ahoj,
prosím o kontrolu logu k tomuto tématu http://www.pc-help.cz/viewtopic.php?f=7&t=121896&p=951850#p951850
děkuji
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:12:36, on 9.12.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Tom\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\program files (x86)\winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Tom\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Tom\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files (x86)\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6}: NameServer = 160.218.161.60 160.218.167.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC1770C-3A85-4356-9DA8-23D7513444D6}: NameServer = 160.218.161.60 160.218.167.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5373C0F-ACD8-4441-B153-92D593275B89}: NameServer = 160.218.161.60 160.218.167.5
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8416 bytes
PC se seká - kontrola logu Vyřešeno
-
tomikzlesa
- Level 2
- Příspěvky: 214
- Registrován: červen 08
- Pohlaví:
- Stav:
Offline
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
tomikzlesa
- Level 2
- Příspěvky: 214
- Registrován: červen 08
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
log z AdwCleaner
log z Malwarebytes' Anti-Malware
Kód: Vybrat vše
# AdwCleaner v3.015 - Report created 11/12/2013 at 18:29:22
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Tom - SHIT
# Running from : C:\Download\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : BCUService
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Users\Tom\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\searchplugins\yahoo-zugo.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\systweak
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (cs)
[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\prefs.js ]
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[R0].txt - [3217 octets] - [11/12/2013 18:27:02]
AdwCleaner[S0].txt - [2990 octets] - [11/12/2013 18:29:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3050 octets] ##########
log z Malwarebytes' Anti-Malware
Kód: Vybrat vše
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2013.12.11.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Tom :: SHIT [limited]
11.12.2013 18:35:43
MBAM-log-2013-12-11 (18-37-56).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 233438
Uplynulý čas: 1 minut, 46 sekund
Nalezené procesy v paměti: 1
C:\Windows\temp\svchost.exe (Trojan.Agent.Gen) -> 4448 -> Nebyla provedena žádná instrukce.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 2
C:\Users\Tom\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\Tom\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
Nalezené soubory: 9
C:\Windows\temp\svchost.exe (Trojan.Agent.Gen) -> Nebyla provedena žádná instrukce.
C:\Windows\temp\phatk121016.cl (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Windows\temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Windows\temp\diablo130302.cl (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Windows\temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Windows\temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Users\Tom\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\Tom\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\Tom\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
(konec)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
Logy nedávej do code.
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
tomikzlesa
- Level 2
- Příspěvky: 214
- Registrován: červen 08
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
JRT Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Tom on p 13.12.2013 at 12:22:27,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\oj23w72w.default\minidumps [381 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 13.12.2013 at 12:26:09,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller Log
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Tom [Práva správce]
Mód : Kontrola -- Datum : 12/13/2013 12:31:06
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[SUSP PATH] szndesktop.exe -- C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] listicka-x64.exe -- C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe [7] -> SMAZÁNO [TermThr]
[SVCHOST] svchost.exe -- C:\Windows\temp\svchost.exe [-] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 25 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Tom\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1233362422-2132673313-2214222441-1000\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Tom\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1233362422-2132673313-2214222441-1000\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{8FC1770C-3A85-4356-9DA8-23D7513444D6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{C5373C0F-ACD8-4441-B153-92D593275B89} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{8FC1770C-3A85-4356-9DA8-23D7513444D6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{C5373C0F-ACD8-4441-B153-92D593275B89} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{8FC1770C-3A85-4356-9DA8-23D7513444D6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{C5373C0F-ACD8-4441-B153-92D593275B89} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] Origin : C:\Users\Tom\AppData\Roaming\Origin\update.vbe [-] -> NALEZENO
¤¤¤ spuštění položky : 1 ¤¤¤
[Tom][SUSP UNIC] SetPoint.exe ??� zástupce.lnk : F:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.exe ??� zástupce.lnk @C:\PROGRA~2\Logitech\SetPoint\SetPoint.exe [-][7] -> NALEZENO
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Public\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Tom\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\UpdatusUser.BigShit\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Tom\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 53ffe03b6a9a6f0d8a02fb4ef3ffe932
[BSP] e06c8f0c9145fd594f8a8899e8632c62 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 6fce3d5b98b59e99211f08a72e576a2b
[BSP] 2934739587be3ae455c30b136fc7ce64 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3250620AS ATA Device +++++
--- User ---
[MBR] 479e8ec2025d9bb9867531690e6ba552
[BSP] a6340bb0956753378d8006417df644f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 39996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81915435 | Size: 198474 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_12132013_123106.txt >>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Tom on p 13.12.2013 at 12:22:27,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\oj23w72w.default\minidumps [381 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 13.12.2013 at 12:26:09,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller Log
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Tom [Práva správce]
Mód : Kontrola -- Datum : 12/13/2013 12:31:06
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[SUSP PATH] szndesktop.exe -- C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] listicka-x64.exe -- C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe [7] -> SMAZÁNO [TermThr]
