793736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-05-15 13877464]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.100.1.234 8.8.8.8
FF - ProfilePath - c:\users\Domácí\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Glary Memory Optimizer - c:\program files (x86)\Glary Utilities 5\memdefrag.exe
AddRemove-iWinArcade - c:\program files (x86)\iWin Games\Uninstall.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1 - c:\games\World_of_Tanks\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-07 15:59:33
ComboFix-quarantined-files.txt 2015-08-07 13:59
.
Před spuštěním: Volných bajtů: 191 209 336 832
Po spuštění: Volných bajtů: 190 663 069 696
.
- - End Of File - - 66F1BC5F6314088CD6CBC4AC40C3ED82
A36C5E4F47E84449FF07ED3517B43A31
Po akci (doufám, že jsem vše udělala správně) zatím nevidím žádné problémy.
Pokud je to vše, po tom, co kontrolujete log z ComboFix označím téma za uzavřené.
Děkuji Vám oběma za pomoc.
Určitě přispěju na provoz fóra. Vyberu si to pak od syna z kapesného
Měl by vědět, že za blbost se platí
ComboFix 15-08-06.01 - Domácí 07.08.2015 15:44:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.979 [GMT 2:00]
Spuštěný z: c:\users\DomßcÝ\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Domácí\AppData\Roaming\Temp\161A9F8B42934981956F431674A5F72A\Opera_NI_stable.exe
c:\users\Domácí\AppData\Roaming\Temp\F4E7ADEC593448FE8F282CFAA880C189\PCTU-CS-1-day-2200632.exe
c:\users\Public\System
c:\users\Public\System\00000409.016
c:\users\Public\System\00000409.256
c:\users\Public\System\00000c0a.016
c:\users\Public\System\00000c0a.256
c:\users\Public\System\Core.dll
c:\users\Public\System\Core.int
c:\users\Public\System\D3DDrv.dll
c:\users\Public\System\D3DDrv.int
c:\users\Public\System\Default.ini
c:\users\Public\System\DefUser.ini
c:\users\Public\System\Dobby.int
c:\users\Public\System\Editor.dll
c:\users\Public\System\Editor.int
c:\users\Public\System\Engine.dll
c:\users\Public\System\Engine.int
c:\users\Public\System\Fire.dll
c:\users\Public\System\Galaxy.dll
c:\users\Public\System\Galaxy.int
c:\users\Public\System\HP.exe
c:\users\Public\System\hp.ico
c:\users\Public\System\HP.int
c:\users\Public\System\hpcredits.int
c:\users\Public\System\hpdialog.int
c:\users\Public\System\HPMenu.int
c:\users\Public\System\HPSounds.u_00018ee4_00000368.wav
c:\users\Public\System\HPSounds.u_0033ef5b_00001000.wav
c:\users\Public\System\IpDrv.dll
c:\users\Public\System\IpDrv.int
c:\users\Public\System\IpServer.int
c:\users\Public\System\MeTaLDrv.int
c:\users\Public\System\Multimesh.int
c:\users\Public\System\Pickup.int
c:\users\Public\System\Pickup2.int
c:\users\Public\System\PolFont.exec
c:\users\Public\System\Render.dll
c:\users\Public\System\SAPFont.jap
c:\users\Public\System\SAPFont.kor
c:\users\Public\System\SAPFont.sim
c:\users\Public\System\SAPFont.tha
c:\users\Public\System\SAPFont.tra
c:\users\Public\System\Setup.int
c:\users\Public\System\SglDrv.int
c:\users\Public\System\SoftDrv.dll
c:\users\Public\System\SoftDrv.int
c:\users\Public\System\Startup.int
c:\users\Public\System\UBrowser.int
c:\users\Public\System\UMenu.int
c:\users\Public\System\UTMenu.int
c:\users\Public\System\UWeb.dll
c:\users\Public\System\Window.dll
c:\users\Public\System\Window.int
c:\users\Public\System\WinDrv.dll
c:\users\Public\System\WinDrv.int
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-07 do 2015-08-07 )))))))))))))))))))))))))))))))
.
.
2015-08-07 13:54 . 2015-08-07 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-07 12:41 . 2015-08-07 12:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\offreg.4836.dll
2015-08-07 12:36 . 2015-08-07 12:37 -------- d-----w- c:\program files (x86)\Skillbrains
2015-08-07 11:30 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\mpengine.dll
2015-08-07 10:30 . 2015-08-07 09:53 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-07 10:30 . 2015-08-07 13:54 -------- d-----w- c:\users\Domácí\AppData\Local\Temp
2015-08-07 10:21 . 2015-08-07 10:30 -------- d-----w- C:\zoek
2015-08-06 21:29 . 2015-08-07 09:28 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-06 21:29 . 2015-08-07 09:27 -------- d-----w- c:\programdata\RogueKiller
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 14:39 . 2015-08-07 09:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-06 14:38 . 2015-08-06 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-06 14:38 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-06 14:38 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-06 14:38 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-06 14:13 . 2015-08-06 17:34 -------- d-----w- C:\AdwCleaner
2015-08-05 14:31 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Common Files\LENOVO
2015-08-05 14:30 . 2015-08-05 14:30 -------- d-----w- c:\windows\Downloaded Installations
2015-08-05 14:30 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Lenovo
2015-08-05 14:29 . 2015-08-06 13:08 -------- d-----w- c:\users\Domácí\AppData\Roaming\BitTorrent
2015-08-05 14:07 . 2015-08-01 23:45 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-05 14:07 . 2005-02-14 16:03 164864 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\unzip.exe
2015-08-03 14:48 . 2015-08-03 14:48 -------- d-----w- c:\program files\Codemasters
2015-08-03 13:47 . 2015-08-03 13:56 -------- d-----w- c:\program files\Richard Burns Rally
2015-07-29 17:55 . 2015-07-29 17:55 -------- d-----w- c:\program files (x86)\TopCD
2015-07-28 19:26 . 2015-08-05 17:10 -------- d-----w- c:\users\Domácí\AppData\Roaming\TS3Client
2015-07-28 19:25 . 2015-07-28 19:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-07-28 12:30 . 2015-07-25 18:04 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 12:30 . 2015-07-25 18:04 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 12:30 . 2015-07-25 18:03 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 12:30 . 2015-07-25 18:03 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 12:30 . 2015-07-25 18:03 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 12:30 . 2015-07-25 17:55 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 12:30 . 2015-07-25 18:07 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 12:30 . 2015-07-25 18:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-27 18:29 . 2015-07-27 18:29 -------- d-----w- c:\program files (x86)\Illusion Softworks
2015-07-27 17:59 . 2015-07-27 17:59 -------- d-----w- c:\program files (x86)\City Interactive
2015-07-27 15:40 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-27 15:40 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-27 15:40 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-27 15:40 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-27 15:40 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-27 15:40 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-27 15:40 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-27 15:40 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-26 17:39 . 2015-07-26 17:39 -------- d-----w- c:\program files (x86)\Cenega Czech
2015-07-26 17:38 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-07-26 17:38 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-07-26 17:38 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-07-26 17:38 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-07-26 17:38 . 2015-07-26 17:38 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-07-26 17:38 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-07-26 17:38 . 2015-07-26 17:38 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-07-26 17:04 . 2015-07-26 17:04 -------- d-----w- c:\programdata\Malwarebytes
2015-07-26 13:42 . 2015-07-26 13:42 -------- d-----w- c:\program files\CCleaner
2015-07-19 19:16 . 2015-07-19 19:16 -------- d-----w- c:\program files (x86)\Ubisoft
2015-07-19 19:09 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2015-07-19 19:09 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2015-07-19 19:09 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2015-07-19 19:09 . 2005-04-03 20:57 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2015-07-19 19:09 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2015-07-19 19:09 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2015-07-19 19:09 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2015-07-19 19:09 . 2015-07-19 19:09 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2015-07-19 19:08 . 2015-07-19 19:08 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\.swt
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\Incomplete
2015-07-19 12:39 . 2015-07-19 12:39 -------- d-----w- c:\users\Domácí\AppData\Roaming\AVG
2015-07-19 12:38 . 2015-07-19 12:38 -------- d-----w- c:\users\Domácí\AppData\Local\Avg
2015-07-19 12:36 . 2015-07-19 12:36 -------- d--h--w- c:\programdata\Common Files
2015-07-19 12:36 . 2015-07-19 12:43 -------- d-----w- c:\programdata\AVG
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Local\Opera Software
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Roaming\Opera Software
2015-07-19 12:33 . 2015-08-06 14:09 -------- d-----w- c:\program files (x86)\Opera
2015-07-19 12:32 . 2015-07-19 12:43 -------- d-----w- c:\users\Domácí\AppData\Roaming\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:41 -------- d-----w- c:\program files (x86)\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:31 -------- d-----w- c:\users\Domácí\AppData\Roaming\Temp
2015-07-19 08:54 . 2015-07-19 08:54 -------- d-----w- c:\users\Domácí\AppData\Roaming\YoudaGames
2015-07-19 08:53 . 2015-08-01 17:24 -------- d-----w- C:\Games
2015-07-18 19:12 . 2015-07-18 19:19 -------- d-----w- c:\program files (x86)\LAV Filters
