Prosím o kontolu

Příspěvekod **memphisto** » 10 srp 2013 17:19

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\program files (x86)\Lavasoft
c:\program files (x86)\Google\Update
c:\program files (x86)\Skype\Updater

File::
c:\windows\SYSNATIVE\DRIVERS\Lbd.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
gupdate
SkypeUpdate
gupdatem
Lavasoft Kernexplorer
Lbd

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Reklama

Jayo · Příspěvekod **Jayo** » 11 srp 2013 11:57

ComboFix 13-08-09.02 - oem 11.08.2013 11:26:26.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.12283.9838 [GMT 2:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\oem\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.153\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.153\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.153\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{D9BFDCD4-239B-4176-B0A4-373CF2153231}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Lavasoft
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
c:\windows\SysWow64\drivers\ntfs.sys . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_Lavasoft Kernexplorer
-------\Service_Lbd
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-11 do 2013-08-11 )))))))))))))))))))))))))))))))
.
.
2013-08-11 09:45 . 2013-08-11 09:45 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2013-08-11 09:45 . 2013-08-11 09:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-08-11 09:45 . 2013-08-11 09:45 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-08-11 09:45 . 2013-08-11 09:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-11 09:45 . 2013-08-11 09:45 -------- d-----w- c:\users\ASPNET\AppData\Local\temp
2013-08-11 09:45 . 2013-08-11 09:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-08-11 09:21 . 2013-08-11 09:21 -------- d-----w- c:\users\oem\AppData\Local\Apple
2013-08-10 15:07 . 2013-08-10 15:08 -------- d-----w- c:\users\oem\AppData\Local\CrashDumps
2013-08-10 12:40 . 2013-08-10 12:40 82816 ----a-w- c:\users\oem\AppData\Roaming\pcouffin.sys
2013-08-10 10:24 . 2013-08-10 13:36 -------- d-----w- c:\users\oem\AppData\Roaming\TS3Client
2013-08-10 09:07 . 2013-08-10 09:07 -------- d-----w- c:\windows\ERUNT
2013-08-10 09:05 . 2013-08-10 09:05 -------- d-----w- c:\users\oem\AppData\Local\Adobe
2013-08-10 09:05 . 2013-08-10 09:05 -------- d-----w- c:\users\oem\AppData\Local\CyberLink
2013-08-10 09:05 . 2013-08-10 09:05 -------- d-----w- c:\users\oem\AppData\Local\AVerMedia
2013-08-10 07:30 . 2013-08-10 07:30 -------- d-----w- c:\users\oem\AppData\Local\ATI
2013-08-09 11:17 . 2013-08-09 11:17 -------- d-----w- c:\program files (x86)\gPotato
2013-08-09 10:12 . 2013-07-15 01:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71506710-86CF-4015-8AB2-1CBE870F7001}\mpengine.dll
2013-08-08 11:11 . 2013-08-08 11:11 -------- d-----w- c:\users\oem\AppData\Roaming\InstallShield
2013-08-06 16:35 . 2013-03-17 16:21 3649536 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-08-06 16:35 . 2011-12-07 17:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2013-08-06 16:35 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-08-06 16:35 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-08-06 16:35 . 2011-12-21 17:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2013-08-06 16:35 . 2013-05-31 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-08-06 15:14 . 2013-08-10 14:09 -------- d-----w- c:\users\oem\AppData\Roaming\Wargaming.net
2013-08-06 08:49 . 2013-08-06 08:52 -------- d-----w- c:\programdata\ConMet
2013-08-06 07:52 . 2013-08-06 07:52 -------- d-----w- c:\users\oem\AppData\Roaming\Malwarebytes
2013-08-06 07:52 . 2013-08-06 07:52 -------- d-----w- c:\programdata\Malwarebytes
2013-08-06 07:52 . 2013-08-06 07:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-06 07:52 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-05 20:18 . 2013-08-10 10:31 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-08-05 19:37 . 2013-08-05 19:37 -------- d-----w- c:\users\oem\AppData\Roaming\PlatinumHideIP
2013-08-05 19:37 . 2013-08-05 19:37 -------- d-----w- c:\programdata\PlatinumHideIP
2013-08-05 15:32 . 2013-08-05 15:32 -------- d-----w- c:\users\oem\AppData\Local\Soul-Aion_comunity
2013-08-05 15:27 . 2013-08-08 10:49 -------- d-----w- c:\users\oem\AppData\Local\Deployment
2013-08-05 12:14 . 2013-08-05 12:15 -------- d-----w- c:\program files\CCleaner
2013-08-05 12:00 . 2012-06-09 18:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll
2013-08-01 20:02 . 2012-06-08 14:18 3615888 ----a-w- c:\windows\system32\RtkAPO64.dll
2013-08-01 20:02 . 2012-06-08 14:23 83072 ----a-w- c:\windows\system32\MBWrp64.dll
2013-08-01 19:59 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-08-01 19:17 . 2013-08-01 19:17 -------- d-----w- C:\Intel
2013-08-01 19:10 . 2013-08-01 19:10 -------- d-----w- C:\RaidTool
