Prosim o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Vozik_
Level 1
Level 1
Příspěvky: 87
Registrován: srpen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Vozik_ » 21 srp 2015 23:12

A je to bezpečné..?

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 21 srp 2015 23:39

Bezpečné není dneska nic :D A stát se může všechno..

Combofix dělá zálohu , bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Vozik_
Level 1
Level 1
Příspěvky: 87
Registrován: srpen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Vozik_ » 22 srp 2015 12:43

ComboFix 15-08-20.01 - Václav 22.08.2015 12:32:35.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8174.6374 [GMT 2:00]
Spuštěný z: c:\users\Vßclav\Desktop\ComboFix.exe
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9269443805268577299UL
c:\programdata\9269443805268577299UL\07680ca2730990b366d03d26248b7721.ini
c:\programdata\9269443805268577299UL\0efc2c41e5cf7bcf66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\22d744506cad0c4c66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\2544e9905b19ed4866d03d26248b7721.ini
c:\programdata\9269443805268577299UL\28d0b1947fe8079166d03d26248b7721.ini
c:\programdata\9269443805268577299UL\2a8682a04d486def66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\3f0327b152e6b71266d03d26248b7721.ini
c:\programdata\9269443805268577299UL\4dc887bcc29b26c666d03d26248b7721.ini
c:\programdata\9269443805268577299UL\4ff6e7b3db4d05d466d03d26248b7721.ini
c:\programdata\9269443805268577299UL\50e10d8e3eb61d7166d03d26248b7721.ini
c:\programdata\9269443805268577299UL\638b22b38fe15e8c66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\79149b23a8da931e66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\7d3a17969ee8d54e66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\844ec49e407831a966d03d26248b7721.ini
c:\programdata\9269443805268577299UL\906b6fb1d09c124b66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\af302d532a5eb6b866d03d26248b7721.ini
c:\programdata\9269443805268577299UL\af7d149721897c8a66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\b51221b9bb463c1566d03d26248b7721.ini
c:\programdata\9269443805268577299UL\bb3b03074f60650f66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\bddd23884695b1ac66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\beca2007fdd0d58a66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\c007a25cf45c474966d03d26248b7721.ini
c:\programdata\9269443805268577299UL\c41b13d3505b7f3b66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\c9cd1ae9d4a3d15e66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\cc7b4f190afc6fac66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\d20502567d1fd40866d03d26248b7721.ini
c:\programdata\9269443805268577299UL\d43a473d94acb0b666d03d26248b7721.ini
c:\programdata\9269443805268577299UL\dc276ae9d91ac2fb66d03d26248b7721.ini
c:\programdata\9269443805268577299UL\ed5ddf5a88f3a96066d03d26248b7721.ini
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-22 do 2015-08-22 )))))))))))))))))))))))))))))))
.
.
2015-08-22 10:40 . 2015-08-22 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-21 18:50 . 2015-08-21 18:33 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-21 18:50 . 2015-08-22 10:40 -------- d-----w- c:\users\Václav\AppData\Local\Temp
2015-08-21 18:50 . 2015-08-21 18:50 -------- d-----w- c:\users\Vßclav
2015-08-21 18:33 . 2015-08-21 18:47 -------- d-----w- C:\zoek_backup
2015-08-21 12:14 . 2015-08-22 07:21 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-21 12:13 . 2015-08-21 12:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-21 12:13 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-21 12:13 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-21 12:13 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-21 11:13 . 2015-08-21 18:08 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-21 11:13 . 2015-08-21 11:24 -------- d-----w- c:\programdata\RogueKiller
2015-08-17 11:18 . 2015-08-17 11:18 -------- d-----w- c:\program files\CCleaner
2015-08-13 08:53 . 2015-08-13 09:04 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-13 08:53 . 2015-08-13 09:04 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-12 17:57 . 2015-08-13 19:22 -------- d-----w- c:\program files (x86)\Google
2015-08-11 23:57 . 2015-08-12 08:57 19284168 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-08-03 11:40 . 2015-08-03 11:40 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 13:20 . 2014-03-01 14:57 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-08-13 13:20 . 2014-03-01 14:37 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-08-13 13:16 . 2014-03-01 14:37 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-06-10 08:20 . 2014-03-03 21:08 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-01 19:16 . 2015-06-10 08:21 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-10 08:21 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-10 07:52 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-10 07:52 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:23 . 2015-06-10 07:52 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:21 . 