2015-07-17 13:51 . 2015-07-17 13:51 -------- d-----w- c:\users\Domácí\AppData\Roaming\HeroesAndGeneralsDesktop
2015-07-17 12:07 . 2015-07-17 12:07 -------- d-----w- c:\users\Domácí\AppData\Local\Steam
2015-07-17 12:02 . 2015-07-26 17:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-07-17 12:02 . 2015-08-07 10:59 -------- d-----w- c:\program files (x86)\Steam
2015-07-17 11:19 . 2015-07-17 11:20 -------- d-----w- C:\commandos
2015-07-17 11:00 . 2015-07-17 11:00 3928 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2015-07-17 10:58 . 2015-07-17 10:58 -------- d-----w- c:\users\Domácí\AppData\Local\Downloaded Installations
2015-07-15 17:28 . 2015-07-15 17:28 -------- d-----w- c:\programdata\Riot Games
2015-07-15 17:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-07-15 17:25 . 2015-07-15 17:25 -------- d-----w- C:\Riot Games
2015-07-15 17:18 . 2015-07-15 17:26 -------- d-----w- c:\users\Domácí\AppData\Roaming\Riot Games
2015-07-15 12:46 . 2015-07-15 12:46 -------- d-----w- c:\users\Domácí\AppData\Local\UWebKit151
2015-07-15 12:46 . 2015-07-15 16:25 -------- d-----w- c:\programdata\boost_interprocess
2015-07-15 10:01 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
2015-07-15 10:01 . 2015-06-15 21:45 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-15 10:01 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-15 10:01 . 2015-06-15 21:50 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-15 10:01 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:45 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-15 10:01 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:43 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-15 10:01 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-15 10:01 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-15 09:58 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-15 09:58 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 09:58 . 2015-06-25 08:57 3207168 ----a-w- c:\windows\system32\win32k.sys
2015-07-15 09:57 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-07-15 09:57 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-15 09:57 . 2015-06-27 02:47 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 02:43 5923840 ----a-w- c:\windows\system32\jscript9.dll
2015-07-15 09:57 . 2015-06-27 01:58 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 01:39 4520448 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-07-15 09:48 . 2015-06-11 17:56 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-15 09:48 . 2015-06-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 09:48 . 2015-06-11 17:57 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-15 09:48 . 2015-06-11 17:57 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-15 09:48 . 2015-06-11 17:57 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 62976 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-07-15 11:51 . 2015-05-31 19:21 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 11:51 . 2015-05-31 19:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 06:43 . 2015-05-31 14:35 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-01 20:49 . 2015-07-15 09:47 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-01 20:30 . 2015-07-15 09:47 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-23 20:40 . 2015-06-23 20:40 1945832 ----a-w- c:\program files (x86)\wrar521cz.exe
2015-06-23 18:14 . 2015-06-23 18:16 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-23 11:30 . 2015-05-31 14:02 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-01 01:16 . 2015-06-01 01:16 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 247808 ----a-w- c:\windows\system32\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-06-01 01:16 . 2015-06-01 01:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 81408 ----a-w- c:\windows\system32\icardie.dll
2015-06-01 01:16 . 2015-06-01 01:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-06-01 01:16 . 2015-06-01 01:16 235520 ----a-w- c:\windows\system32\url.dll
2015-06-01 01:16 . 2015-06-01 01:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-06-01 01:16 . 2015-06-01 01:16 101376 ----a-w- c:\windows\system32\inseng.dll
2015-06-01 01:16 . 2015-06-01 01:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 143872 ----a-w- c:\windows\system32\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-06-01 01:16 . 2015-06-01 01:16 147968 ----a-w- c:\windows\system32\occache.dll
2015-06-01 01:16 . 2015-06-01 01:16 13824 ----a-w- c:\windows\system32\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-01 01:00 . 2015-06-01 01:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-05-31 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-05-31 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-05-25 18:24 . 2015-06-17 15:21 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-17 15:21 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-17 15:21 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-17 15:21 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-17 15:21 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-17 15:21 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-17 15:21 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-17 15:21 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-17 15:21 503808 ----a-w- c:\windows\system32\srcore.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-23 2895552]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe;c:\program files (x86)\iWin Games\iWinTrusted.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 pr2apc6b;Death to Spies Drivers Auto Removal (pr2apc6b);c:\windows\system32\pr2apc6b.exe svc;c:\windows\SYSNATIVE\pr2apc6b.exe svc [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 pe3apc6b;Death to Spies Environment Driver (pe3apc6b);c:\windows\system32\drivers\pe3apc6b.sys;c:\windows\SYSNATIVE\drivers\pe3apc6b.sys [x]
S0 ps7apc6b;Death to Spies Synchronization Driver (ps7apc6b);c:\windows\system32\drivers\ps7apc6b.sys;c:\windows\SYSNATIVE\drivers\ps7apc6b.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-06 18:30 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-31 11:51]
.
2015-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23 21:16]
.
2015-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23 21:16]
.
2015-08-07 c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
2015-08-07 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-19 1793736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-05-15 13877464]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.100.1.234 8.8.8.8
FF - ProfilePath - c:\users\Domácí\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Glary Memory Optimizer - c:\program files (x86)\Glary Utilities 5\memdefrag.exe
AddRemove-iWinArcade - c:\program files (x86)\iWin Games\Uninstall.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1 - c:\games\World_of_Tanks\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-07 15:59:33
ComboFix-quarantined-files.txt 2015-08-07 13:59
.
Před spuštěním: Volných bajtů: 191 209 336 832
Po spuštění: Volných bajtů: 190 663 069 696
.
- - End Of File - - 66F1BC5F6314088CD6CBC4AC40C3ED82
A36C5E4F47E84449FF07ED3517B43A31
Naposledy upravil(a) nancy dne 07 srp 2015 16:59, celkem upraveno 2 x.
Re: Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
ComboFix 15-08-06.01 - Domácí 07.08.2015 15:44:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.979 [GMT 2:00]
Spuštěný z: c:\users\DomßcÝ\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Domácí\AppData\Roaming\Temp\161A9F8B42934981956F431674A5F72A\Opera_NI_stable.exe
c:\users\Domácí\AppData\Roaming\Temp\F4E7ADEC593448FE8F282CFAA880C189\PCTU-CS-1-day-2200632.exe
c:\users\Public\System
c:\users\Public\System\00000409.016
c:\users\Public\System\00000409.256
c:\users\Public\System\00000c0a.016
c:\users\Public\System\00000c0a.256
c:\users\Public\System\Core.dll
c:\users\Public\System\Core.int
c:\users\Public\System\D3DDrv.dll
c:\users\Public\System\D3DDrv.int
c:\users\Public\System\Default.ini
c:\users\Public\System\DefUser.ini
c:\users\Public\System\Dobby.int
c:\users\Public\System\Editor.dll
c:\users\Public\System\Editor.int
c:\users\Public\System\Engine.dll
c:\users\Public\System\Engine.int
c:\users\Public\System\Fire.dll
c:\users\Public\System\Galaxy.dll
c:\users\Public\System\Galaxy.int
c:\users\Public\System\HP.exe
c:\users\Public\System\hp.ico
c:\users\Public\System\HP.int
c:\users\Public\System\hpcredits.int
c:\users\Public\System\hpdialog.int
c:\users\Public\System\HPMenu.int
c:\users\Public\System\HPSounds.u_00018ee4_00000368.wav
c:\users\Public\System\HPSounds.u_0033ef5b_00001000.wav
c:\users\Public\System\IpDrv.dll
c:\users\Public\System\IpDrv.int
c:\users\Public\System\IpServer.int
c:\users\Public\System\MeTaLDrv.int
c:\users\Public\System\Multimesh.int
c:\users\Public\System\Pickup.int
c:\users\Public\System\Pickup2.int
c:\users\Public\System\PolFont.exec
c:\users\Public\System\Render.dll
c:\users\Public\System\SAPFont.jap
c:\users\Public\System\SAPFont.kor
c:\users\Public\System\SAPFont.sim
c:\users\Public\System\SAPFont.tha
c:\users\Public\System\SAPFont.tra
c:\users\Public\System\Setup.int
c:\users\Public\System\SglDrv.int
c:\users\Public\System\SoftDrv.dll
c:\users\Public\System\SoftDrv.int
c:\users\Public\System\Startup.int
c:\users\Public\System\UBrowser.int
c:\users\Public\System\UMenu.int
c:\users\Public\System\UTMenu.int
c:\users\Public\System\UWeb.dll
c:\users\Public\System\Window.dll
c:\users\Public\System\Window.int
c:\users\Public\System\WinDrv.dll
c:\users\Public\System\WinDrv.int
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-07 do 2015-08-07 )))))))))))))))))))))))))))))))
.
.