2013-08-01 18:34 . 2013-08-01 18:34 -------- d-----w- c:\program files (x86)\KWorld MultiMedia
2013-08-01 18:28 . 2013-08-11 09:47 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-08-01 18:28 . 2013-08-01 18:28 -------- d-----w- c:\users\oem\AppData\Local\SlimWare Utilities Inc
2013-08-01 18:27 . 2013-08-06 17:29 -------- d-----w- c:\program files (x86)\SlimDrivers
2013-08-01 09:59 . 2013-08-01 09:59 -------- d-----w- c:\programdata\dbg
2013-07-26 10:01 . 2013-08-09 18:46 -------- d-----w- c:\windows\system32\MRT
2013-07-25 16:55 . 2013-07-31 20:57 -------- d-----w- c:\users\oem\AppData\Roaming\DAZ 3D
2013-07-22 14:06 . 2013-07-22 14:06 -------- d-----w- c:\users\oem\AppData\Roaming\MKKE
2013-07-16 16:11 . 2013-07-16 16:11 -------- d-----w- c:\users\oem\AppData\Local\Ubisoft Game Launcher
2013-07-16 15:41 . 2013-07-16 15:41 -------- d-----w- c:\programdata\ATI
2013-07-16 15:41 . 2013-07-16 15:41 -------- d-----w- c:\program files (x86)\AMD AVT
2013-07-16 15:36 . 2013-07-16 15:36 -------- d-----w- C:\AMD
2013-07-13 22:19 . 2013-06-12 02:28 775256 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-07-13 16:49 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-13 16:48 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-13 16:48 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 07:26 . 2012-04-02 10:01 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 07:26 . 2011-05-15 18:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-24 10:20 . 2013-06-24 10:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 10:20 . 2012-06-19 13:38 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-24 10:20 . 2010-09-13 15:58 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2010-03-03 14:42 78277128 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2013-03-08 911024]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WD_SRT"="c:\program files (x86)\Western Digital Technologies\WD Win98 SE USB Disk Driver" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Acrobat Assistant 8.0"="c:\programy\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"NUSB3MON"="c:\programy\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"WinampAgent"="c:\programy\Winamp\winampa.exe" [2011-12-09 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"PowerDVD13Agent"="c:\program files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" [2013-03-20 513048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-3-14 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-3-14 741376]
ImageMixer 3 SE Camera Monitor for SD.lnk - c:\programy\ImageMixer 3 SE for SD\CameraMonitor.exe [2011-5-15 253952]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2010-2-26 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Acrobat Speed Launcher"="c:\programy\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
.
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\hry\VMLaunch\BuddyVM.sys;c:\hry\VMLaunch\BuddyVM.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 96EW;96EW Filter;c:\windows\system32\DRIVERS\96EW.sys;c:\windows\SYSNATIVE\DRIVERS\96EW.sys [x]
R3 AVerBDA3x_x64;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVerBDA3x_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GWHid;96EW Hidmini driver;c:\windows\system32\DRIVERS\GWHid.sys;c:\windows\SYSNATIVE\DRIVERS\GWHid.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys;c:\windows\SYSNATIVE\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys;c:\windows\SYSNATIVE\DRIVERS\s115obex.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/04/15 09:59];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVerA706_x64;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVerA706_x64.sys [x]
S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys;c:\windows\SYSNATIVE\DRIVERS\CamSuiteVAC.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 07:26]
.
2013-08-11 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-07-10 06:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"TNOD UP"="c:\programy\ESET\TNod User & Password Finder\TNODUP.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 10.103.17.1 217.117.216.7
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\e310q0go.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - About:Blank
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4066181527-3695359390-1988720199-1000\Software\SecuROM\License information*]
"datasecu"=hex:85,db,1d,ae,19,21,4b,be,4f,00,62,93,53,88,39,1a,da,37,b6,a5,19,
30,0b,86,f7,17,96,a8,51,a0,e0,64,8b,47,49,9f,88,42,53,57,77,03,8e,3f,89,3e,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Celkový čas: 2013-08-11 11:52:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-11 09:52
ComboFix2.txt 2013-08-10 14:43
.
Před spuštěním: Volných bajtů: 96 800 022 528
Po spuštění: Volných bajtů: 96 352 882 688
.
- - End Of File - - 21ACC4899F2BDAB49A0440431C7A17D6
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **memphisto** » 11 srp 2013 16:25