2015-06-10 07:52 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 07:52 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 07:52 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 07:52 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 07:52 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 07:52 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-10 07:52 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 07:52 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-10 07:52 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-10 07:52 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 07:52 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 07:52 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 07:52 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-10 07:52 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-10 07:52 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-10 07:52 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-10 07:52 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 07:52 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-10 07:52 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 07:52 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 07:52 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 07:52 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-10 07:52 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 07:52 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 07:52 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 07:52 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 07:52 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 07:52 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 07:52 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-10 07:52 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 07:52 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 07:52 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-10 07:52 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-10 07:52 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-10 07:52 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-10 07:52 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 07:52 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-10 07:52 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 07:52 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 07:52 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 07:52 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-10 07:52 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-10 07:52 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 07:52 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 07:52 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 07:52 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 07:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-10 07:52 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-10 07:52 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 07:52 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-10 07:52 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-10 07:52 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-10 07:52 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 07:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 07:52 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 07:52 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 07:52 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 07:52 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 07:52 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 07:52 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\users\Václav\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Václav\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2015-08-19 3098424]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-07-17 8418584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-08-30 676608]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"mswficwSrv"="c:\windows\system32\mswficw.vbe" [2014-07-06 649]
"MSStp"="c:\windows\system32\msstp.vbe" [2014-01-19 1419]
"Bonus.SSR.FR12"="c:\program files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" [2014-07-14 1517088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\qttask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"YTDownloader"="c:\program files (x86)\YTDownloader\YTDownloader.exe" /boot
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 CMUAC;Headset6400x1 Device Driver;c:\windows\system32\DRIVERS\Headset6400x1.SYS;c:\windows\SYSNATIVE\DRIVERS\Headset6400x1.SYS [x]
R3 cpuz134;cpuz134;c:\users\VCLAV~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\VCLAV~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-14 17:24 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-22 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13 09:04]
.
2015-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01 09:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,16,41,5a,f9,a4,94,61,86,f9,17,3b,2d,a9,95,f5,44,3a,e8,55,70,
69,8f,02,48,d1,be,73,1f,bf,ae,a6,5d,e1,f6,ac,7f,8c,0c,08,a0,b2,b8,cd,59,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-22 12:42:22
ComboFix-quarantined-files.txt 2015-08-22 10:42
.
Před spuštěním: Volných bajtů: 184 319 705 088
Po spuštění: Volných bajtů: 183 935 623 168
.
- - End Of File - - 3D4AB83792AF9538E23849B173F86173
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Orcus » 22 srp 2015 12:53