[SVCHOST] svchost.exe -- C:\Windows\temp\svchost.exe [-] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 25 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Tom\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1233362422-2132673313-2214222441-1000\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Tom\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1233362422-2132673313-2214222441-1000\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Tom\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{8FC1770C-3A85-4356-9DA8-23D7513444D6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{C5373C0F-ACD8-4441-B153-92D593275B89} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{8FC1770C-3A85-4356-9DA8-23D7513444D6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{C5373C0F-ACD8-4441-B153-92D593275B89} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{8FC1770C-3A85-4356-9DA8-23D7513444D6} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{C5373C0F-ACD8-4441-B153-92D593275B89} : NameServer (160.218.161.60 160.218.167.5 [EUROPEAN UNION (EU) - EUROPEAN UNION (EU)]) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] Origin : C:\Users\Tom\AppData\Roaming\Origin\update.vbe [-] -> NALEZENO
¤¤¤ spuštění položky : 1 ¤¤¤
[Tom][SUSP UNIC] SetPoint.exe ??� zástupce.lnk : F:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.exe ??� zástupce.lnk @C:\PROGRA~2\Logitech\SetPoint\SetPoint.exe [-][7] -> NALEZENO
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Public\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Tom\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\UpdatusUser.BigShit\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Tom\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 53ffe03b6a9a6f0d8a02fb4ef3ffe932
[BSP] e06c8f0c9145fd594f8a8899e8632c62 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 6fce3d5b98b59e99211f08a72e576a2b
[BSP] 2934739587be3ae455c30b136fc7ce64 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3250620AS ATA Device +++++
--- User ---
[MBR] 479e8ec2025d9bb9867531690e6ba552
[BSP] a6340bb0956753378d8006417df644f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 39996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81915435 | Size: 198474 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_12132013_123106.txt >>
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
A kde je Mbam a Adw po smazání?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
tomikzlesa
- Level 2
- Příspěvky: 214
- Registrován: červen 08
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
omlouvám , už je tech logu hodne 
ADW
# AdwCleaner v3.015 - Report created 13/12/2013 at 18:41:55
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Tom - SHIT
# Running from : C:\Download\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (cs)
[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3217 octets] - [11/12/2013 18:27:02]
AdwCleaner[R1].txt - [867 octets] - [11/12/2013 18:31:25]
AdwCleaner[R2].txt - [985 octets] - [13/12/2013 18:38:38]
AdwCleaner[R3].txt - [787 octets] - [13/12/2013 18:41:55]
AdwCleaner[S0].txt - [3142 octets] - [11/12/2013 18:29:22]
AdwCleaner[S1].txt - [927 octets] - [11/12/2013 18:32:28]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [965 octets] ##########
mabam
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2013.12.11.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Tom :: SHIT [limited]
13.12.2013 18:41:30
mbam-log-2013-12-13 (18-41-30).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 233716
Uplynulý čas: 1 minut, 46 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 6
C:\Windows\temp\svchost.exe (Trojan.Agent.Gen) -> Bude smazán při restartu.
C:\Windows\temp\phatk121016.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\temp\diablo130302.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
(konec)
ADW
# AdwCleaner v3.015 - Report created 13/12/2013 at 18:41:55
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Tom - SHIT
# Running from : C:\Download\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (cs)
[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3217 octets] - [11/12/2013 18:27:02]
AdwCleaner[R1].txt - [867 octets] - [11/12/2013 18:31:25]
AdwCleaner[R2].txt - [985 octets] - [13/12/2013 18:38:38]
AdwCleaner[R3].txt - [787 octets] - [13/12/2013 18:41:55]
AdwCleaner[S0].txt - [3142 octets] - [11/12/2013 18:29:22]
AdwCleaner[S1].txt - [927 octets] - [11/12/2013 18:32:28]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [965 octets] ##########
mabam
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2013.12.11.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Tom :: SHIT [limited]
13.12.2013 18:41:30
mbam-log-2013-12-13 (18-41-30).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 233716
Uplynulý čas: 1 minut, 46 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 6
C:\Windows\temp\svchost.exe (Trojan.Agent.Gen) -> Bude smazán při restartu.
C:\Windows\temp\phatk121016.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\temp\diablo130302.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Přesun do karantény a smazání se zdařilo.
(konec)
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
V pohodě 
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
tomikzlesa
- Level 2
- Příspěvky: 214
- Registrován: červen 08
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
RK log
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Tom [Práva správce]
Mód : Odebrat -- Datum : 12/13/2013 22:01:01
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Public\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Tom\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\UpdatusUser.BigShit\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Tom\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 53ffe03b6a9a6f0d8a02fb4ef3ffe932
[BSP] e06c8f0c9145fd594f8a8899e8632c62 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 6fce3d5b98b59e99211f08a72e576a2b
[BSP] 2934739587be3ae455c30b136fc7ce64 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3250620AS ATA Device +++++
--- User ---
[MBR] 479e8ec2025d9bb9867531690e6ba552
[BSP] a6340bb0956753378d8006417df644f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 39996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81915435 | Size: 198474 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_12132013_220101.txt >>
RKreport[0]_S_12132013_220042.txt
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Tom [Práva správce]
Mód : Odebrat -- Datum : 12/13/2013 22:01:01
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Public\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Tom\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\UpdatusUser.BigShit\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Tom\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 53ffe03b6a9a6f0d8a02fb4ef3ffe932
[BSP] e06c8f0c9145fd594f8a8899e8632c62 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 6fce3d5b98b59e99211f08a72e576a2b
[BSP] 2934739587be3ae455c30b136fc7ce64 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3250620AS ATA Device +++++
--- User ---
[MBR] 479e8ec2025d9bb9867531690e6ba552
[BSP] a6340bb0956753378d8006417df644f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 39996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81915435 | Size: 198474 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_12132013_220101.txt >>
RKreport[0]_S_12132013_220042.txt
-
tomikzlesa
- Level 2
- Příspěvky: 214
- Registrován: červen 08
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
CF log
ComboFix 13-12-13.01 - Tom 13.12.2013 21:51:49.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4092.2567 [GMT 1:00]
Spuštěný z: c:\download\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tom\msdata
c:\users\Tom\msdata\iexplorer.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-13 do 2013-12-13 )))))))))))))))))))))))))))))))
.