2015-08-07 13:54 . 2015-08-07 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-07 12:41 . 2015-08-07 12:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\offreg.4836.dll
2015-08-07 12:36 . 2015-08-07 12:37 -------- d-----w- c:\program files (x86)\Skillbrains
2015-08-07 11:30 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\mpengine.dll
2015-08-07 10:30 . 2015-08-07 09:53 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-07 10:30 . 2015-08-07 13:54 -------- d-----w- c:\users\Domácí\AppData\Local\Temp
2015-08-07 10:21 . 2015-08-07 10:30 -------- d-----w- C:\zoek
2015-08-06 21:29 . 2015-08-07 09:28 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-06 21:29 . 2015-08-07 09:27 -------- d-----w- c:\programdata\RogueKiller
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 14:39 . 2015-08-07 09:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-06 14:38 . 2015-08-06 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-06 14:38 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-06 14:38 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-06 14:38 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-06 14:13 . 2015-08-06 17:34 -------- d-----w- C:\AdwCleaner
2015-08-05 14:31 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Common Files\LENOVO
2015-08-05 14:30 . 2015-08-05 14:30 -------- d-----w- c:\windows\Downloaded Installations
2015-08-05 14:30 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Lenovo
2015-08-05 14:29 . 2015-08-06 13:08 -------- d-----w- c:\users\Domácí\AppData\Roaming\BitTorrent
2015-08-05 14:07 . 2015-08-01 23:45 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-05 14:07 . 2005-02-14 16:03 164864 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\unzip.exe
2015-08-03 14:48 . 2015-08-03 14:48 -------- d-----w- c:\program files\Codemasters
2015-08-03 13:47 . 2015-08-03 13:56 -------- d-----w- c:\program files\Richard Burns Rally
2015-07-29 17:55 . 2015-07-29 17:55 -------- d-----w- c:\program files (x86)\TopCD
2015-07-28 19:26 . 2015-08-05 17:10 -------- d-----w- c:\users\Domácí\AppData\Roaming\TS3Client
2015-07-28 19:25 . 2015-07-28 19:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-07-28 12:30 . 2015-07-25 18:04 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 12:30 . 2015-07-25 18:04 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 12:30 . 2015-07-25 18:03 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 12:30 . 2015-07-25 18:03 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 12:30 . 2015-07-25 18:03 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 12:30 . 2015-07-25 17:55 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 12:30 . 2015-07-25 18:07 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 12:30 . 2015-07-25 18:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-27 18:29 . 2015-07-27 18:29 -------- d-----w- c:\program files (x86)\Illusion Softworks
2015-07-27 17:59 . 2015-07-27 17:59 -------- d-----w- c:\program files (x86)\City Interactive
2015-07-27 15:40 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-27 15:40 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-27 15:40 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-27 15:40 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-27 15:40 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-27 15:40 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-27 15:40 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-27 15:40 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-26 17:39 . 2015-07-26 17:39 -------- d-----w- c:\program files (x86)\Cenega Czech
2015-07-26 17:38 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-07-26 17:38 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-07-26 17:38 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-07-26 17:38 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-07-26 17:38 . 2015-07-26 17:38 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-07-26 17:38 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-07-26 17:38 . 2015-07-26 17:38 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-07-26 17:04 . 2015-07-26 17:04 -------- d-----w- c:\programdata\Malwarebytes
2015-07-26 13:42 . 2015-07-26 13:42 -------- d-----w- c:\program files\CCleaner
2015-07-19 19:16 . 2015-07-19 19:16 -------- d-----w- c:\program files (x86)\Ubisoft
2015-07-19 19:09 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2015-07-19 19:09 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2015-07-19 19:09 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2015-07-19 19:09 . 2005-04-03 20:57 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2015-07-19 19:09 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2015-07-19 19:09 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2015-07-19 19:09 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2015-07-19 19:09 . 2015-07-19 19:09 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2015-07-19 19:08 . 2015-07-19 19:08 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\.swt
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\Incomplete
2015-07-19 12:39 . 2015-07-19 12:39 -------- d-----w- c:\users\Domácí\AppData\Roaming\AVG
2015-07-19 12:38 . 2015-07-19 12:38 -------- d-----w- c:\users\Domácí\AppData\Local\Avg
2015-07-19 12:36 . 2015-07-19 12:36 -------- d--h--w- c:\programdata\Common Files
2015-07-19 12:36 . 2015-07-19 12:43 -------- d-----w- c:\programdata\AVG
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Local\Opera Software
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Roaming\Opera Software
2015-07-19 12:33 . 2015-08-06 14:09 -------- d-----w- c:\program files (x86)\Opera
2015-07-19 12:32 . 2015-07-19 12:43 -------- d-----w- c:\users\Domácí\AppData\Roaming\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:41 -------- d-----w- c:\program files (x86)\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:31 -------- d-----w- c:\users\Domácí\AppData\Roaming\Temp
2015-07-19 08:54 . 2015-07-19 08:54 -------- d-----w- c:\users\Domácí\AppData\Roaming\YoudaGames
2015-07-19 08:53 . 2015-08-01 17:24 -------- d-----w- C:\Games
2015-07-18 19:12 . 2015-07-18 19:19 -------- d-----w- c:\program files (x86)\LAV Filters
2015-07-17 13:51 . 2015-07-17 13:51 -------- d-----w- c:\users\Domácí\AppData\Roaming\HeroesAndGeneralsDesktop
2015-07-17 12:07 . 2015-07-17 12:07 -------- d-----w- c:\users\Domácí\AppData\Local\Steam
2015-07-17 12:02 . 2015-07-26 17:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-07-17 12:02 . 2015-08-07 10:59 -------- d-----w- c:\program files (x86)\Steam
2015-07-17 11:19 . 2015-07-17 11:20 -------- d-----w- C:\commandos
2015-07-17 11:00 . 2015-07-17 11:00 3928 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2015-07-17 10:58 . 2015-07-17 10:58 -------- d-----w- c:\users\Domácí\AppData\Local\Downloaded Installations
2015-07-15 17:28 . 2015-07-15 17:28 -------- d-----w- c:\programdata\Riot Games
2015-07-15 17:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-07-15 17:25 . 2015-07-15 17:25 -------- d-----w- C:\Riot Games
2015-07-15 17:18 . 2015-07-15 17:26 -------- d-----w- c:\users\Domácí\AppData\Roaming\Riot Games
2015-07-15 12:46 . 2015-07-15 12:46 -------- d-----w- c:\users\Domácí\AppData\Local\UWebKit151
2015-07-15 12:46 . 2015-07-15 16:25 -------- d-----w- c:\programdata\boost_interprocess
2015-07-15 10:01 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
2015-07-15 10:01 . 2015-06-15 21:45 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-15 10:01 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-15 10:01 . 2015-06-15 21:50 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-15 10:01 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:45 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-15 10:01 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:43 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-15 10:01 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-15 10:01 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-15 09:58 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-15 09:58 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 09:58 . 2015-06-25 08:57 3207168 ----a-w- c:\windows\system32\win32k.sys
2015-07-15 09:57 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-07-15 09:57 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-15 09:57 . 2015-06-27 02:47 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 02:43 5923840 ----a-w- c:\windows\system32\jscript9.dll
2015-07-15 09:57 . 2015-06-27 01:58 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 01:39 4520448 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-07-15 09:48 . 2015-06-11 17:56 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-15 09:48 . 2015-06-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 09:48 . 2015-06-11 17:57 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-15 09:48 . 2015-06-11 17:57 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-15 09:48 . 2015-06-11 17:57 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 62976 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-07-15 11:51 . 2015-05-31 19:21 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 11:51 . 2015-05-31 19:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 06:43 . 2015-05-31 14:35 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-01 20:49 . 2015-07-15 09:47 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-01 20:30 . 2015-07-15 09:47 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-23 20:40 . 2015-06-23 20:40 1945832 ----a-w- c:\program files (x86)\wrar521cz.exe
2015-06-23 18:14 . 2015-06-23 18:16 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-23 11:30 . 2015-05-31 14:02 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-01 01:16 . 2015-06-01 01:16 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 247808 ----a-w- c:\windows\system32\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-06-01 01:16 . 2015-06-01 01:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 81408 ----a-w- c:\windows\system32\icardie.dll
2015-06-01 01:16 . 2015-06-01 01:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-06-01 01:16 . 2015-06-01 01:16 235520 ----a-w- c:\windows\system32\url.dll
2015-06-01 01:16 . 2015-06-01 01:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-06-01 01:16 . 2015-06-01 01:16 101376 ----a-w- c:\windows\system32\inseng.dll
2015-06-01 01:16 . 2015-06-01 01:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 143872 ----a-w- c:\windows\system32\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-06-01 01:16 . 2015-06-01 01:16 147968 ----a-w- c:\windows\system32\occache.dll
2015-06-01 01:16 . 2015-06-01 01:16 13824 ----a-w- c:\windows\system32\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-01 01:00 . 2015-06-01 01:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-05-31 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-05-31 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-05-25 18:24 . 2015-06-17 15:21 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-17 15:21 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-17 15:21 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-17 15:21 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-17 15:21 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-17 15:21 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-17 15:21 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-17 15:21 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-17 15:21 503808 ----a-w- c:\windows\system32\srcore.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-23 2895552]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe;c:\program files (x86)\iWin Games\iWinTrusted.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 pr2apc6b;Death to Spies Drivers Auto Removal (pr2apc6b);c:\windows\system32\pr2apc6b.exe svc;c:\windows\SYSNATIVE\pr2apc6b.exe svc [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 pe3apc6b;Death to Spies Environment Driver (pe3apc6b);c:\windows\system32\drivers\pe3apc6b.sys;c:\windows\SYSNATIVE\drivers\pe3apc6b.sys [x]
S0 ps7apc6b;Death to Spies Synchronization Driver (ps7apc6b);c:\windows\system32\drivers\ps7apc6b.sys;c:\windows\SYSNATIVE\drivers\ps7apc6b.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-06 18:30 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-31 11:51]
.
