Prosím o kontrolu logu

SamerLP · Příspěvekod **SamerLP** » 04 bře 2016 20:51

Zdravím, rád by som poprosil o kontrolu logu, jedná sa o problém s tým, že som dnes stiahol jeden program ktorý sa volá SimpleDownloads a stiahol som ho kvôli tomu, že som cez tento program stahoval jeden súbor kde písali že cez toto to stiahnem, súbor ktorý som chcel stiahnuť cez tento program som stiahol v poriadku, ale už aj po inštalácii a doteraz mi môj antivirus stále píše nejaké veci ktorým nerozumiem a taktiež aj súbory čo sú v karanténe píše sa o niečo o trojských konoch či viroch. Tu prikladám teda HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:50:54, on 4. 3. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)

FIREFOX: 44.0.2 (x86 sk)
Boot mode: Normal

Running processes:
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Samerko\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://un-stop.com/wpad.dat?61eb67565c1 ... 9697097475
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: PDF Architect 4 Helper - {38279E1A-7019-40C1-B579-E99DFB3312E8} - C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O3 - Toolbar: PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - Startup: Monitor Ink Alerts - HP Deskjet 1510 series.lnk = ?
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
O4 - Global Startup: Newgen.lnk = C:\Program Files (x86)\Win8.1 SkinPack\Newgen\Newgen.exe
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PDF Architect 4 - pdfforge GmbH - C:\Program Files\PDF Architect 4\ws.exe
O23 - Service: PDF Architect 4 CrashHandler - pdfforge GmbH - C:\Program Files\PDF Architect 4\crash-handler-ws.exe
O23 - Service: PDF Architect 4 Creator - pdfforge GmbH - C:\Program Files\PDF Architect 4\creator-ws.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftEther VPN Client (SEVPNCLIENT) - SoftEther VPN Project at University of Tsukuba, Japan. - C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13886 bytes

Reklama

Příspěvekod **jerabina** » 04 bře 2016 21:08

Odinstaluj vše od McAfee

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

SamerLP · Příspěvekod **SamerLP** » 05 bře 2016 15:01

Od McAfee som odinštaloval.

AdwCleaner:

# AdwCleaner v5.037 - Logfile created 04/03/2016 at 21:55:34
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Samerko - SAMERKO-PC
# Running from : C:\Users\Samerko\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\LuckyBrowse
Folder Found : C:\Program Files (x86)\SimpleFiles
Folder Found : C:\ProgramData\LuckyBrowse
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
Folder Found : C:\Users\Samerko\AppData\Roaming\SimpleFiles
Folder Found : C:\Windows\SysNative\Tasks\LuckyBrowse

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Public\Desktop\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser\Maxthon Cloud Browser.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry\The Sims 4\The Sims 4.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\Users\Samerko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\Users\Samerko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\Users\Samerko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\Users\Samerko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\Users\Samerko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Maxthon Cloud Browser.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\Users\Samerko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )
Shortcut Infected : C:\Users\Samerko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Maxthon Cloud Browser.lnk ( "hxxp://esurf.biz/?ssid=1457089747&a=1024132&src=sh&uuid=d2a8925e-ff9e-4b5f-9bdd-a83c4ba9fab8" )

***** [ Scheduled tasks ] *****

Task Found : LuckyBrowse

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\SimpleFiles
Key Found : HKLM\SOFTWARE\LuckyBrowse
Key Found : HKLM\SOFTWARE\SimpleFiles
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{824C9FDA-4615-462F-80F5-EAE0074303B0}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D768D6FB-D889-4594-BC03-84169DB2570E}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0833D652-49A9-4E65-BA1D-8767587CEEC7}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A7108BB3-9E59-4ED0-9158-D6788FC4D7A1}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6C7BDB8A-7B50-490F-9FF8-3F13F94651B6}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7204F593-8DAB-4EBE-B61B-2EBCE425656E}]

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [4945 bytes] - [04/03/2016 21:55:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5018 bytes] ##########

Malwarebytes' Anti-Malware (dlho trvalo ale našiel toho celkom dosť):

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 5. 3. 2016
Čas skenování: 13:32
Protokol:
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.05.03
Databáze rootkitů: v2016.02.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Samerko

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 487059
Uplynulý čas: 1 hod, 25 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 8
PUP.Optional.LuckyBrowse, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DA91CEB6-3789-4D08-8986-558C00FD9625}, , [12151b69fe9b65d1f1f4d33625de7d83],
PUP.Optional.LuckyBrowse, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LuckyBrowse, , [c5623d47a4f5b1851d653629d52f06fa],
PUP.Optional.LuckyBrowse.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\LuckyBrowse, , [998e73113a5f39fdf0e8977db54eb050],
PUP.Optional.SimpleFiles, HKLM\SOFTWARE\WOW6432NODE\SIMPLEFILES, , [a97e6f151188d660e19af7736a9af907],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\SOFTWARE\Conduit, , [72b5a1e304955ed8a383bfbc19eb10f0],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT2612669, , [a87f5e26c0d9fe384fdd766b36cd1ce4],
PUP.Optional.WinZipRegOp, HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\SOFTWARE\NICO MAK COMPUTING\WinZip Registry Optimizer, , [52d5a9dbd9c0270f2ea94e1a2cd809f7],
PUP.Optional.SimpleFiles, HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\SOFTWARE\SIMPLEFILES, , [6dbac7bde4b5092d58229bcfba4a16ea],