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal:
c:\windows\system32\drivers\rzpnk.sys
c:\windows\system32\drivers\rzpmgrk.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Odinstaluj:
McAfee Security Scan
AVG PC TuneUp

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::

KillAll::

Collect::
c:\windows\system32\mswficw.vbe
c:\windows\system32\msstp.vbe

File::
c:\windows\system32\mswficw.vbe
c:\windows\system32\msstp.vbe
c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
c:\windows\Tasks\Adobe Flash Player Updater.job

Folder::
c:\program files\McAfee Security Scan
c:\program files (x86)\Skype\Updater


Driver::
SkypeUpdate

RegLock::
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,16,41,5a,f9,a4,94,61,86,f9,17,3b,2d,a9,95,f5,44,3a,e8,55,70,
69,8f,02,48,d1,be,73,1f,bf,ae,a6,5d,e1,f6,ac,7f,8c,0c,08,a0,b2,b8,cd,59,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


Obrázek

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

====================================================

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

Vozik_
Level 1
Level 1
Příspěvky: 87
Registrován: srpen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Vozik_ » 22 srp 2015 14:10

ComboFix 15-08-20.01 - Václav 22.08.2015 14:02:00.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8174.6357 [GMT 2:00]
Spuštěný z: c:\users\Vßclav\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vßclav\Desktop\CFScript.txt
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-22 do 2015-08-22 )))))))))))))))))))))))))))))))
.
.
2015-08-22 12:08 . 2015-08-22 12:08 -------- d-----w- c:\users\V clav\AppData\Local\temp
2015-08-22 12:08 . 2015-08-22 12:08 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-08-22 12:08 . 2015-08-22 12:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-08-22 12:08 . 2015-08-22 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-22 12:08 . 2015-08-22 12:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-21 18:50 . 2015-08-21 18:33 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-21 18:50 . 2015-08-22 12:08 -------- d-----w- c:\users\Václav\AppData\Local\Temp
2015-08-21 18:50 . 2015-08-21 18:50 -------- d-----w- c:\users\Vßclav
2015-08-21 18:33 . 2015-08-21 18:47 -------- d-----w- C:\zoek_backup
2015-08-21 11:13 . 2015-08-21 18:08 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-21 11:13 . 2015-08-21 11:24 -------- d-----w- c:\programdata\RogueKiller
2015-08-17 11:18 . 2015-08-17 11:18 -------- d-----w- c:\program files\CCleaner
2015-08-13 08:53 . 2015-08-13 09:04 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-13 08:53 . 2015-08-13 09:04 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-12 17:57 . 2015-08-13 19:22 -------- d-----w- c:\program files (x86)\Google
2015-08-11 23:57 . 2015-08-12 08:57 19284168 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 13:20 . 2014-03-01 14:57 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-08-13 13:20 . 2014-03-01 14:37 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-08-13 13:16 . 2014-03-01 14:37 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-06-10 08:20 . 2014-03-03 21:08 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-01 19:16 . 2015-06-10 08:21 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-10 08:21 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-10 07:52 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-10 07:52 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:23 . 2015-06-10 07:52 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:21 . 2015-06-10 07:52 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 07:52 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 07:52 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 07:52 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 07:52 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 07:52 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-10 07:52 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 07:52 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-10 07:52 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-10 07:52 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 07:52 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 07:52 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 07:52 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-10 07:52 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-10 07:52 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-10 07:52 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-10 07:52 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 07:52 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-10 07:52 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 07:52 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 07:52 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 07:52 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-10 07:52 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 07:52 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 07:52 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 07:52 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 07:52 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 07:52 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 07:52 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-10 07:52 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 07:52 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 07:52 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-10 07:52 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-10 07:52 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-10 07:52 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-10 07:52 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 07:52 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-10 07:52 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 07:52 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 07:52 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 07:52 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-10 07:52 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-10 07:52 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 07:52 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 07:52 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 07:52 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 07:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-10 07:52 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-10 07:52 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 07:52 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-10 07:52 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-10 07:52 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-10 07:52 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 07:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 07:52 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 07:52 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 07:52 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 07:52 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 07:52 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 07:52 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\users\Václav\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Václav\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2015-08-19 3098424]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-07-17 8418584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-08-30 676608]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"mswficwSrv"="c:\windows\system32\mswficw.vbe" [2014-07-06 649]
"MSStp"="c:\windows\system32\msstp.vbe" [2014-01-19 1419]
"Bonus.SSR.FR12"="c:\program files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" [2014-07-14 1517088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\qttask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"YTDownloader"="c:\program files (x86)\YTDownloader\YTDownloader.exe" /boot
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 CMUAC;Headset6400x1 Device Driver;c:\windows\system32\DRIVERS\Headset6400x1.SYS;c:\windows\SYSNATIVE\DRIVERS\Headset6400x1.SYS [x]
R3 cpuz134;cpuz134;c:\users\VCLAV~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\VCLAV~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-14 17:24 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-22 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13 09:04]
.
2015-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01 09:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,16,41,5a,f9,a4,94,61,86,f9,17,3b,2d,a9,95,f5,44,3a,e8,55,70,
69,8f,02,48,d1,be,73,1f,bf,ae,a6,5d,e1,f6,ac,7f,8c,0c,08,a0,b2,b8,cd,59,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-22 14:10:07
ComboFix-quarantined-files.txt 2015-08-22 12:10
ComboFix2.txt 2015-08-22 10:42
.
Před spuštěním: Volných bajtů: 184 097 177 600
Po spuštění: Volných bajtů: 183 769 907 200
.
- - End Of File - - 39B6024E441899BF4592D56F5B3AF803
A36C5E4F47E84449FF07ED3517B43A31

Vozik_
Level 1
Level 1
Příspěvky: 87
Registrován: srpen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Vozik_ » 22 srp 2015 14:20

A tohle c:\windows\system32\drivers\rzpnk.sys
c:\windows\system32\drivers\rzpmgrk.sys mi prostě ta stránka nenajde...