2015-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23 21:16]
.
2015-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23 21:16]
.
2015-08-07 c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
2015-08-07 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-19 1793736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-05-15 13877464]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.100.1.234 8.8.8.8
FF - ProfilePath - c:\users\Domácí\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Glary Memory Optimizer - c:\program files (x86)\Glary Utilities 5\memdefrag.exe
AddRemove-iWinArcade - c:\program files (x86)\iWin Games\Uninstall.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1 - c:\games\World_of_Tanks\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-07 15:59:33
ComboFix-quarantined-files.txt 2015-08-07 13:59
.
Před spuštěním: Volných bajtů: 191 209 336 832
Po spuštění: Volných bajtů: 190 663 069 696
.
- - End Of File - - 66F1BC5F6314088CD6CBC4AC40C3ED82
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.979 [GMT 2:00]
Spuštěný z: c:\users\DomßcÝ\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Domácí\AppData\Roaming\Temp\161A9F8B42934981956F431674A5F72A\Opera_NI_stable.exe
c:\users\Domácí\AppData\Roaming\Temp\F4E7ADEC593448FE8F282CFAA880C189\PCTU-CS-1-day-2200632.exe
c:\users\Public\System
c:\users\Public\System\00000409.016
c:\users\Public\System\00000409.256
c:\users\Public\System\00000c0a.016
c:\users\Public\System\00000c0a.256
c:\users\Public\System\Core.dll
c:\users\Public\System\Core.int
c:\users\Public\System\D3DDrv.dll
c:\users\Public\System\D3DDrv.int
c:\users\Public\System\Default.ini
c:\users\Public\System\DefUser.ini
c:\users\Public\System\Dobby.int
c:\users\Public\System\Editor.dll
c:\users\Public\System\Editor.int
c:\users\Public\System\Engine.dll
c:\users\Public\System\Engine.int
c:\users\Public\System\Fire.dll
c:\users\Public\System\Galaxy.dll
c:\users\Public\System\Galaxy.int
c:\users\Public\System\HP.exe
c:\users\Public\System\hp.ico
c:\users\Public\System\HP.int
c:\users\Public\System\hpcredits.int
c:\users\Public\System\hpdialog.int
c:\users\Public\System\HPMenu.int
c:\users\Public\System\HPSounds.u_00018ee4_00000368.wav
c:\users\Public\System\HPSounds.u_0033ef5b_00001000.wav
c:\users\Public\System\IpDrv.dll
c:\users\Public\System\IpDrv.int
c:\users\Public\System\IpServer.int
c:\users\Public\System\MeTaLDrv.int
c:\users\Public\System\Multimesh.int
c:\users\Public\System\Pickup.int
c:\users\Public\System\Pickup2.int
c:\users\Public\System\PolFont.exec
c:\users\Public\System\Render.dll
c:\users\Public\System\SAPFont.jap
c:\users\Public\System\SAPFont.kor
c:\users\Public\System\SAPFont.sim
c:\users\Public\System\SAPFont.tha
c:\users\Public\System\SAPFont.tra
c:\users\Public\System\Setup.int
c:\users\Public\System\SglDrv.int
c:\users\Public\System\SoftDrv.dll
c:\users\Public\System\SoftDrv.int
c:\users\Public\System\Startup.int
c:\users\Public\System\UBrowser.int
c:\users\Public\System\UMenu.int
c:\users\Public\System\UTMenu.int
c:\users\Public\System\UWeb.dll
c:\users\Public\System\Window.dll
c:\users\Public\System\Window.int
c:\users\Public\System\WinDrv.dll
c:\users\Public\System\WinDrv.int
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-07 do 2015-08-07 )))))))))))))))))))))))))))))))
.
.
2015-08-07 13:54 . 2015-08-07 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-07 12:41 . 2015-08-07 12:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\offreg.4836.dll
2015-08-07 12:36 . 2015-08-07 12:37 -------- d-----w- c:\program files (x86)\Skillbrains
2015-08-07 11:30 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\mpengine.dll
2015-08-07 10:30 . 2015-08-07 09:53 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-07 10:30 . 2015-08-07 13:54 -------- d-----w- c:\users\Domácí\AppData\Local\Temp
2015-08-07 10:21 . 2015-08-07 10:30 -------- d-----w- C:\zoek
2015-08-06 21:29 . 2015-08-07 09:28 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-06 21:29 . 2015-08-07 09:27 -------- d-----w- c:\programdata\RogueKiller
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 14:39 . 2015-08-07 09:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-06 14:38 . 2015-08-06 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-06 14:38 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-06 14:38 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-06 14:38 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-06 14:13 . 2015-08-06 17:34 -------- d-----w- C:\AdwCleaner
2015-08-05 14:31 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Common Files\LENOVO
2015-08-05 14:30 . 2015-08-05 14:30 -------- d-----w- c:\windows\Downloaded Installations
2015-08-05 14:30 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Lenovo
2015-08-05 14:29 . 2015-08-06 13:08 -------- d-----w- c:\users\Domácí\AppData\Roaming\BitTorrent
2015-08-05 14:07 . 2015-08-01 23:45 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-05 14:07 . 2005-02-14 16:03 164864 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\unzip.exe
2015-08-03 14:48 . 2015-08-03 14:48 -------- d-----w- c:\program files\Codemasters
2015-08-03 13:47 . 2015-08-03 13:56 -------- d-----w- c:\program files\Richard Burns Rally
2015-07-29 17:55 . 2015-07-29 17:55 -------- d-----w- c:\program files (x86)\TopCD
2015-07-28 19:26 . 2015-08-05 17:10 -------- d-----w- c:\users\Domácí\AppData\Roaming\TS3Client
2015-07-28 19:25 . 2015-07-28 19:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-07-28 12:30 . 2015-07-25 18:04 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 12:30 . 2015-07-25 18:04 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 12:30 . 2015-07-25 18:03 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 12:30 . 2015-07-25 18:03 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 12:30 . 2015-07-25 18:03 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 12:30 . 2015-07-25 17:55 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 12:30 . 2015-07-25 18:07 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 12:30 . 2015-07-25 18:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-27 18:29 . 2015-07-27 18:29 -------- d-----w- c:\program files (x86)\Illusion Softworks
2015-07-27 17:59 . 2015-07-27 17:59 -------- d-----w- c:\program files (x86)\City Interactive
2015-07-27 15:40 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-27 15:40 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-27 15:40 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-27 15:40 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-27 15:40 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-27 15:40 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-27 15:40 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-27 15:40 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-26 17:39 . 2015-07-26 17:39 -------- d-----w- c:\program files (x86)\Cenega Czech
2015-07-26 17:38 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-07-26 17:38 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-07-26 17:38 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-07-26 17:38 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-07-26 17:38 . 2015-07-26 17:38 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-07-26 17:38 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-07-26 17:38 . 2015-07-26 17:38 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-07-26 17:04 . 2015-07-26 17:04 -------- d-----w- c:\programdata\Malwarebytes
2015-07-26 13:42 . 2015-07-26 13:42 -------- d-----w- c:\program files\CCleaner
2015-07-19 19:16 . 2015-07-19 19:16 -------- d-----w- c:\program files (x86)\Ubisoft
2015-07-19 19:09 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2015-07-19 19:09 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2015-07-19 19:09 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2015-07-19 19:09 . 2005-04-03 20:57 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2015-07-19 19:09 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2015-07-19 19:09 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2015-07-19 19:09 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2015-07-19 19:09 . 2015-07-19 19:09 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2015-07-19 19:08 . 2015-07-19 19:08 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\.swt
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\Incomplete
2015-07-19 12:39 . 2015-07-19 12:39 -------- d-----w- c:\users\Domácí\AppData\Roaming\AVG
2015-07-19 12:38 . 2015-07-19 12:38 -------- d-----w- c:\users\Domácí\AppData\Local\Avg
2015-07-19 12:36 . 2015-07-19 12:36 -------- d--h--w- c:\programdata\Common Files
2015-07-19 12:36 . 2015-07-19 12:43 -------- d-----w- c:\programdata\AVG
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Local\Opera Software
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Roaming\Opera Software
2015-07-19 12:33 . 2015-08-06 14:09 -------- d-----w- c:\program files (x86)\Opera
2015-07-19 12:32 . 2015-07-19 12:43 -------- d-----w- c:\users\Domácí\AppData\Roaming\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:41 -------- d-----w- c:\program files (x86)\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:31 -------- d-----w- c:\users\Domácí\AppData\Roaming\Temp
2015-07-19 08:54 . 2015-07-19 08:54 -------- d-----w- c:\users\Domácí\AppData\Roaming\YoudaGames
2015-07-19 08:53 . 2015-08-01 17:24 -------- d-----w- C:\Games
2015-07-18 19:12 . 2015-07-18 19:19 -------- d-----w- c:\program files (x86)\LAV Filters
2015-07-17 13:51 . 2015-07-17 13:51 -------- d-----w- c:\users\Domácí\AppData\Roaming\HeroesAndGeneralsDesktop
2015-07-17 12:07 . 2015-07-17 12:07 -------- d-----w- c:\users\Domácí\AppData\Local\Steam
2015-07-17 12:02 . 2015-07-26 17:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-07-17 12:02 . 2015-08-07 10:59 -------- d-----w- c:\program files (x86)\Steam