Hodnoty registru: 11
PUP.Optional.LuckyBrowse, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DA91CEB6-3789-4D08-8986-558C00FD9625}|Path, \LuckyBrowse, , [12151b69fe9b65d1f1f4d33625de7d83]
PUP.Optional.SimpleFiles, HKLM\SOFTWARE\WOW6432NODE\SIMPLEFILES|PARTNER_ID, 3, , [a97e6f151188d660e19af7736a9af907]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://un-stop.com/wpad.dat?61eb67565c17a41a790ccbe50b6919697097475, , [7ea90480d2c73204041d4c2f986c20e0]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{824C9FDA-4615-462F-80F5-EAE0074303B0}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|, , [cd5a6f15d2c77db978c5b3c39c68f10f]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{D768D6FB-D889-4594-BC03-84169DB2570E}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|, , [7ea9cfb50a8f93a3b18c205648bc8080]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{0833D652-49A9-4E65-BA1D-8767587CEEC7}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\SimpleDownloads.exe|Name=SimpleDownloads|, , [e44304801287b6802a243d399b69f10f]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{A7108BB3-9E59-4ED0-9158-D6788FC4D7A1}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\SimpleDownloads.exe|Name=SimpleDownloads|, , [0027dba99108979f80cea3d3be46ec14]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{6C7BDB8A-7B50-490F-9FF8-3F13F94651B6}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\downloader.exe|Name=SimpleDownloads|, , [63c4c2c2148577bf84cad79f6b99da26]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{7204F593-8DAB-4EBE-B61B-2EBCE425656E}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\downloader.exe|Name=SimpleDownloads|, , [34f35430efaad85e1f2f83f3b1537c84]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://un-stop.com/wpad.dat?61eb67565c1 ... 9697097475, , [0d1a93f10d8c999d8b93da2fcf3449b7]
PUP.Optional.SimpleFiles, HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\SOFTWARE\SIMPLEFILES|is_firstrun, no, , [6dbac7bde4b5092d58229bcfba4a16ea]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 8
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.LuckyBrowse.ShrtCln, C:\ProgramData\LuckyBrowse, , [30f7196b5e3bbe78dd94ae52bf44e41c],
PUP.Optional.LuckyBrowse.ShrtCln, C:\Program Files (x86)\LuckyBrowse, , [6abd5b29e2b7ac8a3a38e61aaf543bc5],
PUP.Optional.LuckyBrowse.ShrtCln, C:\Program Files (x86)\LuckyBrowse\app, , [6abd5b29e2b7ac8a3a38e61aaf543bc5],
PUP.Optional.LuckyBrowse.ShrtCln, C:\Program Files (x86)\LuckyBrowse\misc, , [6abd5b29e2b7ac8a3a38e61aaf543bc5],
PUP.Optional.LuckyBrowse.ShrtCln, C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse, , [55d2d8ac2f6a1521d21847bbe3203cc4],
PUP.Optional.SimpleFiles, C:\Users\Samerko\AppData\Roaming\SimpleFiles, , [ec3b85fffc9d082e07018b7b956eae52],

Soubory: 21
PUP.Optional.SimpleFiles, C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$RRE02BX\downloader.exe, , [fd2a40446a2fef473532f330a560f709],
PUP.Optional.SimpleFiles, C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$RRE02BX\SimpleDownloads.exe, , [998e0d773762d66091d68c97d82d43bd],
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, , [4cdb9de71c7dfe3857b8ca64db274bb5],
CrackTool.Agent.Keygen, C:\Windows\AutoKMS.exe, , [7daa04804e4b55e14f2c50591ce5936d],
PUP.Optional.LuckyBrowse, C:\Windows\System32\Tasks\LuckyBrowse, , [2106ec980d8c8da99fe185daf60e09f7],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\ExcludeList.rcp, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\log_10-24-2013.log, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\log_10-25-2013.log, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\log_10-30-2013.log, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\log_10-31-2013.log, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\log_11-01-2013.log, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\log_11-02-2013.log, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\rcpupdate.ini, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\results.rcp, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.WinZipRegOp, C:\Users\Samerko\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\TempHLList.rcp, , [988fc4c049502b0b37a403fb41c1de22],
PUP.Optional.LuckyBrowse.ShrtCln, C:\ProgramData\LuckyBrowse\install.dat, , [30f7196b5e3bbe78dd94ae52bf44e41c],
PUP.Optional.LuckyBrowse.ShrtCln, C:\Program Files (x86)\LuckyBrowse\misc\sciter32.dll, , [6abd5b29e2b7ac8a3a38e61aaf543bc5],
PUP.Optional.LuckyBrowse.ShrtCln, C:\Program Files (x86)\LuckyBrowse\misc\uninstall.exe, , [6abd5b29e2b7ac8a3a38e61aaf543bc5],
PUP.Optional.LuckyBrowse.ShrtCln, C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse\Remove.lnk, , [55d2d8ac2f6a1521d21847bbe3203cc4],
PUP.Optional.SimpleFiles, C:\Users\Samerko\AppData\Roaming\SimpleFiles\dht.dat, , [ec3b85fffc9d082e07018b7b956eae52],
PUP.Optional.SimpleFiles, C:\Users\Samerko\AppData\Roaming\SimpleFiles\downloads.ini, , [ec3b85fffc9d082e07018b7b956eae52],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 06 bře 2016 09:17

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

SamerLP · Příspěvekod **SamerLP** » 06 bře 2016 20:30

AdwCleaner som spravil ale po reštarte sa mi ukázal ale nikde v C nie je. Takže neviem kde je teda... Tomu nechápem vy píšete že sa neukáže ale ukázal sa a ja som ho zavrel a nikde nie je.

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64
Ran by Samerko (Administrator) on ne 06. 03. 2016 at 17:45:38,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 10

Successfully deleted: C:\Users\Samerko\AppData\Local\{ED698C45-D785-496F-8279-680C84A1874F} (Empty Folder)
Successfully deleted: C:\Users\Samerko\AppData\Roaming\nico mak computing (Folder)
Successfully deleted: C:\Users\Samerko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\355N9Q3W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Samerko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\779CZTJR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Samerko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJDLN4YI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Samerko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TX1QFU3V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\355N9Q3W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\779CZTJR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJDLN4YI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TX1QFU3V (Temporary Internet Files Folder)

Registry: 3

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38279E1A-7019-40C1-B579-E99DFB3312E8} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38279E1A-7019-40C1-B579-E99DFB3312E8} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 06. 03. 2016 at 17:53:57,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 6. 3. 2016
Čas skenování: 18:01
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.05.03
Databáze rootkitů: v2016.02.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Samerko

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 486520
Uplynulý čas: 48 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 2
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT2612669, Do karantény, [87a03b49f7a291a5d5573aa744bf10f0],
PUP.Optional.WinZipRegOp, HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\SOFTWARE\NICO MAK COMPUTING\WinZip Registry Optimizer, Do karantény, [2ff897edaced96a0c5129eca18ec41bf],

Hodnoty registru: 2
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://un-stop.com/wpad.dat?61eb67565c17a41a790ccbe50b6919697097475, Do karantény, [f1367f059900c96db1704437b94b7090]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://un-stop.com/wpad.dat?61eb67565c1 ... 9697097475, Do karantény, [ae792e56abee5fd722fcdb2eca392fd1]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 4
PUP.Optional.SimpleFiles, C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$RRE02BX\downloader.exe, Do karantény, [43e4f193bbdeb086aeb934ef65a06f91],
PUP.Optional.SimpleFiles, C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$RRE02BX\SimpleDownloads.exe, Do karantény, [49def29234652e083730958e33d28c74],
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, Do karantény, [39ee3b499603310558b7e74752b0dd23],
CrackTool.Agent.Keygen, C:\Windows\AutoKMS.exe, Do karantény, [969197ed6d2c3402ec8ffeabbd44a759],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

RogueKiller:

RogueKiller V11.0.14.0 (x64) [Feb 29 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Samerko [Administrator]
Started from : C:\Users\Samerko\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 03/06/2016 20:20:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\pdfforge -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rxygpv (System32\drivers\pkdmwfsr.sys) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[PUP][File] C:\Users\Samerko\AppData\Roaming\Microsoft\Windows\Recent\uninstall.lnk [LNK@] C:\Program Files (x86)\SimpleFiles\uninstall.dat -> Found
[PUP][File] C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$REHZHQO.lnk [LNK@] C:\Program Files (x86)\SimpleFiles\SimpleDownloads.exe -> Found
[PUP][File] C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$ROVYCRC\SimpleDownloads.lnk [LNK@] C:\Program Files (x86)\SimpleFiles\SimpleDownloads.exe -> Found
[PUP][File] C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$RPY6XQ4\Quarantine\C\Users\Samerko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk.vir [LNK@] C:\Users\Samerko\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"menu" -> Found
[Hj.Name][File] C:\Program Files (x86)\PSPad editor\Notepad.EXE -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Not loaded [0x0]) ¤¤¤
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE[0] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CLOSE[2] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_POWER[22] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_PNP[27] : Unknown @ 0xfffffa8003c912c0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++
--- User ---
[MBR] eff11c629db3241621335bfea4f680bf
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 256054 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 576829440 | Size: 328824 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **jerabina** » 06 bře 2016 22:37

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

SamerLP · Příspěvekod **SamerLP** » 07 bře 2016 19:17

RogueKiller:

RogueKiller V11.0.14.0 (x64) [Feb 29 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Samerko [Administrator]
Started from : C:\Users\Samerko\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 03/07/2016 16:32:20

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\pdfforge -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[PUP][File] C:\Users\Samerko\AppData\Roaming\Microsoft\Windows\Recent\uninstall.lnk [LNK@] C:\Program Files (x86)\SimpleFiles\uninstall.dat -> Deleted
[PUP][File] C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$REHZHQO.lnk [LNK@] C:\Program Files (x86)\SimpleFiles\SimpleDownloads.exe -> Deleted
[PUP][File] C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$ROVYCRC\SimpleDownloads.lnk [LNK@] C:\Program Files (x86)\SimpleFiles\SimpleDownloads.exe -> Deleted
[PUP][File] C:\$RECYCLE.BIN\S-1-5-21-1676706566-1539175069-4259669011-1000\$RPY6XQ4\Quarantine\C\Users\Samerko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk.vir [LNK@] C:\Users\Samerko\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"menu" -> Deleted
[Hj.Name][File] C:\Program Files (x86)\PSPad editor\Notepad.EXE -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Not loaded [0x0]) ¤¤¤
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE[0] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CLOSE[2] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_POWER[22] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xfffffa8003c912c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_PNP[27] : Unknown @ 0xfffffa8003c912c0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++
--- User ---
[MBR] eff11c629db3241621335bfea4f680bf
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 256054 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 576829440 | Size: 328824 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Zoek:

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Samerko on po 07. 03. 2016 at 16:37:34,30.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Samerko\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7. 3. 2016 16:40:38 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\epson deleted successfully
C:\PROGRA~2\Euro Truck Simulator 2 Multiplayer deleted successfully
C:\PROGRA~2\McAfee Security Scan deleted successfully
C:\PROGRA~2\puush deleted successfully
C:\PROGRA~2\Ubisoft deleted successfully
C:\PROGRA~2\URUSoft deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Samerko\AppData\Roaming\PDF Producer deleted successfully
C:\Users\Samerko\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Samerko\AppData\Local\EmieSiteList deleted successfully
C:\Users\Samerko\AppData\Local\EmieUserList deleted successfully
C:\Users\Samerko\AppData\Local\Skype deleted successfully
C:\Users\Samerko\AppData\Local\Ubisoft Game Launcher deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\pdf_architect_4_conv@pdfarchitect.org deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Samerko\AppData\Roaming\Mozilla\Firefox\Profiles\2xrvksle.default-1438352699902\prefs.js:

Added to C:\Users\Samerko\AppData\Roaming\Mozilla\Firefox\Profiles\2xrvksle.default-1438352699902\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Samerko\AppData\Roaming\Nvu\Profiles\yurfza4w.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Samerko\AppData\Roaming\Nvu\Profiles\yurfza4w.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\epson not found
C:\PROGRA~2\Euro Truck Simulator 2 Multiplayer not found
C:\PROGRA~2\McAfee Security Scan not found
C:\PROGRA~2\puush not found
C:\PROGRA~2\Ubisoft not found
C:\PROGRA~2\URUSoft not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\Users\Samerko\AppData\Roaming\.technic deleted
C:\Users\Samerko\AppData\Roaming\Aegisub deleted
C:\Users\Samerko\.android deleted
C:\Users\Samerko\AppData\Roaming\MC Titan FTB deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Samerko\AppData\Roaming\Mozilla\Firefox\Profiles\2xrvksle.default-1438352699902\extensions\firefox@mega.co.nz.xpi deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.dll" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.exe" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\uploader.dll" deleted
"C:\PROGRA~2\Skillbrains" deleted
"C:\PROGRA~2\Skillbrains\lightshot" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1" deleted

==== Orphaned Tasks deleted from Registry ======================

NCH Software\ExpressBurnDowngrade deleted
NCH Software\ExpressBurnReminder deleted
NCH Software\videopadShakeIcon deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Samerko\AppData\Roaming\Mozilla\Firefox\Profiles\2xrvksle.default-1438352699902
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Samerko\AppData\Roaming\Nvu\Profiles\yurfza4w.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Samerko\AppData\Roaming\Mozilla\Firefox\Profiles\2xrvksle.default-1438352699902
- Undetermined - %ProfilePath%\extensions\jid0-3qAYz7se7F3gEIA63LjbuEaPEDk@jetpack.xpi
- Google Translator - %ProfilePath%\extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\jid1-dgnICqQgv2AUZw@jetpack.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Samerko\AppData\Roaming\Nvu\Profiles\yurfza4w.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Samerko\AppData\Roaming\Mozilla\Firefox\Profiles\2xrvksle.default-1438352699902
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
6FE651F6E3025AD51CC1D54913AEEADC - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Samerko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

==== Chromium Look ======================

Docs - Samerko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{3D585554-3A2C-4BF8-9587-2D99C7A6EBAD} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

==== Reset Google Chrome ======================

C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Samerko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Samerko\AppData\Local\Mozilla\Firefox\Profiles\2xrvksle.default-1438352699902\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18605 folders=2317 3800178722 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Samerko\AppData\Local\Temp will be emptied at reboot
C:\Users\Skuska\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Samerko\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Samerko\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZSSBR5A\www.mp4upload.com" not found

==== EOF on po 07. 03. 2016 at 17:52:41,48 ======================

ComboFix:

ComboFix 16-03-07.01 - Samerko . 03. 2016 18:10:36.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4072.2429 [GMT 1:00]
Running from: c:\users\Samerko\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 9.0.351.2 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 9.0.351.2 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Samerko\AppData\Local\Temp\VPN_648F\B7091C83.dll
c:\windows\TEMP\VPN_08BF\B7091C83.dll
.
.
((((((((((((((((((((((((( Files Created from 2016-02-07 to 2016-03-07 )))))))))))))))))))))))))))))))
.
.
2016-03-07 18:03 . 2016-03-07 18:03 -------- d-----w- c:\users\Skuska\AppData\Local\temp
2016-03-07 18:03 . 2016-03-07 18:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-03-07 18:03 . 2016-03-07 18:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-03-07 18:03 . 2016-03-07 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-07 16:49 . 2016-03-07 15:37 24064 ----a-w- c:\windows\zoek-delete.exe
2016-03-07 16:49 . 2016-03-07 18:03 -------- d-----w- c:\users\Samerko\AppData\Local\Temp
2016-03-06 18:02 . 2016-03-06 19:30 -------- d-----w- c:\programdata\RogueKiller
2016-03-06 16:31 . 2016-03-06 16:35 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-04 20:55 . 2016-03-04 20:55 -------- d-----w- C:\AdwCleaner
2016-03-04 11:20 . 2016-03-04 11:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3764.dll
2016-03-04 11:12 . 2016-03-04 11:12 -------- d-----w- c:\programdata\boost_interprocess
2016-03-03 17:59 . 2016-03-03 17:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3272.dll
2016-03-02 17:59 . 2016-03-02 17:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3220.dll
2016-03-01 19:40 . 2016-03-01 19:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.4088.dll
2016-02-13 20:55 . 2016-02-13 20:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3588.dll
2016-02-12 19:30 . 2016-02-12 19:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.4000.dll
2016-02-07 09:03 . 2016-02-07 09:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3912.dll
2016-02-07 09:01 . 2016-02-07 09:14 -------- d-----w- c:\users\Samerko\AppData\Local\Origin
2016-02-07 08:43 . 2016-02-07 09:00 -------- d-----w- c:\program files (x86)\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-07 14:22 . 2015-01-10 13:56 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-06 17:01 . 2015-01-09 13:21 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-06 16:38 . 2012-03-15 14:09 45056 ----a-w- c:\windows\system32\acovcnt.exe
2016-02-12 19:30 . 2012-04-01 15:43 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-12 19:30 . 2012-04-01 15:43 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-31 10:32 . 2016-01-31 10:32 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2072.dll
2016-01-30 12:14 . 2016-01-30 12:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3992.dll
2016-01-15 17:49 . 2016-01-10 17:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2616.dll
2016-01-14 17:30 . 2016-01-14 17:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2876.dll
2015-12-29 19:30 . 2015-12-29 19:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2712.dll
2015-12-28 16:20 . 2015-12-28 16:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.4164.dll
2015-12-27 09:38 . 2015-12-27 09:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3676.dll
2015-12-23 11:59 . 2015-12-14 14:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2704.dll
2015-12-19 20:47 . 2015-12-19 20:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2556.dll
2015-12-17 17:53 . 2015-12-17 17:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2896.dll
2015-12-16 20:15 . 2015-12-16 20:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3852.dll
2015-12-11 21:59 . 2012-09-02 18:36 140158008 ----a-w- c:\windows\system32\MRT.exe
2015-12-08 19:29 . 2015-12-08 19:29 120200 ----a-w- c:\windows\system32\pdfcmon.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-11-16 8591272]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2016-02-07 3639280]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE" [2015-10-21 563416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-12-14 883352]
.
c:\users\Samerko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 1510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN55P2C30F05YR;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528]
Newgen.lnk - c:\program files (x86)\Win8.1 SkinPack\Newgen\Newgen.exe [2013-5-19 9792000]
SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr_x64.exe /startup [2015-9-30 5398248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler;c:\program files\PDF Architect 4\crash-handler-ws.exe;c:\program files\PDF Architect 4\crash-handler-ws.exe [x]
R3 PDF Architect 4;PDF Architect 4;c:\program files\PDF Architect 4\ws.exe;c:\program files\PDF Architect 4\ws.exe [x]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys;c:\windows\SYSNATIVE\prwntdrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 PDF Architect 4 Creator;PDF Architect 4 Creator;c:\program files\PDF Architect 4\creator-ws.exe;c:\program files\PDF Architect 4\creator-ws.exe [x]
S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient_x64.exe;c:\program files\SoftEther VPN Client\vpnclient_x64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0068.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0068.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-26 18:00 1088664 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31 19:30]
.
2016-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-26 17:54]
.
2016-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-26 17:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient_x64.exe" [2015-09-30 5207272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\3514D45425B4F40534: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\3514D45425B4F4D20534F5E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\3516D65627: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\77966696D2E6564777F627B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\845514755494D24736B653: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\96E64756275687: NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Samerko\AppData\Roaming\Mozilla\Firefox\Profiles\2xrvksle.default-1438352699902\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-puush - c:\program files (x86)\puush\puush.exe
Wow6432Node-HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
Wow6432Node-HKLM-Run-Lightshot - c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{6D4133E5-0742-4ADC-8A8C-9303440F7190} - (no file)
ShellIconOverlayIdentifiers-{64174815-8D98-4CE6-8646-4C039977D808} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 - c:\program files (x86)\Skillbrains\lightshot\unins000.exe
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\programdata\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
AddRemove-{90ffcee5-8608-4e94-8c18-a4feb4f83fb8} - c:\programdata\Package Cache\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}\vcredist_x64.exe
AddRemove-{9dba0447-b749-41ea-90bc-2aa19a9eb580} - c:\programdata\Package Cache\{9dba0447-b749-41ea-90bc-2aa19a9eb580}\vcredist_x86.exe
AddRemove-{c7ed0d4c-89c5-47fc-9e89-1088affe63f3} - c:\programdata\Package Cache\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{11DD827F-635D-DE0D-5CEB-58115E6B51E7}*]
"hadjjoikbibhklpa"=hex:6a,61,6d,70,62,6e,6d,6a,6f,65,66,64,6d,6d,61,67,6a,61,
6c,69,00,00
"ianjpldjgmmbeibbfe"=hex:63,61,61,70,67,6c,00,01
"iabmhbdlgkpjfahpbd"=hex:6b,61,6d,70,6f,6c,68,6f,63,69,66,65,6f,61,63,61,69,6f,
65,6b,69,69,00,00
"dbkmihpkjlelnhiiebpjffhciejbpbncmalhgfio"=hex:68,61,65,6c,70,65,61,65,64,62,
68,6c,62,69,70,6a,00,00
"jbkmihpkjlelnhiiebpjeacamcfmopablmfcdfhbkbplfmfpjkam"=hex:68,61,65,6c,70,65,
61,65,64,62,68,6c,62,69,70,6a,00,00
"dbkmihpkjlelnhiiebpjcpkegkkmdofcaecnmkgn"=hex:6a,62,64,70,67,6f,62,69,69,6a,
6e,67,70,64,70,64,66,63,62,70,64,64,61,6a,63,6f,65,6e,69,66,68,64,6b,65,66,\
.
[HKEY_USERS\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,ce,a6,b3,d0,95,71,77,12,45,76,31,93,50,d1,66,e7,6a,be,67,9d,
53,ce,79,08,96,9f,11,69,0a,4d,7e,3c,3c,ad,19,40,4d,ad,35,a1,12,bd,5f,3c,85,\
"rkeysecu"=hex:1c,b1,63,2b,a6,6f,5c,ec,a3,f5,8b,58,ba,e4,62,25
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2016-03-07 19:11:03
ComboFix-quarantined-files.txt 2016-03-07 18:11
.
Pre-Run: 131 129 593 856 bytes free
Post-Run: 130 812 370 944 bytes free
.
- - End Of File - - E12EEBDF7489BB5E2CEE789C5B4AC44F