.
2013-12-13 20:54 . 2013-12-13 20:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-13 20:54 . 2013-12-13 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-13 18:05 . 2013-12-13 18:07 -------- d-----w- c:\programdata\RegCure
2013-12-13 18:05 . 2013-12-13 18:07 -------- d-----w- c:\program files (x86)\RegCure
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\users\Tom\AppData\Roaming\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\users\Tom\AppData\Roaming\DriverCure
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\programdata\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\program files (x86)\ParetoLogic
2013-12-13 11:22 . 2013-12-13 11:22 -------- d-----w- c:\windows\ERUNT
2013-12-11 17:52 . 2006-11-16 18:28 1147904 ----a-w- c:\windows\SysWow64\BDGE.ocx
2013-12-11 17:52 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\Mscomct2.ocx
2013-12-11 17:52 . 2004-03-08 21:00 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2013-12-11 17:52 . 2004-03-08 21:00 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2013-12-11 17:52 . 2003-07-28 02:11 65536 ----a-w- c:\windows\SysWow64\wh2robo.dll
2013-12-11 17:52 . 2003-01-18 17:32 49152 ----a-w- c:\windows\SysWow64\INETWH32.dll
2013-12-11 17:52 . 1998-08-04 23:00 63488 ----a-w- c:\windows\SysWow64\MsCc2IT.dll
2013-12-11 17:52 . 1998-08-04 23:00 33792 ----a-w- c:\windows\SysWow64\CmDlgIT.dll
2013-12-11 17:52 . 1998-08-04 23:00 150528 ----a-w- c:\windows\SysWow64\MsCmCIT.dll
2013-12-11 17:52 . 1997-10-08 19:30 30720 ----a-w- c:\windows\SysWow64\linkweb.ocx
2013-12-11 17:52 . 2013-12-11 17:52 -------- d-----w- c:\program files (x86)\Pianeta Musica
2013-12-11 17:52 . 2003-07-28 00:50 1044480 ----a-w- c:\windows\SysWow64\ROBOEX32.dll
2013-12-11 17:34 . 2013-12-11 17:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-11 17:34 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-11 17:26 . 2013-12-13 17:42 -------- d-----w- C:\AdwCleaner
2013-12-09 18:11 . 2013-12-09 18:11 388096 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-09 18:11 . 2013-12-09 18:11 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-08 08:10 . 2013-12-13 11:30 -------- d-----w- c:\users\UpdatusUser
2013-12-08 07:39 . 2013-12-08 07:39 -------- d-----w- c:\windows\Migration
2013-12-08 07:38 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B05070F-ED55-4BD7-80E9-518686B49AE0}\mpengine.dll
2013-12-08 07:38 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-12-08 07:38 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-12-08 07:38 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-12-08 07:38 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-12-08 07:38 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-12-08 07:38 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-12-08 07:38 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-12-08 07:38 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-12-08 07:38 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\users\Tom\AppData\Local\3DMGAME
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\program files (x86)\Seznam.cz
2013-12-06 16:59 . 2013-12-13 18:14 -------- d-----w- c:\users\Tom\AppData\Roaming\Seznam.cz
2013-12-04 20:41 . 2013-12-04 20:41 -------- d-----w- c:\users\Tom\AppData\Roaming\AVG
2013-12-04 20:40 . 2013-12-04 20:41 -------- d-----w- c:\programdata\AVG
2013-12-04 20:40 . 2013-12-04 20:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-04 20:23 . 2013-12-04 20:23 -------- d-----w- c:\program files\CPUID
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\.android
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\AppData\Local\cache
2013-12-04 17:13 . 2013-12-04 20:46 -------- d-----w- c:\users\Tom\AppData\Local\Mobogenie
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\AppData\Local\genienext
2013-11-25 17:22 . 2013-11-25 17:23 -------- d-----w- c:\program files (x86)\Dead Island
2013-11-20 18:03 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-11-20 18:03 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-20 17:57 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-20 17:56 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-20 17:56 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-20 17:56 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-20 17:56 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-20 17:56 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-20 17:56 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-20 17:48 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-20 17:48 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-20 17:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-20 17:46 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-20 17:45 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-20 17:45 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-20 17:45 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-20 17:45 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-20 17:45 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-18 17:35 . 2013-11-29 14:47 -------- d-----w- c:\program files (x86)\FreeRapid-0.9u3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 18:20 . 2012-08-08 18:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:20 . 2012-08-08 18:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-20 18:31 . 2012-08-08 18:04 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-19 02:33 . 2012-08-08 17:56 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 11:55 . 2012-08-08 17:32 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:55 . 2013-11-06 17:15 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-11-14 11:55 . 2012-08-08 17:32 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:55 . 2013-04-17 06:40 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-14 11:55 . 2012-08-08 17:32 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-11 15:02 . 2012-08-08 17:32 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2012-08-08 17:32 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2012-08-08 17:32 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2012-08-08 17:32 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2012-08-08 17:32 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2012-08-08 17:32 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-11 07:59 . 2013-11-11 07:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-23 10:30 . 2013-11-06 17:15 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-11-06 17:15 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-20 13:37 . 2013-10-20 13:37 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-10-20 13:37 . 2013-10-20 13:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-10-20 13:37 . 2013-10-20 13:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-10-20 13:37 . 2013-10-20 13:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-10-20 13:37 . 2013-10-20 13:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-10-20 13:37 . 2013-10-20 13:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-10-20 13:37 . 2013-10-20 13:37 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-10-20 13:37 . 2013-10-20 13:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-10-20 13:37 . 2013-10-20 13:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-10-20 13:37 . 2013-10-20 13:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-10-20 13:37 . 2013-10-20 13:37 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-10-20 13:37 . 2013-10-20 13:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-10-20 13:37 . 2013-10-20 13:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-10-20 13:37 . 2013-10-20 13:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-10-20 13:37 . 2013-10-20 13:37 441856 ----a-w- c:\windows\system32\html.iec