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-08-22 14:16:55
-----------------------------
14:16:55.376 OS Version: Windows x64 6.1.7601 Service Pack 1
14:16:55.376 Number of processors: 6 586 0x200
14:16:55.376 ComputerName: PC UserName:
14:16:56.078 Initialize success
14:16:56.125 VM: initialized successfully
14:16:56.125 VM: Amd CPU BiosDisabled
14:17:01.268 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:17:01.283 Disk 0 Vendor: WDC_WD10EZEX-00BN5A0 01.01A01 Size: 953869MB BusType: 3
14:17:01.283 Disk 0 MBR read successfully
14:17:01.299 Disk 0 MBR scan
14:17:01.299 Disk 0 Windows 7 default MBR code
14:17:01.299 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:17:01.299 Disk 0 Boot: NTFS code=2
14:17:01.315 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 453768 MB offset 206848
14:17:01.330 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 499999 MB offset 929523712
14:17:01.346 Disk 0 scanning C:\Windows\system32\drivers
14:17:05.636 Service scanning
14:17:15.324 Modules scanning
14:17:15.324 Disk 0 trace - called modules:
14:17:15.339 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069b42c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:17:15.339 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bba790]
14:17:15.339 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8006ad5920]
14:17:15.355 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80078b2060]
14:17:15.355 \Driver\atapi[0xfffffa8006ad4cb0] -> IRP_MJ_CREATE -> 0xfffffa80069b42c0
14:17:15.355 Disk 0 statistics 88768/0/0 @ 11,30 MB/s
14:17:15.355 Scan finished successfully
14:18:05.337 Disk 0 MBR has been saved successfully to "C:\Users\Václav\Desktop\MBR.dat"
14:18:05.353 The log file has been saved successfully to "C:\Users\Václav\Desktop\aswMBR.txt"

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 22 srp 2015 23:46

Soubory patří k Razeru.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\system32\mswficw.vbe
c:\windows\system32\msstp.vbe

Folder::
c:\program files (x86)\Skype\Updater

Driver::
SkypeUpdate
cpuz134

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mswficwSrv"=-
"MSStp"=-

RegLock::
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,16,41,5a,f9,a4,94,61,86,f9,17,3b,2d,a9,95,f5,44,3a,e8,55,70,
 69,8f,02,48,d1,be,73,1f,bf,ae,a6,5d,e1,f6,ac,7f,8c,0c,08,a0,b2,b8,cd,59,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Vozik_
Level 1
Level 1
Příspěvky: 87
Registrován: srpen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Vozik_ » 23 srp 2015 11:35