Příspěvekod **jerabina** » 07 bře 2016 22:43

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::

Folder::
c:\programdata\RogueKiller
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=-
"CCleaner Monitoring"=-
"EADM"=-
"Zoner Photo Studio Autoupdate"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Driver::
SkypeUpdate

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
FF - prefs.js: browser.startup.homepage - about:home

RegLock::
[HKEY_USERS\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{11DD827F-635D-DE0D-5CEB-58115E6B51E7}*]
"hadjjoikbibhklpa"=hex:6a,61,6d,70,62,6e,6d,6a,6f,65,66,64,6d,6d,61,67,6a,61,
 6c,69,00,00
"ianjpldjgmmbeibbfe"=hex:63,61,61,70,67,6c,00,01
"iabmhbdlgkpjfahpbd"=hex:6b,61,6d,70,6f,6c,68,6f,63,69,66,65,6f,61,63,61,69,6f,
 65,6b,69,69,00,00
"dbkmihpkjlelnhiiebpjffhciejbpbncmalhgfio"=hex:68,61,65,6c,70,65,61,65,64,62,
 68,6c,62,69,70,6a,00,00
"jbkmihpkjlelnhiiebpjeacamcfmopablmfcdfhbkbplfmfpjkam"=hex:68,61,65,6c,70,65,
 61,65,64,62,68,6c,62,69,70,6a,00,00
"dbkmihpkjlelnhiiebpjcpkegkkmdofcaecnmkgn"=hex:6a,62,64,70,67,6f,62,69,69,6a,
 6e,67,70,64,70,64,66,63,62,70,64,64,61,6a,63,6f,65,6e,69,66,68,64,6b,65,66,\

[HKEY_USERS\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,ce,a6,b3,d0,95,71,77,12,45,76,31,93,50,d1,66,e7,6a,be,67,9d,
 53,ce,79,08,96,9f,11,69,0a,4d,7e,3c,3c,ad,19,40,4d,ad,35,a1,12,bd,5f,3c,85,\
"rkeysecu"=hex:1c,b1,63,2b,a6,6f,5c,ec,a3,f5,8b,58,ba,e4,62,25