2013-10-20 13:37 . 2013-10-20 13:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-10-20 13:37 . 2013-10-20 13:37 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-10-20 13:37 . 2013-10-20 13:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-10-20 13:37 . 2013-10-20 13:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-20 13:37 . 2013-10-20 13:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-10-20 13:37 . 2013-10-20 13:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-10-20 13:37 . 2013-10-20 13:37 235008 ----a-w- c:\windows\system32\url.dll
2013-10-20 13:37 . 2013-10-20 13:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-10-20 13:37 . 2013-10-20 13:37 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-10-20 13:37 . 2013-10-20 13:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-10-20 13:37 . 2013-10-20 13:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-10-20 13:37 . 2013-10-20 13:37 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-10-20 13:37 . 2013-10-20 13:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-20 13:37 . 2013-10-20 13:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-10-20 13:37 . 2013-10-20 13:37 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-10-20 13:37 . 2013-10-20 13:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-20 13:37 . 2013-10-20 13:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-10-20 13:37 . 2013-10-20 13:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-10-20 13:37 . 2013-10-20 13:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-10-20 13:37 . 2013-10-20 13:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-10-20 13:37 . 2013-10-20 13:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-10-20 13:37 . 2013-10-20 13:37 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-10-20 13:37 . 2013-10-20 13:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-10-20 13:37 . 2013-10-20 13:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-10-20 13:37 . 2013-10-20 13:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-10-20 13:37 . 2013-10-20 13:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-10-20 13:37 . 2013-10-20 13:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-10-20 13:37 . 2013-10-20 13:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-10-20 13:37 . 2013-10-20 13:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-10-20 13:37 . 2013-10-20 13:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-10-20 13:37 . 2013-10-20 13:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-10-20 13:37 . 2013-10-20 13:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-10-20 13:37 . 2013-10-20 13:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-10-20 13:37 . 2013-10-20 13:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-10-20 13:35 . 2013-10-20 13:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-20 13:35 . 2013-10-20 13:35 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-10-20 13:35 . 2013-10-20 13:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-10-20 13:35 . 2013-10-20 13:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-10-20 13:35 . 2013-10-20 13:35 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-10-20 13:35 . 2013-10-20 13:35 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-10-20 13:35 . 2013-10-20 13:35 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-10-20 13:35 . 2013-10-20 13:35 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-10-20 13:35 . 2013-10-20 13:35 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-20 13:35 . 2013-10-20 13:35 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-10-20 13:35 . 2013-10-20 13:35 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-10-20 13:35 . 2013-10-20 13:35 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-20 13:35 . 2013-10-20 13:35 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-10-20 13:35 . 2013-10-20 13:35 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-10-20 13:35 . 2013-10-20 13:35 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files (x86)\Logitech\SetPoint\SetPoint.exe [2012-8-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XICTAMDM;CELOT-W USB MODEM Driver;c:\windows\system32\DRIVERS\XICTAMDM.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAMDM.sys [x]
R3 XICTANmea;CELOT-W NMEA Device Driver(WDM);c:\windows\system32\DRIVERS\XICTANmea.sys;c:\windows\SYSNATIVE\DRIVERS\XICTANmea.sys [x]
R3 XICTAVSP;CELOT-W DM Interface Driver(WDM);c:\windows\system32\DRIVERS\XICTAVSP.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAVSP.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;e:\instal\OpenHardwareMonitor\WinRing0x64.sys;e:\instal\OpenHardwareMonitor\WinRing0x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 18:20]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 15:51]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 15:51]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-12-13 c:\windows\Tasks\RegCure Pro.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-10-22 20:06]
.
2013-12-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files (x86)\RegCure\RegCure.exe [2012-07-13 11:45]
.
2013-12-13 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2012-07-13 11:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.20.3.1 192.168.20.9
TCP: Interfaces\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6}: NameServer = 160.218.161.60 160.218.167.5
TCP: Interfaces\{8FC1770C-3A85-4356-9DA8-23D7513444D6}: NameServer = 160.218.161.60 160.218.167.5
TCP: Interfaces\{C5373C0F-ACD8-4441-B153-92D593275B89}: NameServer = 160.218.161.60 160.218.167.5
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - ExtSQL: 2013-12-06 18:00; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1233362422-2132673313-2214222441-1000\Software\SecuROM\License information*]
"datasecu"=hex:78,2d,09,58,d7,c5,8b,7b,3b,de,b5,c0,2d,79,d2,0e,13,6d,9a,08,76,
19,7f,b5,21,bf,b9,7b,d4,41,96,55,bc,30,a6,06,e2,cf,72,00,b2,ec,a3,50,84,87,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-12-13 21:55:40
ComboFix-quarantined-files.txt 2013-12-13 20:55
.