ComboFix 15-08-20.01 - Václav 23.08.2015 11:23:07.3.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8174.6586 [GMT 2:00]
Spuštěný z: c:\users\Vßclav\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vßclav\Desktop\CFScript.txt
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-23 do 2015-08-23 )))))))))))))))))))))))))))))))
.
.
2015-08-23 09:32 . 2015-08-23 09:32 -------- d-----w- c:\users\V clav\AppData\Local\temp
2015-08-23 09:32 . 2015-08-23 09:32 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-08-23 09:32 . 2015-08-23 09:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-08-23 09:32 . 2015-08-23 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-23 09:32 . 2015-08-23 09:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-21 18:50 . 2015-08-21 18:33 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-21 18:50 . 2015-08-23 09:32 -------- d-----w- c:\users\Václav\AppData\Local\Temp
2015-08-21 18:50 . 2015-08-21 18:50 -------- d-----w- c:\users\Vßclav
2015-08-21 18:33 . 2015-08-21 18:47 -------- d-----w- C:\zoek_backup
2015-08-21 11:13 . 2015-08-21 18:08 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-21 11:13 . 2015-08-21 11:24 -------- d-----w- c:\programdata\RogueKiller
2015-08-17 11:18 . 2015-08-17 11:18 -------- d-----w- c:\program files\CCleaner
2015-08-13 08:53 . 2015-08-13 09:04 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-13 08:53 . 2015-08-13 09:04 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-12 17:57 . 2015-08-13 19:22 -------- d-----w- c:\program files (x86)\Google
2015-08-11 23:57 . 2015-08-12 08:57 19284168 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 13:20 . 2014-03-01 14:57 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-08-13 13:20 . 2014-03-01 14:37 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-08-13 13:16 . 2014-03-01 14:37 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-06-10 08:20 . 2014-03-03 21:08 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-01 19:16 . 2015-06-10 08:21 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-10 08:21 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-10 07:52 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-10 07:52 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:23 . 2015-06-10 07:52 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:21 . 2015-06-10 07:52 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 07:52 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 07:52 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 07:52 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 07:52 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 07:52 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-10 07:52 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 07:52 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-10 07:52 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-10 07:52 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 07:52 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 07:52 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 07:52 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-10 07:52 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-10 07:52 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-10 07:52 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-10 07:52 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 07:52 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-10 07:52 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 07:52 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 07:52 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 07:52 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-10 07:52 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 07:52 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 07:52 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 07:52 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 07:52 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 07:52 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 07:52 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-10 07:52 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 07:52 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 07:52 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-10 07:52 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-10 07:52 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-10 07:52 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-10 07:52 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 07:52 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-10 07:52 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 07:52 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 07:52 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 07:52 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-10 07:52 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-10 07:52 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 07:52 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 07:52 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 07:52 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 07:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-10 07:52 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-10 07:52 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 07:52 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-10 07:52 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-10 07:52 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-10 07:52 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 07:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 07:52 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 07:52 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 07:52 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 07:52 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 07:52 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 07:52 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\users\Václav\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Václav\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2015-08-19 3098424]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-07-17 8418584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-08-30 676608]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"mswficwSrv"="c:\windows\system32\mswficw.vbe" [2014-07-06 649]
"MSStp"="c:\windows\system32\msstp.vbe" [2014-01-19 1419]
"Bonus.SSR.FR12"="c:\program files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" [2014-07-14 1517088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\qttask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"YTDownloader"="c:\program files (x86)\YTDownloader\YTDownloader.exe" /boot
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 CMUAC;Headset6400x1 Device Driver;c:\windows\system32\DRIVERS\Headset6400x1.SYS;c:\windows\SYSNATIVE\DRIVERS\Headset6400x1.SYS [x]
R3 cpuz134;cpuz134;c:\users\VCLAV~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\VCLAV~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-14 17:24 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-22 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13 09:04]
.
2015-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01 09:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,16,41,5a,f9,a4,94,61,86,f9,17,3b,2d,a9,95,f5,44,3a,e8,55,70,
69,8f,02,48,d1,be,73,1f,bf,ae,a6,5d,e1,f6,ac,7f,8c,0c,08,a0,b2,b8,cd,59,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-23 11:34:24
ComboFix-quarantined-files.txt 2015-08-23 09:34
ComboFix2.txt 2015-08-22 12:10
ComboFix3.txt 2015-08-22 10:42
.
Před spuštěním: Volných bajtů: 183 578 689 536
Po spuštění: Volných bajtů: 183 114 616 832
.
- - End Of File - - 211D8104FA34A0197E5FDAE648AC709D
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 23 srp 2015 16:30

Asi to nekopíruješ celé , je tam vpravo u scriptu posuvník , zkus to znovu a celé v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Vozik_
Level 1
Level 1
Příspěvky: 87
Registrován: srpen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Vozik_ » 23 srp 2015 17:50