Toto otestuj na Virustotal
c:\windows\SysWow64\drivers\ntfs.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Jayo · Příspěvekod **Jayo** » 11 srp 2013 16:41

nemohu najít c:\windows\SysWow64\drivers\ntfs.sys a zadat do Virustotal

mám pokračovat na aswMBR bez skenu

Příspěvekod **memphisto** » 11 srp 2013 16:42

Máš zobrazeny skryté soubory?

Jayo · Příspěvekod **Jayo** » 11 srp 2013 16:45

ano a pořád nikde nic

Příspěvekod **jaro3** » 11 srp 2013 19:04

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Jayo · Příspěvekod **Jayo** » 11 srp 2013 19:44

mám nastaveno zobrazovat skryté a systémové soubory ale pořád soubor neni vidět

Příspěvekod **Žbeky** » 11 srp 2013 22:15

Zkus tu cestu jen nakopírovat do okna na stránce virustotal

Jayo · Příspěvekod **Jayo** » 12 srp 2013 18:35

ani kopírování nepomohlo - tento soubor nebyl nalezen

Příspěvekod **memphisto** » 13 srp 2013 16:27

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Jayo · Příspěvekod **Jayo** » 13 srp 2013 20:56

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-13 20:54:27
-----------------------------
20:54:27.562 OS Version: Windows x64 6.1.7601 Service Pack 1
20:54:27.562 Number of processors: 4 586 0x1E05
20:54:27.562 ComputerName: OEM-PC UserName: oem
20:54:29.481 Initialize success
20:54:41.368 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:54:41.368 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01118 Size: 953869MB BusType: 3
20:54:41.384 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
20:54:41.384 Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
20:54:41.399 Disk 1 MBR read successfully
20:54:41.399 Disk 1 MBR scan
20:54:41.399 Disk 1 Windows 7 default MBR code
20:54:41.415 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:54:41.415 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
20:54:41.431 Disk 1 scanning C:\Windows\system32\drivers
20:54:52.959 Service scanning
20:55:05.969 Modules scanning
20:55:05.969 Disk 1 trace - called modules:
20:55:06.001 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800a0862c0]<<sptd.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
20:55:06.016 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800a896060]
20:55:06.016 3 CLASSPNP.SYS[fffff88001b1343f] -> nt!IofCallDriver -> [0xfffffa800a563e40]
20:55:06.032 5 ACPI.sys[fffff880011987a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800a56d060]
20:55:06.032 \Driver\atapi[0xfffffa800975fe70] -> IRP_MJ_CREATE -> 0xfffffa800a0862c0
20:55:06.047 Scan finished successfully
20:55:23.363 Disk 1 MBR has been saved successfully to "C:\Users\oem\Desktop\MBR.dat"
20:55:23.379 The log file has been saved successfully to "C:\Users\oem\Desktop\aswMBR.txt"

Prosím o kontolu Vyřešeno

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Re: Prosím o kontolu

Kdo je online