Před spuštěním: Volných bajtů: 32 453 189 632
Po spuštění: Volných bajtů: 31 727 489 024
.
- - End Of File - - 7E8B16F6D2DC0228A84B61A101A3D231
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 13-12-13.01 - Tom 13.12.2013 21:51:49.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4092.2567 [GMT 1:00]
Spuštěný z: c:\download\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tom\msdata
c:\users\Tom\msdata\iexplorer.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-13 do 2013-12-13 )))))))))))))))))))))))))))))))
.
.
2013-12-13 20:54 . 2013-12-13 20:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-13 20:54 . 2013-12-13 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-13 18:05 . 2013-12-13 18:07 -------- d-----w- c:\programdata\RegCure
2013-12-13 18:05 . 2013-12-13 18:07 -------- d-----w- c:\program files (x86)\RegCure
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\users\Tom\AppData\Roaming\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\users\Tom\AppData\Roaming\DriverCure
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\programdata\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\program files (x86)\ParetoLogic
2013-12-13 11:22 . 2013-12-13 11:22 -------- d-----w- c:\windows\ERUNT
2013-12-11 17:52 . 2006-11-16 18:28 1147904 ----a-w- c:\windows\SysWow64\BDGE.ocx
2013-12-11 17:52 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\Mscomct2.ocx
2013-12-11 17:52 . 2004-03-08 21:00 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2013-12-11 17:52 . 2004-03-08 21:00 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2013-12-11 17:52 . 2003-07-28 02:11 65536 ----a-w- c:\windows\SysWow64\wh2robo.dll
2013-12-11 17:52 . 2003-01-18 17:32 49152 ----a-w- c:\windows\SysWow64\INETWH32.dll
2013-12-11 17:52 . 1998-08-04 23:00 63488 ----a-w- c:\windows\SysWow64\MsCc2IT.dll
2013-12-11 17:52 . 1998-08-04 23:00 33792 ----a-w- c:\windows\SysWow64\CmDlgIT.dll
2013-12-11 17:52 . 1998-08-04 23:00 150528 ----a-w- c:\windows\SysWow64\MsCmCIT.dll
2013-12-11 17:52 . 1997-10-08 19:30 30720 ----a-w- c:\windows\SysWow64\linkweb.ocx
2013-12-11 17:52 . 2013-12-11 17:52 -------- d-----w- c:\program files (x86)\Pianeta Musica
2013-12-11 17:52 . 2003-07-28 00:50 1044480 ----a-w- c:\windows\SysWow64\ROBOEX32.dll
2013-12-11 17:34 . 2013-12-11 17:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-11 17:34 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-11 17:26 . 2013-12-13 17:42 -------- d-----w- C:\AdwCleaner
2013-12-09 18:11 . 2013-12-09 18:11 388096 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-09 18:11 . 2013-12-09 18:11 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-08 08:10 . 2013-12-13 11:30 -------- d-----w- c:\users\UpdatusUser
2013-12-08 07:39 . 2013-12-08 07:39 -------- d-----w- c:\windows\Migration
2013-12-08 07:38 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B05070F-ED55-4BD7-80E9-518686B49AE0}\mpengine.dll
2013-12-08 07:38 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-12-08 07:38 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-12-08 07:38 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-12-08 07:38 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-12-08 07:38 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-12-08 07:38 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-12-08 07:38 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-12-08 07:38 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-12-08 07:38 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\users\Tom\AppData\Local\3DMGAME
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\program files (x86)\Seznam.cz
2013-12-06 16:59 . 2013-12-13 18:14 -------- d-----w- c:\users\Tom\AppData\Roaming\Seznam.cz
2013-12-04 20:41 . 2013-12-04 20:41 -------- d-----w- c:\users\Tom\AppData\Roaming\AVG
2013-12-04 20:40 . 2013-12-04 20:41 -------- d-----w- c:\programdata\AVG
2013-12-04 20:40 . 2013-12-04 20:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-04 20:23 . 2013-12-04 20:23 -------- d-----w- c:\program files\CPUID
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\.android
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\AppData\Local\cache
2013-12-04 17:13 . 2013-12-04 20:46 -------- d-----w- c:\users\Tom\AppData\Local\Mobogenie
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\AppData\Local\genienext
2013-11-25 17:22 . 2013-11-25 17:23 -------- d-----w- c:\program files (x86)\Dead Island
2013-11-20 18:03 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-11-20 18:03 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-20 17:57 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-20 17:56 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-20 17:56 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-20 17:56 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-20 17:56 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-20 17:56 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-20 17:56 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-20 17:48 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-20 17:48 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-20 17:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-20 17:46 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-20 17:45 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-20 17:45 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-20 17:45 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-20 17:45 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-20 17:45 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-18 17:35 . 2013-11-29 14:47 -------- d-----w- c:\program files (x86)\FreeRapid-0.9u3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 18:20 . 2012-08-08 18:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:20 . 2012-08-08 18:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-20 18:31 . 2012-08-08 18:04 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-19 02:33 . 2012-08-08 17:56 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 11:55 . 2012-08-08 17:32 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:55 . 2013-11-06 17:15 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-11-14 11:55 . 2012-08-08 17:32 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:55 . 2013-04-17 06:40 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-14 11:55 . 2012-08-08 17:32 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-11 15:02 . 2012-08-08 17:32 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2012-08-08 17:32 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2012-08-08 17:32 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2012-08-08 17:32 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2012-08-08 17:32 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2012-08-08 17:32 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-11 07:59 . 