2015-07-17 11:19 . 2015-07-17 11:20 -------- d-----w- C:\commandos
2015-07-17 11:00 . 2015-07-17 11:00 3928 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2015-07-17 10:58 . 2015-07-17 10:58 -------- d-----w- c:\users\Domácí\AppData\Local\Downloaded Installations
2015-07-15 17:28 . 2015-07-15 17:28 -------- d-----w- c:\programdata\Riot Games
2015-07-15 17:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-07-15 17:25 . 2015-07-15 17:25 -------- d-----w- C:\Riot Games
2015-07-15 17:18 . 2015-07-15 17:26 -------- d-----w- c:\users\Domácí\AppData\Roaming\Riot Games
2015-07-15 12:46 . 2015-07-15 12:46 -------- d-----w- c:\users\Domácí\AppData\Local\UWebKit151
2015-07-15 12:46 . 2015-07-15 16:25 -------- d-----w- c:\programdata\boost_interprocess
2015-07-15 10:01 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
2015-07-15 10:01 . 2015-06-15 21:45 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-15 10:01 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-15 10:01 . 2015-06-15 21:50 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-15 10:01 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:45 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-15 10:01 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:43 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-15 10:01 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-15 10:01 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-15 09:58 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-15 09:58 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 09:58 . 2015-06-25 08:57 3207168 ----a-w- c:\windows\system32\win32k.sys
2015-07-15 09:57 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-07-15 09:57 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-15 09:57 . 2015-06-27 02:47 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 02:43 5923840 ----a-w- c:\windows\system32\jscript9.dll
2015-07-15 09:57 . 2015-06-27 01:58 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 01:39 4520448 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-07-15 09:48 . 2015-06-11 17:56 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-15 09:48 . 2015-06-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 09:48 . 2015-06-11 17:57 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-15 09:48 . 2015-06-11 17:57 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-15 09:48 . 2015-06-11 17:57 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 62976 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-07-15 11:51 . 2015-05-31 19:21 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 11:51 . 2015-05-31 19:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 06:43 . 2015-05-31 14:35 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-01 20:49 . 2015-07-15 09:47 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-01 20:30 . 2015-07-15 09:47 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-23 20:40 . 2015-06-23 20:40 1945832 ----a-w- c:\program files (x86)\wrar521cz.exe
2015-06-23 18:14 . 2015-06-23 18:16 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-23 11:30 . 2015-05-31 14:02 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-01 01:16 . 2015-06-01 01:16 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 247808 ----a-w- c:\windows\system32\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-06-01 01:16 . 2015-06-01 01:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 81408 ----a-w- c:\windows\system32\icardie.dll
2015-06-01 01:16 . 2015-06-01 01:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-06-01 01:16 . 2015-06-01 01:16 235520 ----a-w- c:\windows\system32\url.dll
2015-06-01 01:16 . 2015-06-01 01:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-06-01 01:16 . 2015-06-01 01:16 101376 ----a-w- c:\windows\system32\inseng.dll
2015-06-01 01:16 . 2015-06-01 01:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 143872 ----a-w- c:\windows\system32\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-06-01 01:16 . 2015-06-01 01:16 147968 ----a-w- c:\windows\system32\occache.dll
2015-06-01 01:16 . 2015-06-01 01:16 13824 ----a-w- c:\windows\system32\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-01 01:00 . 2015-06-01 01:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-05-31 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-05-31 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-05-25 18:24 . 2015-06-17 15:21 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-17 15:21 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-17 15:21 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-17 15:21 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-17 15:21 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-17 15:21 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-17 15:21 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-17 15:21 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-17 15:21 503808 ----a-w- c:\windows\system32\srcore.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-23 2895552]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe;c:\program files (x86)\iWin Games\iWinTrusted.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 pr2apc6b;Death to Spies Drivers Auto Removal (pr2apc6b);c:\windows\system32\pr2apc6b.exe svc;c:\windows\SYSNATIVE\pr2apc6b.exe svc [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 pe3apc6b;Death to Spies Environment Driver (pe3apc6b);c:\windows\system32\drivers\pe3apc6b.sys;c:\windows\SYSNATIVE\drivers\pe3apc6b.sys [x]
S0 ps7apc6b;Death to Spies Synchronization Driver (ps7apc6b);c:\windows\system32\drivers\ps7apc6b.sys;c:\windows\SYSNATIVE\drivers\ps7apc6b.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-06 18:30 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-31 11:51]
.
2015-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23 21:16]
.
2015-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23 21:16]
.
2015-08-07 c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
2015-08-07 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-19 1793736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-05-15 13877464]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.100.1.234 8.8.8.8
FF - ProfilePath - c:\users\Domácí\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Glary Memory Optimizer - c:\program files (x86)\Glary Utilities 5\memdefrag.exe
AddRemove-iWinArcade - c:\program files (x86)\iWin Games\Uninstall.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1 - c:\games\World_of_Tanks\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-07 15:59:33
ComboFix-quarantined-files.txt 2015-08-07 13:59
.
Před spuštěním: Volných bajtů: 191 209 336 832
Po spuštění: Volných bajtů: 190 663 069 696
.
- - End Of File - - 66F1BC5F6314088CD6CBC4AC40C3ED82
A36C5E4F47E84449FF07ED3517B43A31
Naposledy upravil(a) nancy dne 08 srp 2015 00:17, celkem upraveno 2 x.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
díky za příspěvek!Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
File::
c:\users\Domácí\AppData\Roaming\appdataFr25.bin
c:\users\Domácí\AppData\Roaming\appdataFr25.bin
c:\users\Domácí\AppData\Roaming\appdataFr25.bin
c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job
c:\program files (x86)\Skillbrains\Updater\Updater.exe
c:\windows\Tasks\update-sys.job
Folder::
c:\users\Domácí\AppData\Roaming\AVG
c:\users\Domácí\AppData\Local\Avg
c:\programdata\AVG
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update
Driver::
SkypeUpdate
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\SYSNATIVE\pr2apc6b.exe svc
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
ComboFix 15-08-06.01 - Domácí 07.08.2015 18:31:59.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.965 [GMT 2:00]
Spuštěný z: c:\users\Domácí\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Domácí\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Skillbrains\Updater\Updater.exe"
"c:\users\Domácí\AppData\Roaming\appdataFr25.bin"
"c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job"
"c:\windows\Tasks\update-sys.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.28.1\goopdate.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.28.1\psmachine.dll
c:\program files (x86)\Google\Update\1.3.28.1\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.28.1\psuser.dll
c:\program files (x86)\Google\Update\1.3.28.1\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.130\44.0.2403.130_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{2AE4C99F-0971-4018-AC81-2BF428E678EE}\44.0.2403.130_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{3B06BBE1-5620-429B-898B-5B8DA091342E}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{3D802C52-5CC9-4A77-B51B-F70D9870518B}\44.0.2403.107_43.0.2357.134_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{AE1EBE39-812A-4E56-8775-28D6479D5089}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{C14D0771-FD82-4A35-A5F1-AEAABE7D92C1}\43.0.2357.130_chrome_installer.exe
c:\program files (x86)\Google\Update\Install\{CC4FB0B4-5056-4DE2-9833-D9CF116D5161}\43.0.2357.132_43.0.2357.130_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{DF40ED6C-357D-43AC-8A6A-2590165D0549}\43.0.2357.134_43.0.2357.132_chrome_updater.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\AVG
c:\programdata\AVG\AWL\AvgRep.xml
c:\programdata\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\programdata\AVG\AWL\TUProgMan.10.tudb
c:\programdata\AVG\AWL\TUProgManagerCache.10.tudb
c:\programdata\AVG\AWL\TUTuningIndex.10.2.tudb
c:\programdata\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\programdata\AVG\AWL005FA12460321E3194E5A0611BB3B86F.xml
c:\programdata\AVG\AWL2015\TTUSvc.tt
c:\programdata\AVG\AWL2015\TUProgRating.10.tudb
c:\programdata\AVG\AWL2015\TUReportData.10.tudb
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-07 do 2015-08-07 )))))))))))))))))))))))))))))))
.
.