[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

horava · Příspěvekod **horava** » 09 bře 2016 22:53

Prosím o kontrolu logu. Dekuji

ComboFix 16-02-09.01 - mh001 . 03. 2016 22:43:23.4.8 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.16076.11963 [GMT 1:00]
Spuštěný z: c:\users\mh001\Downloads\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mh001\AppData\Local\Daltron.exe
c:\users\mh001\AppData\Roaming\FunIty.exe
c:\users\mh001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gpudriver.exe
c:\users\mh001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\indexsearch.exe
c:\users\mh001\AppData\Roaming\X-bam.bin
c:\windows\XSxS
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_mrodmcteebxpdate
-------\Service_mrodmcteebxpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-09 do 2016-03-09 )))))))))))))))))))))))))))))))
.
.
2016-03-09 21:47 . 2016-03-09 21:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-03-09 21:47 . 2016-03-09 21:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-09 21:31 . 2016-03-09 21:37 -------- d-----w- c:\program files (x86)\SunnyDayApps
2016-03-09 21:31 . 2016-03-09 21:37 -------- d-----w- c:\program files (x86)\rec_en_220
2016-03-09 21:31 . 2016-03-09 21:31 -------- d-----w- c:\users\mh001\AppData\Local\rec_en_220
2016-03-09 21:22 . 2016-03-09 21:48 -------- d-----w- c:\users\mh001\AppData\Local\SunnyDay21
2016-03-09 21:22 . 2016-03-09 21:37 -------- d-----w- c:\program files (x86)\SunnyDay21
2016-03-09 21:12 . 2016-03-09 21:37 -------- d-----w- c:\programdata\MWdMM
2016-03-09 21:11 . 2016-03-09 21:18 -------- d-----w- c:\users\mh001\AppData\Roaming\mysites123
2016-03-09 21:11 . 2016-03-09 21:37 -------- d-----w- c:\program files (x86)\Hostify
2016-03-09 21:06 . 2016-03-09 21:37 -------- d-----w- c:\program files (x86)\SFK
2016-03-09 21:06 . 2016-03-09 21:37 -------- d-----w- c:\programdata\UWdMU
2016-03-09 21:05 . 2016-03-09 21:17 -------- d-----w- c:\users\mh001\AppData\Local\app
2016-03-09 21:05 . 2016-03-09 21:19 -------- d-----w- c:\users\mh001\AppData\Roaming\istartpageing
2016-03-09 21:05 . 2016-03-09 21:05 59112 ----a-w- c:\windows\system32\drivers\MPCKpt.sys
2016-03-09 20:55 . 2016-03-09 21:37 -------- d-----w- c:\users\mh001\AppData\Local\03D40274-1457560531-0513-5606-120700080009
2016-03-09 20:54 . 2016-03-09 21:37 -------- d-----w- c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009
2016-03-09 20:51 . 2016-03-09 21:37 -------- d-----w- c:\program files\REACHit
2016-03-09 20:50 . 2016-03-09 20:50 296 ----a-w- C:\task.vbs
2016-03-09 20:50 . 2016-03-09 21:00 -------- d-----w- c:\programdata\CloudPrinter
2016-03-09 20:50 . 2016-03-09 20:50 -------- d-----w- c:\programdata\Kingsoft
2016-03-09 20:49 . 2016-03-09 20:49 -------- d-----w- c:\program files (x86)\MTV20160128
2016-03-09 20:49 . 2016-03-09 21:36 -------- d-----w- c:\programdata\BOINC
2016-03-09 20:49 . 2016-03-09 20:49 -------- d-----w- c:\windows\Downloaded Installations
2016-03-09 20:49 . 2016-03-09 20:49 -------- d-----w- c:\program files (x86)\Seznam.cz
2016-03-09 20:48 . 2016-03-09 20:49 -------- d-----w- c:\users\mh001\AppData\Roaming\Seznam.cz
2016-03-09 20:47 . 2016-03-09 20:47 -------- d-----w- c:\users\mh001\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-09 20:47 . 2016-03-09 20:47 -------- d-----w- c:\program files (x86)\Winsere
2016-03-09 20:47 . 2016-03-09 20:47 -------- d-----w- c:\program files (x86)\WinTaske
2016-03-09 20:47 . 2016-03-09 21:21 -------- d-----w- c:\program files (x86)\SearchesToYesbnd
2016-03-09 20:46 . 2016-03-09 21:37 -------- d-----w- c:\users\mh001\AppData\Local\gmsd_re_021010262
2016-03-09 19:42 . 2016-03-09 19:42 -------- d-----w- c:\program files (x86)\Neat Video for Premiere
2016-03-09 19:42 . 2016-03-09 19:42 -------- d-----w- c:\program files\Neat Video for Premiere
2016-03-09 19:24 . 2016-03-09 19:24 -------- d-----w- c:\program files\Neat Video v4 for Premiere
2016-03-08 20:06 . 2016-02-21 05:23 46768 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-03-08 20:06 . 2016-02-21 03:43 696832 ----a-w- c:\windows\system32\invagent.dll
2016-03-08 20:06 . 2016-02-21 03:43 689152 ----a-w- c:\windows\system32\generaltel.dll
2016-03-08 20:06 . 2016-02-21 03:43 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-08 20:06 . 2016-02-21 03:43 1373184 ----a-w- c:\windows\system32\appraiser.dll
2016-03-08 20:06 . 2016-02-21 03:43 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-08 20:06 . 2016-02-05 14:09 1168896 ----a-w- c:\windows\system32\aeinv.dll
2016-02-22 11:54 . 2016-02-22 12:12 -------- d-----w- c:\users\mh001\AppData\Roaming\GoPro
2016-02-22 11:54 . 2016-02-22 11:54 -------- d-----w- c:\users\mh001\AppData\Local\GoPro
2016-02-22 11:54 . 2016-02-22 12:40 -------- d-----w- c:\users\Public\CineForm
2016-02-22 11:54 . 2016-02-22 11:54 -------- d-----w- c:\program files (x86)\CineForm
2016-02-22 11:54 . 2016-02-22 11:54 -------- d-----w- c:\program files (x86)\GoPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-08 20:32 . 2014-01-31 02:39 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-01-05 20:16 . 2016-01-16 07:12 826328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-05 20:16 . 2016-01-16 07:12 176088 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-30 23:29 . 2016-01-13 02:26 6972760 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-15 00:01 . 2016-01-13 02:27 1763328 ----a-w- c:\windows\SysWow64\wininet.dll
2015-12-15 00:01 . 2016-01-13 02:27 513536 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-12-15 00:01 . 2016-01-13 02:27 2240000 ----a-w- c:\windows\system32\wininet.dll
2015-12-15 00:00 . 2016-01-13 02:27 2793984 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-12-15 00:00 . 2016-01-13 02:27 737280 ----a-w- c:\windows\SysWow64\inetcomm.dll
2015-12-15 00:00 . 2016-01-13 02:27 592896 ----a-w- c:\windows\system32\vbscript.dll
2015-12-15 00:00 . 2016-01-13 02:27 1409536 ----a-w- c:\windows\system32\urlmon.dll
2015-12-15 00:00 . 2016-01-13 02:27 19349504 ----a-w- c:\windows\system32\mshtml.dll
2015-12-15 00:00 . 2016-01-13 02:27 97280 ----a-w- c:\windows\system32\mshtmled.dll
2015-12-15 00:00 . 2016-01-13 02:27 603136 ----a-w- c:\windows\system32\msfeeds.dll
2015-12-15 00:00 . 2016-01-13 02:27 3805696 ----a-w- c:\windows\system32\jscript9.dll
2015-12-15 00:00 . 2016-01-13 02:27 857600 ----a-w- c:\windows\system32\jscript.dll
2015-12-15 00:00 . 2016-01-13 02:27 949760 ----a-w- c:\windows\system32\inetcomm.dll
2015-12-15 00:00 . 2016-01-13 02:27 15422976 ----a-w- c:\windows\system32\ieframe.dll