2013-11-11 07:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-23 10:30 . 2013-11-06 17:15 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-11-06 17:15 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-20 13:37 . 2013-10-20 13:37 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-10-20 13:37 . 2013-10-20 13:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-10-20 13:37 . 2013-10-20 13:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-10-20 13:37 . 2013-10-20 13:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-10-20 13:37 . 2013-10-20 13:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-10-20 13:37 . 2013-10-20 13:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-10-20 13:37 . 2013-10-20 13:37 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-10-20 13:37 . 2013-10-20 13:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-10-20 13:37 . 2013-10-20 13:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-10-20 13:37 . 2013-10-20 13:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-10-20 13:37 . 2013-10-20 13:37 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-10-20 13:37 . 2013-10-20 13:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-10-20 13:37 . 2013-10-20 13:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-10-20 13:37 . 2013-10-20 13:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-10-20 13:37 . 2013-10-20 13:37 441856 ----a-w- c:\windows\system32\html.iec
2013-10-20 13:37 . 2013-10-20 13:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-10-20 13:37 . 2013-10-20 13:37 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-10-20 13:37 . 2013-10-20 13:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-10-20 13:37 . 2013-10-20 13:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-20 13:37 . 2013-10-20 13:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-10-20 13:37 . 2013-10-20 13:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-10-20 13:37 . 2013-10-20 13:37 235008 ----a-w- c:\windows\system32\url.dll
2013-10-20 13:37 . 2013-10-20 13:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-10-20 13:37 . 2013-10-20 13:37 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-10-20 13:37 . 2013-10-20 13:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-10-20 13:37 . 2013-10-20 13:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-10-20 13:37 . 2013-10-20 13:37 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-10-20 13:37 . 2013-10-20 13:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-20 13:37 . 2013-10-20 13:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-10-20 13:37 . 2013-10-20 13:37 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-10-20 13:37 . 2013-10-20 13:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-20 13:37 . 2013-10-20 13:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-10-20 13:37 . 2013-10-20 13:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-10-20 13:37 . 2013-10-20 13:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-10-20 13:37 . 2013-10-20 13:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-10-20 13:37 . 2013-10-20 13:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-10-20 13:37 . 2013-10-20 13:37 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-10-20 13:37 . 2013-10-20 13:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-10-20 13:37 . 2013-10-20 13:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-10-20 13:37 . 2013-10-20 13:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-10-20 13:37 . 2013-10-20 13:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-10-20 13:37 . 2013-10-20 13:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-10-20 13:37 . 2013-10-20 13:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-10-20 13:37 . 2013-10-20 13:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-10-20 13:37 . 2013-10-20 13:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-10-20 13:37 . 2013-10-20 13:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-10-20 13:37 . 2013-10-20 13:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-10-20 13:37 . 2013-10-20 13:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-10-20 13:37 . 2013-10-20 13:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-10-20 13:35 . 2013-10-20 13:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-20 13:35 . 2013-10-20 13:35 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-10-20 13:35 . 2013-10-20 13:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-10-20 13:35 . 2013-10-20 13:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-10-20 13:35 . 2013-10-20 13:35 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-10-20 13:35 . 2013-10-20 13:35 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-10-20 13:35 . 2013-10-20 13:35 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-10-20 13:35 . 2013-10-20 13:35 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-10-20 13:35 . 2013-10-20 13:35 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-20 13:35 . 2013-10-20 13:35 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-10-20 13:35 . 2013-10-20 13:35 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-10-20 13:35 . 2013-10-20 13:35 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-20 13:35 . 2013-10-20 13:35 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-10-20 13:35 . 2013-10-20 13:35 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-10-20 13:35 . 2013-10-20 13:35 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files (x86)\Logitech\SetPoint\SetPoint.exe [2012-8-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XICTAMDM;CELOT-W USB MODEM Driver;c:\windows\system32\DRIVERS\XICTAMDM.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAMDM.sys [x]
R3 XICTANmea;CELOT-W NMEA Device Driver(WDM);c:\windows\system32\DRIVERS\XICTANmea.sys;c:\windows\SYSNATIVE\DRIVERS\XICTANmea.sys [x]
R3 XICTAVSP;CELOT-W DM Interface Driver(WDM);c:\windows\system32\DRIVERS\XICTAVSP.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAVSP.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;e:\instal\OpenHardwareMonitor\WinRing0x64.sys;e:\instal\OpenHardwareMonitor\WinRing0x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 18:20]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 15:51]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 15:51]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-12-13 c:\windows\Tasks\RegCure Pro.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-10-22 20:06]
.
2013-12-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files (x86)\RegCure\RegCure.exe [2012-07-13 11:45]
.