2015-08-07 16:40 . 2015-08-07 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-07 15:45 . 2015-08-07 15:45 -------- d-----w- c:\users\Domácí\AppData\Local\CrashDumps
2015-08-07 14:06 . 2015-08-07 14:07 -------- d-----r- C:\Logy_malwarebytes_nada
2015-08-07 12:41 . 2015-08-07 12:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\offreg.4836.dll
2015-08-07 12:36 . 2015-08-07 12:37 -------- d-----w- c:\program files (x86)\Skillbrains
2015-08-07 11:30 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\mpengine.dll
2015-08-07 10:30 . 2015-08-07 09:53 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-07 10:30 . 2015-08-07 16:43 -------- d-----w- c:\users\Domácí\AppData\Local\Temp
2015-08-07 10:21 . 2015-08-07 10:30 -------- d-----w- C:\zoek
2015-08-06 21:29 . 2015-08-07 09:28 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-06 21:29 . 2015-08-07 09:27 -------- d-----w- c:\programdata\RogueKiller
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 14:39 . 2015-08-07 09:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-06 14:38 . 2015-08-06 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-06 14:38 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-06 14:38 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-06 14:38 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-06 14:13 . 2015-08-06 17:34 -------- d-----w- C:\AdwCleaner
2015-08-05 14:31 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Common Files\LENOVO
2015-08-05 14:30 . 2015-08-05 14:30 -------- d-----w- c:\windows\Downloaded Installations
2015-08-05 14:30 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Lenovo
2015-08-05 14:29 . 2015-08-06 13:08 -------- d-----w- c:\users\Domácí\AppData\Roaming\BitTorrent
2015-08-05 14:07 . 2015-08-01 23:45 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-05 14:07 . 2005-02-14 16:03 164864 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\unzip.exe
2015-08-03 14:48 . 2015-08-03 14:48 -------- d-----w- c:\program files\Codemasters
2015-08-03 13:47 . 2015-08-03 13:56 -------- d-----w- c:\program files\Richard Burns Rally
2015-07-29 17:55 . 2015-07-29 17:55 -------- d-----w- c:\program files (x86)\TopCD
2015-07-28 19:26 . 2015-08-05 17:10 -------- d-----w- c:\users\Domácí\AppData\Roaming\TS3Client
2015-07-28 19:25 . 2015-07-28 19:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-07-28 12:30 . 2015-07-25 18:04 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 12:30 . 2015-07-25 18:04 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 12:30 . 2015-07-25 18:03 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 12:30 . 2015-07-25 18:03 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 12:30 . 2015-07-25 18:03 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 12:30 . 2015-07-25 17:55 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 12:30 . 2015-07-25 18:07 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 12:30 . 2015-07-25 18:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-27 18:29 . 2015-07-27 18:29 -------- d-----w- c:\program files (x86)\Illusion Softworks
2015-07-27 17:59 . 2015-07-27 17:59 -------- d-----w- c:\program files (x86)\City Interactive
2015-07-27 15:40 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-27 15:40 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-27 15:40 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-27 15:40 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-27 15:40 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-27 15:40 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-27 15:40 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-27 15:40 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-26 17:39 . 2015-07-26 17:39 -------- d-----w- c:\program files (x86)\Cenega Czech
2015-07-26 17:38 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-07-26 17:38 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-07-26 17:38 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-07-26 17:38 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-07-26 17:38 . 2015-07-26 17:38 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-07-26 17:38 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-07-26 17:38 . 2015-07-26 17:38 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-07-26 17:04 . 2015-07-26 17:04 -------- d-----w- c:\programdata\Malwarebytes
2015-07-26 13:42 . 2015-07-26 13:42 -------- d-----w- c:\program files\CCleaner
2015-07-19 19:16 . 2015-07-19 19:16 -------- d-----w- c:\program files (x86)\Ubisoft
2015-07-19 19:09 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2015-07-19 19:09 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2015-07-19 19:09 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2015-07-19 19:09 . 2005-04-03 20:57 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2015-07-19 19:09 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2015-07-19 19:09 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2015-07-19 19:09 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2015-07-19 19:09 . 2015-07-19 19:09 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2015-07-19 19:08 . 2015-07-19 19:08 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\.swt
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\Incomplete
2015-07-19 12:39 . 2015-07-19 12:39 -------- d-----w- c:\users\Domácí\AppData\Roaming\AVG
2015-07-19 12:38 . 2015-07-19 12:38 -------- d-----w- c:\users\Domácí\AppData\Local\Avg
2015-07-19 12:36 . 2015-07-19 12:36 -------- d--h--w- c:\programdata\Common Files
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Local\Opera Software
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Roaming\Opera Software
2015-07-19 12:33 . 2015-08-06 14:09 -------- d-----w- c:\program files (x86)\Opera
2015-07-19 12:32 . 2015-07-19 12:43 -------- d-----w- c:\users\Domácí\AppData\Roaming\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:41 -------- d-----w- c:\program files (x86)\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:31 -------- d-----w- c:\users\Domácí\AppData\Roaming\Temp
2015-07-19 08:54 . 2015-07-19 08:54 -------- d-----w- c:\users\Domácí\AppData\Roaming\YoudaGames
2015-07-19 08:53 . 2015-08-01 17:24 -------- d-----w- C:\Games
2015-07-18 19:12 . 2015-07-18 19:19 -------- d-----w- c:\program files (x86)\LAV Filters
2015-07-17 13:51 . 2015-07-17 13:51 -------- d-----w- c:\users\Domácí\AppData\Roaming\HeroesAndGeneralsDesktop
2015-07-17 12:07 . 2015-07-17 12:07 -------- d-----w- c:\users\Domácí\AppData\Local\Steam
2015-07-17 12:02 . 2015-07-26 17:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-07-17 12:02 . 2015-08-07 16:43 -------- d-----w- c:\program files (x86)\Steam
2015-07-17 11:19 . 2015-07-17 11:20 -------- d-----w- C:\commandos
2015-07-17 11:00 . 2015-07-17 11:00 3928 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2015-07-17 10:58 . 2015-07-17 10:58 -------- d-----w- c:\users\Domácí\AppData\Local\Downloaded Installations
2015-07-15 17:28 . 2015-07-15 17:28 -------- d-----w- c:\programdata\Riot Games
2015-07-15 17:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-07-15 17:25 . 2015-07-15 17:25 -------- d-----w- C:\Riot Games
2015-07-15 17:18 . 2015-07-15 17:26 -------- d-----w- c:\users\Domácí\AppData\Roaming\Riot Games
2015-07-15 12:46 . 2015-07-15 12:46 -------- d-----w- c:\users\Domácí\AppData\Local\UWebKit151
2015-07-15 12:46 . 2015-07-15 16:25 -------- d-----w- c:\programdata\boost_interprocess
2015-07-15 10:01 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
2015-07-15 10:01 . 2015-06-15 21:45 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-15 10:01 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-15 10:01 . 2015-06-15 21:50 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-15 10:01 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:45 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-15 10:01 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:43 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-15 10:01 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-15 10:01 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-15 09:58 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-15 09:58 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 09:58 . 2015-06-25 08:57 3207168 ----a-w- c:\windows\system32\win32k.sys
2015-07-15 09:57 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-07-15 09:57 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-15 09:57 . 2015-06-27 02:47 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 02:43 5923840 ----a-w- c:\windows\system32\jscript9.dll
2015-07-15 09:57 . 2015-06-27 01:58 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 01:39 4520448 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-07-15 09:48 . 2015-06-11 17:56 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-15 09:48 . 2015-06-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 09:48 . 2015-06-11 17:57 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-15 09:48 . 2015-06-11 17:57 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-15 09:48 . 2015-06-11 17:57 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 62976 ----a-w- c:\windows\system32\tsgqec.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-07-15 11:51 . 2015-05-31 19:21 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 11:51 . 2015-05-31 19:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 06:43 . 2015-05-31 14:35 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-01 20:49 . 2015-07-15 09:47 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-01 20:30 . 2015-07-15 09:47 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-23 20:40 . 2015-06-23 20:40 1945832 ----a-w- c:\program files (x86)\wrar521cz.exe
2015-06-23 18:14 . 2015-06-23 18:16 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-23 11:30 . 2015-05-31 14:02 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-01 01:16 . 2015-06-01 01:16 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 247808 ----a-w- c:\windows\system32\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-06-01 01:16 . 2015-06-01 01:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 81408 ----a-w- c:\windows\system32\icardie.dll
2015-06-01 01:16 . 2015-06-01 01:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-06-01 01:16 . 2015-06-01 01:16 235520 ----a-w- c:\windows\system32\url.dll
2015-06-01 01:16 . 2015-06-01 01:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-06-01 01:16 . 2015-06-01 01:16 101376 ----a-w- c:\windows\system32\inseng.dll
2015-06-01 01:16 . 2015-06-01 01:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 143872 ----a-w- c:\windows\system32\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-06-01 01:16 . 2015-06-01 01:16 147968 ----a-w- c:\windows\system32\occache.dll
2015-06-01 01:16 . 2015-06-01 01:16 13824 ----a-w- c:\windows\system32\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-01 01:00 . 2015-06-01 01:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-05-31 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-05-31 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-05-25 18:24 . 2015-06-17 15:21 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-17 15:21 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-17 15:21 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-17 15:21 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-17 15:21 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-17 15:21 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-17 15:21 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-17 15:21 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-17 15:21 503808 ----a-w- c:\windows\system32\srcore.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-23 2895552]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe;c:\program files (x86)\iWin Games\iWinTrusted.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 pr2apc6b;Death to Spies Drivers Auto Removal (pr2apc6b);c:\windows\system32\pr2apc6b.exe svc;c:\windows\SYSNATIVE\pr2apc6b.exe svc [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 pe3apc6b;Death to Spies Environment Driver (pe3apc6b);c:\windows\system32\drivers\pe3apc6b.sys;c:\windows\SYSNATIVE\drivers\pe3apc6b.sys [x]
S0 ps7apc6b;Death to Spies Synchronization Driver (ps7apc6b);c:\windows\system32\drivers\ps7apc6b.sys;c:\windows\SYSNATIVE\drivers\ps7apc6b.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-06 18:30 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-31 11:51]
.