2015-12-15 00:00 . 2016-01-13 02:27 2658304 ----a-w- c:\windows\system32\iertutil.dll
2015-12-15 00:00 . 2016-01-13 02:27 255488 ----a-w- c:\windows\system32\iedkcs32.dll
2015-12-15 00:00 . 2016-01-13 02:27 281600 ----a-w- c:\windows\system32\dxtrans.dll
2015-12-14 23:59 . 2016-01-13 02:27 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-08-19 8455960]
"GoogleChromeAutoLaunch_B3F7B5E2539664F03F66077A82DC5A14"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-05-22 813896]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-02-10 50599552]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-11-30 60688]
"cz.seznam.software.autoupdate"="c:\users\mh001\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\mh001\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"PowerDVD13Agent"="c:\program files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" [2013-07-05 517144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-11-20 60688]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"GoPro Studio Importer"="c:\program files (x86)\GoPro\Tools\Importer\GoPro Importer.exe" [2015-10-02 3218184]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"rec_en_220"="c:\program files (x86)\rec_en_220\rec_en_220.exe" [2016-03-07 4050608]
"MTview"="c:\program files (x86)\MTV20160128\MTView.exe" [2016-01-26 1877512]
"sun21"="c:\program files (x86)\SunnyDay21\SunnyDay.exe" [2016-03-09 3992752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"usun.exe"="c:\users\mh001\AppData\Local\SunnyDay21\usun.exe" [2016-03-09 3155632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2014-2-10 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 ggbugreport;ggbugreport;c:\program files (x86)\SearchesToYesbnd\bugreport.exe {154DFF63-3402-4815-941A-AAD63AE8B428};c:\program files (x86)\SearchesToYesbnd\bugreport.exe {154DFF63-3402-4815-941A-AAD63AE8B428} [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 Winsere;Winsere;c:\program files (x86)\Winsere\Winsere\Winsere.exe {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678};c:\program files (x86)\Winsere\Winsere\Winsere.exe {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [x]
R3 AM10;Cisco AM10 Driver;c:\windows\system32\DRIVERS\am10w7.sys;c:\windows\SYSNATIVE\DRIVERS\am10w7.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 MPCKpt;MPCKpt;c:\windows\system32\DRIVERS\MPCKpt.sys;c:\windows\SYSNATIVE\DRIVERS\MPCKpt.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/02/16 14:16];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 CloudPrinter;CloudPrinter;c:\programdata\\CloudPrinter\\CloudPrinter.exe;c:\programdata\\CloudPrinter\\CloudPrinter.exe [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 dojygici;Overheat Layout;c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009\jnss5EF8.tmp;c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009\jnss5EF8.tmp [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MPCProtectService;MPC Core Protect Service;d:\program files (x86)\MPC Cleaner\MPCProtectService.exe;d:\program files (x86)\MPC Cleaner\MPCProtectService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 pohygibuzbt;ADSL Preview;c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009\knsd4705.tmpfs;c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009\knsd4705.tmpfs [x]
S2 REACHit;REACHit;c:\program files\REACHit\REACHit.exe;c:\program files\REACHit\REACHit.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 SSFK;SSFK;c:\program files (x86)\SFK\SSFK.exe;c:\program files (x86)\SFK\SSFK.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WdMan;WdMan Service;c:\programdata\MWdMM\WdMan.exe;c:\programdata\MWdMM\WdMan.exe [x]
S2 wucotusy;Free Space Decimal Point;c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009\hnsn783F.tmp;c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009\hnsn783F.tmp [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-25 21:39 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-31 13:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-09-03 13651672]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"MouseDriver"="TiltWheelMouse.exe" [2013-04-09 241152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-12-20 391128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-12-20 771544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-12-20 770520]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-08 2685072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-05-08 1570672]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-07-22 500936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-17 170256]
"IDSCPRODUCT"="c:\program files (x86)\Hostify\\idscservice.exe" [2016-03-09 81408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 109.164.64.64 8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\mh001\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\
FF - prefs.js: browser.search.selectedEngine - yessearches
FF - prefs.js: browser.startup.homepage - hxxp://www.mysites123.com/?type=hp&ts=1 ... AIKE011504
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-gmsd_re_021010262 - (no file)
Wow6432Node-HKLM-Run-win_en_77 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{9866b8be-d083-4943-ba11-428ff5314547} - c:\program files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dojygici]
"ImagePath"="c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009\jnss5EF8.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pohygibuzbt]
"ImagePath"="c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009\knsd4705.tmpfs"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wucotusy]
"ImagePath"="c:\program files (x86)\03D40274-1457556845-0513-5606-120700080009\hnsn783F.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programdata\CloudPrinter\CloudPrinter.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\windows\SysWOW64\UTSCSI.EXE
d:\program files (x86)\MPC Cleaner\MPCTray.exe
c:\program files (x86)\CrystalDiskInfo\DiskInfo.exe
c:\windows\System32\TiltWheelMouse.exe
c:\users\mh001\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\windows\SysWOW64\runonce.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Celkový čas: 2016-03-09 22:50:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-03-09 21:50
ComboFix2.txt 2015-05-28 11:21
ComboFix3.txt 2015-05-27 09:21
ComboFix4.txt 2015-02-03 10:08
.
Před spuštěním: 569 176 064 bytes free
Po spuštění: 4 912 504 832 bytes free
.
- - End Of File - - 3D4B645ECC4D6334A3D4CA74746EFFAE
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 10 bře 2016 09:54