2013-12-13 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2012-07-13 11:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.20.3.1 192.168.20.9
TCP: Interfaces\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6}: NameServer = 160.218.161.60 160.218.167.5
TCP: Interfaces\{8FC1770C-3A85-4356-9DA8-23D7513444D6}: NameServer = 160.218.161.60 160.218.167.5
TCP: Interfaces\{C5373C0F-ACD8-4441-B153-92D593275B89}: NameServer = 160.218.161.60 160.218.167.5
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - ExtSQL: 2013-12-06 18:00; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1233362422-2132673313-2214222441-1000\Software\SecuROM\License information*]
"datasecu"=hex:78,2d,09,58,d7,c5,8b,7b,3b,de,b5,c0,2d,79,d2,0e,13,6d,9a,08,76,
19,7f,b5,21,bf,b9,7b,d4,41,96,55,bc,30,a6,06,e2,cf,72,00,b2,ec,a3,50,84,87,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-12-13 21:55:40
ComboFix-quarantined-files.txt 2013-12-13 20:55
.
Před spuštěním: Volných bajtů: 32 453 189 632
Po spuštění: Volných bajtů: 31 727 489 024
.
- - End Of File - - 7E8B16F6D2DC0228A84B61A101A3D231
A36C5E4F47E84449FF07ED3517B43A31
-
tomikzlesa
- Level 2
- Příspěvky: 214
- Registrován: červen 08
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
a nakonec jeste MWB log, uz je konecne cistej
ComboFix 13-12-13.01 - Tom 13.12.2013 21:51:49.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4092.2567 [GMT 1:00]
Spuštěný z: c:\download\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tom\msdata
c:\users\Tom\msdata\iexplorer.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-13 do 2013-12-13 )))))))))))))))))))))))))))))))
.
.
2013-12-13 20:54 . 2013-12-13 20:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-13 20:54 . 2013-12-13 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-13 18:05 . 2013-12-13 18:07 -------- d-----w- c:\programdata\RegCure
2013-12-13 18:05 . 2013-12-13 18:07 -------- d-----w- c:\program files (x86)\RegCure
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\users\Tom\AppData\Roaming\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\users\Tom\AppData\Roaming\DriverCure
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\programdata\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\program files (x86)\ParetoLogic
2013-12-13 11:22 . 2013-12-13 11:22 -------- d-----w- c:\windows\ERUNT
2013-12-11 17:52 . 2006-11-16 18:28 1147904 ----a-w- c:\windows\SysWow64\BDGE.ocx
2013-12-11 17:52 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\Mscomct2.ocx
2013-12-11 17:52 . 2004-03-08 21:00 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2013-12-11 17:52 . 2004-03-08 21:00 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2013-12-11 17:52 . 2003-07-28 02:11 65536 ----a-w- c:\windows\SysWow64\wh2robo.dll
2013-12-11 17:52 . 2003-01-18 17:32 49152 ----a-w- c:\windows\SysWow64\INETWH32.dll
2013-12-11 17:52 . 1998-08-04 23:00 63488 ----a-w- c:\windows\SysWow64\MsCc2IT.dll
2013-12-11 17:52 . 1998-08-04 23:00 33792 ----a-w- c:\windows\SysWow64\CmDlgIT.dll
2013-12-11 17:52 . 1998-08-04 23:00 150528 ----a-w- c:\windows\SysWow64\MsCmCIT.dll
2013-12-11 17:52 . 1997-10-08 19:30 30720 ----a-w- c:\windows\SysWow64\linkweb.ocx
2013-12-11 17:52 . 2013-12-11 17:52 -------- d-----w- c:\program files (x86)\Pianeta Musica
2013-12-11 17:52 . 2003-07-28 00:50 1044480 ----a-w- c:\windows\SysWow64\ROBOEX32.dll
2013-12-11 17:34 . 2013-12-11 17:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-11 17:34 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-11 17:26 . 2013-12-13 17:42 -------- d-----w- C:\AdwCleaner
2013-12-09 18:11 . 2013-12-09 18:11 388096 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-09 18:11 . 2013-12-09 18:11 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-08 08:10 . 2013-12-13 11:30 -------- d-----w- c:\users\UpdatusUser
2013-12-08 07:39 . 2013-12-08 07:39 -------- d-----w- c:\windows\Migration
2013-12-08 07:38 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B05070F-ED55-4BD7-80E9-518686B49AE0}\mpengine.dll
2013-12-08 07:38 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-12-08 07:38 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-12-08 07:38 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-12-08 07:38 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-12-08 07:38 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-12-08 07:38 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-12-08 07:38 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-12-08 07:38 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-12-08 07:38 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\users\Tom\AppData\Local\3DMGAME
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\program files (x86)\Seznam.cz
2013-12-06 16:59 . 2013-12-13 18:14 -------- d-----w- c:\users\Tom\AppData\Roaming\Seznam.cz
2013-12-04 20:41 . 2013-12-04 20:41 -------- d-----w- c:\users\Tom\AppData\Roaming\AVG
2013-12-04 20:40 . 2013-12-04 20:41 -------- d-----w- c:\programdata\AVG
2013-12-04 20:40 . 2013-12-04 20:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-04 20:23 . 2013-12-04 20:23 -------- d-----w- c:\program files\CPUID
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\.android
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\AppData\Local\cache
2013-12-04 17:13 . 2013-12-04 20:46 -------- d-----w- c:\users\Tom\AppData\Local\Mobogenie
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\AppData\Local\genienext
2013-11-25 17:22 . 2013-11-25 17:23 -------- d-----w- c:\program files (x86)\Dead Island
2013-11-20 18:03 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-11-20 18:03 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-20 17:57 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-20 17:56 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-20 17:56 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-20 17:56 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-20 17:56 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-20 17:56 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-20 17:56 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-20 17:48 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-20 17:48 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-20 17:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-20 17:46 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-20 17:45 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-20 17:45 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-20 17:45 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-20 17:45 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-20 17:45 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-18 17:35 . 2013-11-29 14:47 -------- d-----w- c:\program files (x86)\FreeRapid-0.9u3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 18:20 . 2012-08-08 18:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:20 . 2012-08-08 18:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-20 18:31 . 2012-08-08 18:04 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-19 02:33 . 