2015-08-07 c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
2015-08-07 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-19 1793736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-05-15 13877464]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.100.1.234 8.8.8.8
FF - ProfilePath - c:\users\Domácí\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-iWinArcade - c:\program files (x86)\iWin Games\Uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
.
**************************************************************************
.
Celkový čas: 2015-08-07 18:49:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-07 16:49
ComboFix2.txt 2015-08-07 13:59
.
Před spuštěním: Volných bajtů: 190 671 392 768
Po spuštění: Volných bajtů: 190 140 964 864
.
- - End Of File - - 3287957859FD93C2AF8D176040291042
A36C5E4F47E84449FF07ED3517B43A31
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:23, on 7.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
FIREFOX: 39.0 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
C:\Users\Domácí\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iWinTrusted - Unknown owner - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Death to Spies Drivers Auto Removal (pr2apc6b) (pr2apc6b) - Unknown owner - C:\Windows\system32\pr2apc6b.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6670 bytes
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.965 [GMT 2:00]
Spuštěný z: c:\users\Domácí\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Domácí\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Skillbrains\Updater\Updater.exe"
"c:\users\Domácí\AppData\Roaming\appdataFr25.bin"
"c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job"
"c:\windows\Tasks\update-sys.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.28.1\goopdate.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.28.1\psmachine.dll
c:\program files (x86)\Google\Update\1.3.28.1\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.28.1\psuser.dll
c:\program files (x86)\Google\Update\1.3.28.1\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.130\44.0.2403.130_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{2AE4C99F-0971-4018-AC81-2BF428E678EE}\44.0.2403.130_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{3B06BBE1-5620-429B-898B-5B8DA091342E}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{3D802C52-5CC9-4A77-B51B-F70D9870518B}\44.0.2403.107_43.0.2357.134_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{AE1EBE39-812A-4E56-8775-28D6479D5089}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{C14D0771-FD82-4A35-A5F1-AEAABE7D92C1}\43.0.2357.130_chrome_installer.exe
c:\program files (x86)\Google\Update\Install\{CC4FB0B4-5056-4DE2-9833-D9CF116D5161}\43.0.2357.132_43.0.2357.130_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{DF40ED6C-357D-43AC-8A6A-2590165D0549}\43.0.2357.134_43.0.2357.132_chrome_updater.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\AVG
c:\programdata\AVG\AWL\AvgRep.xml
c:\programdata\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\programdata\AVG\AWL\TUProgMan.10.tudb
c:\programdata\AVG\AWL\TUProgManagerCache.10.tudb
c:\programdata\AVG\AWL\TUTuningIndex.10.2.tudb
c:\programdata\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\programdata\AVG\AWL005FA12460321E3194E5A0611BB3B86F.xml
c:\programdata\AVG\AWL2015\TTUSvc.tt
c:\programdata\AVG\AWL2015\TUProgRating.10.tudb
c:\programdata\AVG\AWL2015\TUReportData.10.tudb
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-07 do 2015-08-07 )))))))))))))))))))))))))))))))
.
.
2015-08-07 16:40 . 2015-08-07 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-07 15:45 . 2015-08-07 15:45 -------- d-----w- c:\users\Domácí\AppData\Local\CrashDumps
2015-08-07 14:06 . 2015-08-07 14:07 -------- d-----r- C:\Logy_malwarebytes_nada
2015-08-07 12:41 . 2015-08-07 12:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\offreg.4836.dll
2015-08-07 12:36 . 2015-08-07 12:37 -------- d-----w- c:\program files (x86)\Skillbrains
2015-08-07 11:30 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F2ECD9C-86E0-4C04-9D00-9E7A4A5692AD}\mpengine.dll
2015-08-07 10:30 . 2015-08-07 09:53 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-07 10:30 . 2015-08-07 16:43 -------- d-----w- c:\users\Domácí\AppData\Local\Temp
2015-08-07 10:21 . 2015-08-07 10:30 -------- d-----w- C:\zoek
2015-08-06 21:29 . 2015-08-07 09:28 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-06 21:29 . 2015-08-07 09:27 -------- d-----w- c:\programdata\RogueKiller
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 14:39 . 2015-08-07 09:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-06 14:38 . 2015-08-06 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-06 14:38 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-06 14:38 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-06 14:38 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-06 14:13 . 2015-08-06 17:34 -------- d-----w- C:\AdwCleaner
2015-08-05 14:31 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Common Files\LENOVO
2015-08-05 14:30 . 2015-08-05 14:30 -------- d-----w- c:\windows\Downloaded Installations
2015-08-05 14:30 . 2015-08-05 14:31 -------- d-----w- c:\program files (x86)\Lenovo
2015-08-05 14:29 . 2015-08-06 13:08 -------- d-----w- c:\users\Domácí\AppData\Roaming\BitTorrent
2015-08-05 14:07 . 2015-08-01 23:45 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-05 14:07 . 2005-02-14 16:03 164864 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\unzip.exe
2015-08-03 14:48 . 2015-08-03 14:48 -------- d-----w- c:\program files\Codemasters
2015-08-03 13:47 . 2015-08-03 13:56 -------- d-----w- c:\program files\Richard Burns Rally
2015-07-29 17:55 . 2015-07-29 17:55 -------- d-----w- c:\program files (x86)\TopCD
2015-07-28 19:26 . 2015-08-05 17:10 -------- d-----w- c:\users\Domácí\AppData\Roaming\TS3Client
2015-07-28 19:25 . 2015-07-28 19:25 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-07-28 12:30 . 2015-07-25 18:04 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 12:30 . 2015-07-25 18:04 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 12:30 . 2015-07-25 18:03 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 12:30 . 2015-07-25 18:03 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 12:30 . 2015-07-25 18:03 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 12:30 . 2015-07-25 17:55 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 12:30 . 2015-07-25 18:07 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 12:30 . 2015-07-25 18:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-27 18:29 . 2015-07-27 18:29 -------- d-----w- c:\program files (x86)\Illusion Softworks
2015-07-27 17:59 . 2015-07-27 17:59 -------- d-----w- c:\program files (x86)\City Interactive
2015-07-27 15:40 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-27 15:40 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-27 15:40 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-27 15:40 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-27 15:40 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-27 15:40 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-27 15:40 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-27 15:40 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-27 15:40 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-26 17:39 . 2015-07-26 17:39 -------- d-----w- c:\program files (x86)\Cenega Czech
2015-07-26 17:38 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-07-26 17:38 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-07-26 17:38 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-07-26 17:38 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-07-26 17:38 . 2015-07-26 17:38 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-07-26 17:38 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-07-26 17:38 . 2015-07-26 17:38 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-07-26 17:04 . 2015-07-26 17:04 -------- d-----w- c:\programdata\Malwarebytes
2015-07-26 13:42 . 2015-07-26 13:42 -------- d-----w- c:\program files\CCleaner
2015-07-19 19:16 . 2015-07-19 19:16 -------- d-----w- c:\program files (x86)\Ubisoft
2015-07-19 19:09 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2015-07-19 19:09 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2015-07-19 19:09 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2015-07-19 19:09 . 2005-04-03 20:57 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2015-07-19 19:09 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2015-07-19 19:09 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2015-07-19 19:09 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2015-07-19 19:09 . 2015-07-19 19:09 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2015-07-19 19:08 . 2015-07-19 19:08 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\.swt
2015-07-19 12:42 . 2015-07-19 12:42 -------- d-----w- c:\users\Domácí\Incomplete
2015-07-19 12:39 . 2015-07-19 12:39 -------- d-----w- c:\users\Domácí\AppData\Roaming\AVG
2015-07-19 12:38 . 2015-07-19 12:38 -------- d-----w- c:\users\Domácí\AppData\Local\Avg
2015-07-19 12:36 . 2015-07-19 12:36 -------- d--h--w- c:\programdata\Common Files
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Local\Opera Software
2015-07-19 12:35 . 2015-07-19 12:35 -------- d-----w- c:\users\Domácí\AppData\Roaming\Opera Software
2015-07-19 12:33 . 2015-08-06 14:09 -------- d-----w- c:\program files (x86)\Opera
2015-07-19 12:32 . 2015-07-19 12:43 -------- d-----w- c:\users\Domácí\AppData\Roaming\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:41 -------- d-----w- c:\program files (x86)\ZiggyTV
2015-07-19 12:31 . 2015-07-19 12:31 -------- d-----w- c:\users\Domácí\AppData\Roaming\Temp
2015-07-19 08:54 . 2015-07-19 08:54 -------- d-----w- c:\users\Domácí\AppData\Roaming\YoudaGames
2015-07-19 08:53 . 2015-08-01 17:24 -------- d-----w- C:\Games
2015-07-18 19:12 . 2015-07-18 19:19 -------- d-----w- c:\program files (x86)\LAV Filters
2015-07-17 13:51 . 2015-07-17 13:51 -------- d-----w- c:\users\Domácí\AppData\Roaming\HeroesAndGeneralsDesktop
2015-07-17 12:07 . 2015-07-17 12:07 -------- d-----w- c:\users\Domácí\AppData\Local\Steam
2015-07-17 12:02 . 2015-07-26 17:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-07-17 12:02 . 2015-08-07 16:43 -------- d-----w- c:\program files (x86)\Steam