horava: založ si vlastní téma!!

SamerLP · Příspěvekod **SamerLP** » 11 bře 2016 22:01

ComboFix z fixom:

ComboFix 16-03-07.01 - Samerko . 03. 2016 20:26:16.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4072.2485 [GMT 1:00]
Running from: c:\users\Samerko\Desktop\ComboFix.exe
Command switches used :: c:\users\Samerko\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 9.0.374.1 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 9.0.374.1 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Samerko\AppData\Local\Temp\VPN_9473\B7091C83.dll
c:\windows\security\logs\scecomp.log
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\TEMP\VPN_0F74\B7091C83.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2016-02-11 to 2016-03-11 )))))))))))))))))))))))))))))))
.
.
2016-03-11 20:01 . 2016-03-11 20:01 -------- d-----w- c:\users\Skuska\AppData\Local\temp
2016-03-11 20:01 . 2016-03-11 20:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-03-11 20:01 . 2016-03-11 20:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-03-11 20:01 . 2016-03-11 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-11 19:09 . 2016-03-11 19:09 -------- d-----w- c:\program files\ESET
2016-03-07 18:14 . 2016-03-07 18:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.1292.dll
2016-03-07 16:49 . 2016-03-07 15:37 24064 ----a-w- c:\windows\zoek-delete.exe
2016-03-07 16:49 . 2016-03-11 20:47 -------- d-----w- c:\users\Samerko\AppData\Local\Temp
2016-03-06 18:02 . 2016-03-06 19:30 -------- d-----w- c:\programdata\RogueKiller
2016-03-06 16:31 . 2016-03-06 16:35 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-04 20:55 . 2016-03-04 20:55 -------- d-----w- C:\AdwCleaner
2016-03-04 11:20 . 2016-03-04 11:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3764.dll
2016-03-04 11:12 . 2016-03-04 11:12 -------- d-----w- c:\programdata\boost_interprocess
2016-03-03 17:59 . 2016-03-03 17:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3272.dll
2016-03-02 17:59 . 2016-03-02 17:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3220.dll
2016-03-01 19:40 . 2016-03-01 19:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.4088.dll
2016-02-13 20:55 . 2016-02-13 20:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3588.dll
2016-02-12 19:30 . 2016-02-12 19:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.4000.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-11 19:01 . 2012-03-15 14:09 45056 ----a-w- c:\windows\system32\acovcnt.exe
2016-03-11 15:30 . 2012-04-01 15:43 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-11 15:30 . 2012-04-01 15:43 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-07 14:22 . 2015-01-10 13:56 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-06 17:01 . 2015-01-09 13:21 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-09 07:27 . 2016-02-09 07:27 264552 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-02-09 07:27 . 2016-02-09 07:27 186784 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-02-09 07:27 . 2016-02-09 07:27 170792 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2016-02-07 09:03 . 2016-02-07 09:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3912.dll
2016-01-31 10:32 . 2016-01-31 10:32 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2072.dll
2016-01-30 12:14 . 2016-01-30 12:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3992.dll
2016-01-15 17:49 . 2016-01-10 17:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2616.dll
2016-01-14 17:30 . 2016-01-14 17:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2876.dll
2015-12-29 19:30 . 2015-12-29 19:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2712.dll
2015-12-28 16:20 . 2015-12-28 16:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.4164.dll
2015-12-27 09:38 . 2015-12-27 09:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3676.dll
2015-12-23 11:59 . 2015-12-14 14:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2704.dll
2015-12-19 20:47 . 2015-12-19 20:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2556.dll
2015-12-17 17:53 . 2015-12-17 17:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.2896.dll
2015-12-16 20:15 . 2015-12-16 20:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6B5ACD-D311-4BC2-84D6-5478C90AF415}\offreg.3852.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-12-14 883352]
.
c:\users\Samerko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 1510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN55P2C30F05YR;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528]
Newgen.lnk - c:\program files (x86)\Win8.1 SkinPack\Newgen\Newgen.exe [2013-5-19 9792000]
SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr_x64.exe /startup [2015-9-30 5398248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler;c:\program files\PDF Architect 4\crash-handler-ws.exe;c:\program files\PDF Architect 4\crash-handler-ws.exe [x]
R3 PDF Architect 4;PDF Architect 4;c:\program files\PDF Architect 4\ws.exe;c:\program files\PDF Architect 4\ws.exe [x]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys;c:\windows\SYSNATIVE\prwntdrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 PDF Architect 4 Creator;PDF Architect 4 Creator;c:\program files\PDF Architect 4\creator-ws.exe;c:\program files\PDF Architect 4\creator-ws.exe [x]
S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient_x64.exe;c:\program files\SoftEther VPN Client\vpnclient_x64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0068.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0068.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EPFWWFPR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-11 14:02 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient_x64.exe" [2015-09-30 5207272]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\3514D45425B4F40534: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\3514D45425B4F4D20534F5E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\3516D65627: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\77966696D2E6564777F627B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\845514755494D24736B653: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61EDEC6D-2042-4239-8A87-F973F3ABAA32}\96E64756275687: NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Samerko\AppData\Roaming\Mozilla\Firefox\Profiles\2xrvksle.default-1438352699902\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{6D4133E5-0742-4ADC-8A8C-9303440F7190} - (no file)
ShellIconOverlayIdentifiers-{64174815-8D98-4CE6-8646-4C039977D808} - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 - c:\program files (x86)\Skillbrains\lightshot\unins000.exe
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\programdata\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
AddRemove-{90ffcee5-8608-4e94-8c18-a4feb4f83fb8} - c:\programdata\Package Cache\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}\vcredist_x64.exe
AddRemove-{9dba0447-b749-41ea-90bc-2aa19a9eb580} - c:\programdata\Package Cache\{9dba0447-b749-41ea-90bc-2aa19a9eb580}\vcredist_x86.exe
AddRemove-{c7ed0d4c-89c5-47fc-9e89-1088affe63f3} - c:\programdata\Package Cache\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{11DD827F-635D-DE0D-5CEB-58115E6B51E7}*]
"hadjjoikbibhklpa"=hex:6a,61,6d,70,62,6e,6d,6a,6f,65,66,64,6d,6d,61,67,6a,61,
6c,69,00,00
"ianjpldjgmmbeibbfe"=hex:63,61,61,70,67,6c,00,01
"iabmhbdlgkpjfahpbd"=hex:6b,61,6d,70,6f,6c,68,6f,63,69,66,65,6f,61,63,61,69,6f,
65,6b,69,69,00,00
"dbkmihpkjlelnhiiebpjffhciejbpbncmalhgfio"=hex:68,61,65,6c,70,65,61,65,64,62,
68,6c,62,69,70,6a,00,00
"jbkmihpkjlelnhiiebpjeacamcfmopablmfcdfhbkbplfmfpjkam"=hex:68,61,65,6c,70,65,
61,65,64,62,68,6c,62,69,70,6a,00,00
"dbkmihpkjlelnhiiebpjcpkegkkmdofcaecnmkgn"=hex:6a,62,64,70,67,6f,62,69,69,6a,
6e,67,70,64,70,64,66,63,62,70,64,64,61,6a,63,6f,65,6e,69,66,68,64,6b,65,66,\
.
[HKEY_USERS\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,ce,a6,b3,d0,95,71,77,12,45,76,31,93,50,d1,66,e7,6a,be,67,9d,
53,ce,79,08,96,9f,11,69,0a,4d,7e,3c,3c,ad,19,40,4d,ad,35,a1,12,bd,5f,3c,85,\
"rkeysecu"=hex:1c,b1,63,2b,a6,6f,5c,ec,a3,f5,8b,58,ba,e4,62,25
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\InstantOn\InsOnWMI.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
.
**************************************************************************
.
Completion time: 2016-03-11 21:56:53 - machine was rebooted
ComboFix-quarantined-files.txt 2016-03-11 20:56
ComboFix2.txt 2016-03-07 18:11
.
Pre-Run: 132 725 383 168 bytes free
Post-Run: 132 175 171 584 bytes free
.
- - End Of File - - 065087EA906D5B4087EB030BFBD5AF4F

Příspěvekod **jaro3** » 12 bře 2016 09:18

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

RegLock::
[HKEY_USERS\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{11DD827F-635D-DE0D-5CEB-58115E6B51E7}*]
"hadjjoikbibhklpa"=hex:6a,61,6d,70,62,6e,6d,6a,6f,65,66,64,6d,6d,61,67,6a,61,
 6c,69,00,00
"ianjpldjgmmbeibbfe"=hex:63,61,61,70,67,6c,00,01
"iabmhbdlgkpjfahpbd"=hex:6b,61,6d,70,6f,6c,68,6f,63,69,66,65,6f,61,63,61,69,6f,
 65,6b,69,69,00,00
"dbkmihpkjlelnhiiebpjffhciejbpbncmalhgfio"=hex:68,61,65,6c,70,65,61,65,64,62,
 68,6c,62,69,70,6a,00,00
"jbkmihpkjlelnhiiebpjeacamcfmopablmfcdfhbkbplfmfpjkam"=hex:68,61,65,6c,70,65,
 61,65,64,62,68,6c,62,69,70,6a,00,00
"dbkmihpkjlelnhiiebpjcpkegkkmdofcaecnmkgn"=hex:6a,62,64,70,67,6f,62,69,69,6a,
 6e,67,70,64,70,64,66,63,62,70,64,64,61,6a,63,6f,65,6e,69,66,68,64,6b,65,66,\
.
[HKEY_USERS\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,ce,a6,b3,d0,95,71,77,12,45,76,31,93,50,d1,66,e7,6a,be,67,9d,
 53,ce,79,08,96,9f,11,69,0a,4d,7e,3c,3c,ad,19,40,4d,ad,35,a1,12,bd,5f,3c,85,\
"rkeysecu"=hex:1c,b1,63,2b,a6,6f,5c,ec,a3,f5,8b,58,ba,e4,62,25
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\acovcnt.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online