ComboFix 15-08-20.01 - Václav 23.08.2015 17:37:16.4.6 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8174.7036 [GMT 2:00]
Spuštěný z: c:\users\Vßclav\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vßclav\Desktop\CFScript.txt
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-23 do 2015-08-23 )))))))))))))))))))))))))))))))
.
.
2015-08-23 15:45 . 2015-08-23 15:45 -------- d-----w- c:\users\V clav\AppData\Local\temp
2015-08-23 15:45 . 2015-08-23 15:45 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-08-23 15:45 . 2015-08-23 15:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-08-23 15:45 . 2015-08-23 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-23 15:45 . 2015-08-23 15:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-21 18:50 . 2015-08-21 18:33 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-21 18:50 . 2015-08-23 15:45 -------- d-----w- c:\users\Václav\AppData\Local\Temp
2015-08-21 18:50 . 2015-08-21 18:50 -------- d-----w- c:\users\Vßclav
2015-08-21 18:33 . 2015-08-21 18:47 -------- d-----w- C:\zoek_backup
2015-08-21 11:13 . 2015-08-21 18:08 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-21 11:13 . 2015-08-21 11:24 -------- d-----w- c:\programdata\RogueKiller
2015-08-17 11:18 . 2015-08-17 11:18 -------- d-----w- c:\program files\CCleaner
2015-08-13 08:53 . 2015-08-13 09:04 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-13 08:53 . 2015-08-13 09:04 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-12 17:57 . 2015-08-13 19:22 -------- d-----w- c:\program files (x86)\Google
2015-08-11 23:57 . 2015-08-12 08:57 19284168 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 13:20 . 2014-03-01 14:57 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-08-13 13:20 . 2014-03-01 14:37 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-08-13 13:16 . 2014-03-01 14:37 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-06-10 08:20 . 2014-03-03 21:08 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-01 19:16 . 2015-06-10 08:21 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-10 08:21 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-10 07:52 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-10 07:52 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:23 . 2015-06-10 07:52 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:21 . 2015-06-10 07:52 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 07:52 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 07:52 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 07:52 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 07:52 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 07:52 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-10 07:52 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 07:52 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-10 07:52 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-10 07:52 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 07:52 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 07:52 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 07:52 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-10 07:52 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-10 07:52 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-10 07:52 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-10 07:52 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 07:52 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-10 07:52 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 07:52 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-10 07:52 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 07:52 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 07:52 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-10 07:52 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 07:52 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 07:52 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 07:52 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 07:52 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 07:52 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 07:52 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-10 07:52 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 07:52 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 07:52 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-10 07:52 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-10 07:52 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-10 07:52 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-10 07:52 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 07:52 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:52 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-10 07:52 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 07:52 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 07:52 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 07:52 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-10 07:52 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-10 07:52 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 07:52 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 07:52 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 07:52 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 07:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-10 07:52 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-10 07:52 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 07:52 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-10 07:52 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-10 07:52 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-10 07:52 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 07:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 07:52 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 07:52 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 07:52 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 07:52 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 07:52 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 07:52 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 08:44 222920 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\users\Václav\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Václav\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2015-08-19 3098424]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-07-17 8418584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-08-30 676608]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"mswficwSrv"="c:\windows\system32\mswficw.vbe" [2014-07-06 649]
"MSStp"="c:\windows\system32\msstp.vbe" [2014-01-19 1419]
"Bonus.SSR.FR12"="c:\program files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" [2014-07-14 1517088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\qttask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"YTDownloader"="c:\program files (x86)\YTDownloader\YTDownloader.exe" /boot
.
R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
R2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
R2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 CMUAC;Headset6400x1 Device Driver;c:\windows\system32\DRIVERS\Headset6400x1.SYS;c:\windows\SYSNATIVE\DRIVERS\Headset6400x1.SYS [x]
R3 cpuz134;cpuz134;c:\users\VCLAV~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\VCLAV~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-14 17:24 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-22 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13 09:04]
.
2015-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01 09:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 08:44 261832 ----a-w- c:\users\Václav\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,16,41,5a,f9,a4,94,61,86,f9,17,3b,2d,a9,95,f5,44,3a,e8,55,70,
69,8f,02,48,d1,be,73,1f,bf,ae,a6,5d,e1,f6,ac,7f,8c,0c,08,a0,b2,b8,cd,59,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-23 17:47:29
ComboFix-quarantined-files.txt 2015-08-23 15:47
ComboFix2.txt 2015-08-23 09:34
ComboFix3.txt 2015-08-22 12:10
ComboFix4.txt 2015-08-22 10:42
.
Před spuštěním: Volných bajtů: 182 969 843 712
Po spuštění: Volných bajtů: 182 772 436 992
.
- - End Of File - - C1893CBCF33F57C3C9BC27F7604EB7B0
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 23 srp 2015 22:10

nějak se to nedaří..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mswficwSrv"=-
"MSStp"=-

:Files
c:\windows\system32\mswficw.vbe
c:\windows\system32\msstp.vbe
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
C:\_OTMoveIt\MovedFiles\********_******.log
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Vozik_
Level 1
Level 1
Příspěvky: 87
Registrován: srpen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Vozik_ » 23 srp 2015 23:33

Mám problém, že se mi uninstall na combofix neukazuje...


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 112 hostů