2015-07-17 11:19 . 2015-07-17 11:20 -------- d-----w- C:\commandos
2015-07-17 11:00 . 2015-07-17 11:00 3928 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2015-07-17 10:58 . 2015-07-17 10:58 -------- d-----w- c:\users\Domácí\AppData\Local\Downloaded Installations
2015-07-15 17:28 . 2015-07-15 17:28 -------- d-----w- c:\programdata\Riot Games
2015-07-15 17:26 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-07-15 17:26 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-07-15 17:25 . 2015-07-15 17:25 -------- d-----w- C:\Riot Games
2015-07-15 17:18 . 2015-07-15 17:26 -------- d-----w- c:\users\Domácí\AppData\Roaming\Riot Games
2015-07-15 12:46 . 2015-07-15 12:46 -------- d-----w- c:\users\Domácí\AppData\Local\UWebKit151
2015-07-15 12:46 . 2015-07-15 16:25 -------- d-----w- c:\programdata\boost_interprocess
2015-07-15 10:01 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
2015-07-15 10:01 . 2015-06-15 21:45 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-15 10:01 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-15 10:01 . 2015-06-15 21:50 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-15 10:01 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:45 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-15 10:01 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-15 10:01 . 2015-06-15 21:43 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-15 10:01 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-15 10:01 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-15 10:01 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-15 09:58 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-15 09:58 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 09:58 . 2015-06-25 08:57 3207168 ----a-w- c:\windows\system32\win32k.sys
2015-07-15 09:57 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-07-15 09:57 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-15 09:57 . 2015-06-27 02:47 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 02:43 5923840 ----a-w- c:\windows\system32\jscript9.dll
2015-07-15 09:57 . 2015-06-27 01:58 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-07-15 09:57 . 2015-06-27 01:39 4520448 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-07-15 09:48 . 2015-06-11 17:56 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-15 09:48 . 2015-06-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 09:48 . 2015-06-11 17:57 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-15 09:48 . 2015-06-11 17:57 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-15 09:48 . 2015-06-11 17:57 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-15 09:48 . 2015-06-11 17:56 62976 ----a-w- c:\windows\system32\tsgqec.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-06 21:27 . 2015-08-06 21:27 24 ----a-w- c:\users\Domácí\AppData\Roaming\appdataFr25.bin
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-08-01 23:45 . 2015-08-05 14:07 90624 ----a-w- c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
2015-07-15 11:51 . 2015-05-31 19:21 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 11:51 . 2015-05-31 19:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 06:43 . 2015-05-31 14:35 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-01 20:49 . 2015-07-15 09:47 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-01 20:30 . 2015-07-15 09:47 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-23 20:40 . 2015-06-23 20:40 1945832 ----a-w- c:\program files (x86)\wrar521cz.exe
2015-06-23 18:14 . 2015-06-23 18:16 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-23 11:30 . 2015-05-31 14:02 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-01 01:16 . 2015-06-01 01:16 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-06-01 01:16 . 2015-06-01 01:16 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-01 01:16 . 2015-06-01 01:16 247808 ----a-w- c:\windows\system32\msls31.dll
2015-06-01 01:16 . 2015-06-01 01:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-06-01 01:16 . 2015-06-01 01:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-06-01 01:16 . 2015-06-01 01:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-01 01:16 . 2015-06-01 01:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-01 01:16 . 2015-06-01 01:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-01 01:16 . 2015-06-01 01:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-01 01:16 . 2015-06-01 01:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-06-01 01:16 . 2015-06-01 01:16 81408 ----a-w- c:\windows\system32\icardie.dll
2015-06-01 01:16 . 2015-06-01 01:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-06-01 01:16 . 2015-06-01 01:16 235520 ----a-w- c:\windows\system32\url.dll
2015-06-01 01:16 . 2015-06-01 01:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-01 01:16 . 2015-06-01 01:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-06-01 01:16 . 2015-06-01 01:16 101376 ----a-w- c:\windows\system32\inseng.dll
2015-06-01 01:16 . 2015-06-01 01:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-06-01 01:16 . 2015-06-01 01:16 143872 ----a-w- c:\windows\system32\wextract.exe
2015-06-01 01:16 . 2015-06-01 01:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-06-01 01:16 . 2015-06-01 01:16 147968 ----a-w- c:\windows\system32\occache.dll
2015-06-01 01:16 . 2015-06-01 01:16 13824 ----a-w- c:\windows\system32\mshta.exe
2015-06-01 01:16 . 2015-06-01 01:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-06-01 01:16 . 2015-06-01 01:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-01 01:00 . 2015-06-01 01:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-01 01:00 . 2015-06-01 01:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-01 01:00 . 2015-06-01 01:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-01 01:00 . 2015-06-01 01:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-01 01:00 . 2015-06-01 01:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-01 01:00 . 2015-06-01 01:00 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-06-01 01:00 . 2015-06-01 01:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-01 01:00 . 2015-06-01 01:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-01 01:00 . 2015-06-01 01:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-06-01 01:00 . 2015-06-01 01:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-01 01:00 . 2015-06-01 01:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-05-31 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-05-31 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-05-25 18:24 . 2015-06-17 15:21 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-17 15:21 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-17 15:21 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-17 15:21 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-17 15:21 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-17 15:21 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-17 15:21 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-17 15:21 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-17 15:21 503808 ----a-w- c:\windows\system32\srcore.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-23 2895552]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe;c:\program files (x86)\iWin Games\iWinTrusted.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 pr2apc6b;Death to Spies Drivers Auto Removal (pr2apc6b);c:\windows\system32\pr2apc6b.exe svc;c:\windows\SYSNATIVE\pr2apc6b.exe svc [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 pe3apc6b;Death to Spies Environment Driver (pe3apc6b);c:\windows\system32\drivers\pe3apc6b.sys;c:\windows\SYSNATIVE\drivers\pe3apc6b.sys [x]
S0 ps7apc6b;Death to Spies Synchronization Driver (ps7apc6b);c:\windows\system32\drivers\ps7apc6b.sys;c:\windows\SYSNATIVE\drivers\ps7apc6b.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-06 18:30 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-31 11:51]
.
2015-08-07 c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
2015-08-07 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-08-07 11:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-19 1793736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-05-15 13877464]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.100.1.234 8.8.8.8
FF - ProfilePath - c:\users\Domácí\AppData\Roaming\Mozilla\Firefox\Profiles\5cas14th.default-1437122688180\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-iWinArcade - c:\program files (x86)\iWin Games\Uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
.
**************************************************************************
.
Celkový čas: 2015-08-07 18:49:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-07 16:49
ComboFix2.txt 2015-08-07 13:59
.
Před spuštěním: Volných bajtů: 190 671 392 768
Po spuštění: Volných bajtů: 190 140 964 864
.
- - End Of File - - 3287957859FD93C2AF8D176040291042
A36C5E4F47E84449FF07ED3517B43A31
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:23, on 7.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
FIREFOX: 39.0 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
C:\Users\Domácí\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iWinTrusted - Unknown owner - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Death to Spies Drivers Auto Removal (pr2apc6b) (pr2apc6b) - Unknown owner - C:\Windows\system32\pr2apc6b.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6670 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - na ploše stále vyskakuje systémové okno cmd.exe
Zkus manuálně smazat tyto soubory :
c:\users\Domácí\AppData\Roaming\appdataFr25.bin
c:\users\Domácí\AppData\Roaming\appdataFr25.bin
c:\users\Domácí\AppData\Roaming\appdataFr25.bin
c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job
c:\program files (x86)\Skillbrains\Updater\Updater.exe
c:\windows\Tasks\update-sys.job
Co ten soubor na virustotal?
c:\users\Domácí\AppData\Roaming\appdataFr25.bin
c:\users\Domácí\AppData\Roaming\appdataFr25.bin
c:\users\Domácí\AppData\Roaming\appdataFr25.bin
c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
c:\users\Domácí\AppData\Roaming\Microsoft\Internet\ntchk32.exe
c:\windows\Tasks\update-S-1-5-21-1276532422-556126321-1161722947-1001.job
c:\program files (x86)\Skillbrains\Updater\Updater.exe
c:\windows\Tasks\update-sys.job
Co ten soubor na virustotal?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 67 hostů