2012-08-08 17:56 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 11:55 . 2012-08-08 17:32 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:55 . 2013-11-06 17:15 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-11-14 11:55 . 2012-08-08 17:32 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:55 . 2013-04-17 06:40 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-14 11:55 . 2012-08-08 17:32 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-11 15:02 . 2012-08-08 17:32 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2012-08-08 17:32 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2012-08-08 17:32 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2012-08-08 17:32 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2012-08-08 17:32 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2012-08-08 17:32 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-11 07:59 . 2013-11-11 07:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-23 10:30 . 2013-11-06 17:15 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-11-06 17:15 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-20 13:37 . 2013-10-20 13:37 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-10-20 13:37 . 2013-10-20 13:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-10-20 13:37 . 2013-10-20 13:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-10-20 13:37 . 2013-10-20 13:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-10-20 13:37 . 2013-10-20 13:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-10-20 13:37 . 2013-10-20 13:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-10-20 13:37 . 2013-10-20 13:37 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-10-20 13:37 . 2013-10-20 13:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-10-20 13:37 . 2013-10-20 13:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-10-20 13:37 . 2013-10-20 13:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-10-20 13:37 . 2013-10-20 13:37 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-10-20 13:37 . 2013-10-20 13:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-10-20 13:37 . 2013-10-20 13:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-10-20 13:37 . 2013-10-20 13:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-10-20 13:37 . 2013-10-20 13:37 441856 ----a-w- c:\windows\system32\html.iec
2013-10-20 13:37 . 2013-10-20 13:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-10-20 13:37 . 2013-10-20 13:37 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-10-20 13:37 . 2013-10-20 13:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-10-20 13:37 . 2013-10-20 13:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-20 13:37 . 2013-10-20 13:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-10-20 13:37 . 2013-10-20 13:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-10-20 13:37 . 2013-10-20 13:37 235008 ----a-w- c:\windows\system32\url.dll
2013-10-20 13:37 . 2013-10-20 13:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-10-20 13:37 . 2013-10-20 13:37 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-10-20 13:37 . 2013-10-20 13:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-10-20 13:37 . 2013-10-20 13:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-10-20 13:37 . 2013-10-20 13:37 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-10-20 13:37 . 2013-10-20 13:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-20 13:37 . 2013-10-20 13:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-10-20 13:37 . 2013-10-20 13:37 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-10-20 13:37 . 2013-10-20 13:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-20 13:37 . 2013-10-20 13:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-10-20 13:37 . 2013-10-20 13:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-10-20 13:37 . 2013-10-20 13:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-10-20 13:37 . 2013-10-20 13:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-10-20 13:37 . 2013-10-20 13:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-10-20 13:37 . 2013-10-20 13:37 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-10-20 13:37 . 2013-10-20 13:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-10-20 13:37 . 2013-10-20 13:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-10-20 13:37 . 2013-10-20 13:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-10-20 13:37 . 2013-10-20 13:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-10-20 13:37 . 2013-10-20 13:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-10-20 13:37 . 2013-10-20 13:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-10-20 13:37 . 2013-10-20 13:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-10-20 13:37 . 2013-10-20 13:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-10-20 13:37 . 2013-10-20 13:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-10-20 13:37 . 2013-10-20 13:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-10-20 13:37 . 2013-10-20 13:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-10-20 13:37 . 2013-10-20 13:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-10-20 13:35 . 2013-10-20 13:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-20 13:35 . 2013-10-20 13:35 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-10-20 13:35 . 2013-10-20 13:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-10-20 13:35 . 2013-10-20 13:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-10-20 13:35 . 2013-10-20 13:35 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-10-20 13:35 . 2013-10-20 13:35 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-10-20 13:35 . 2013-10-20 13:35 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-10-20 13:35 . 2013-10-20 13:35 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-10-20 13:35 . 2013-10-20 13:35 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-20 13:35 . 2013-10-20 13:35 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-10-20 13:35 . 2013-10-20 13:35 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-10-20 13:35 . 2013-10-20 13:35 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-20 13:35 . 2013-10-20 13:35 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-10-20 13:35 . 2013-10-20 13:35 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-10-20 13:35 . 2013-10-20 13:35 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files (x86)\Logitech\SetPoint\SetPoint.exe [2012-8-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XICTAMDM;CELOT-W USB MODEM Driver;c:\windows\system32\DRIVERS\XICTAMDM.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAMDM.sys [x]
R3 XICTANmea;CELOT-W NMEA Device Driver(WDM);c:\windows\system32\DRIVERS\XICTANmea.sys;c:\windows\SYSNATIVE\DRIVERS\XICTANmea.sys [x]
R3 XICTAVSP;CELOT-W DM Interface Driver(WDM);c:\windows\system32\DRIVERS\XICTAVSP.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAVSP.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;e:\instal\OpenHardwareMonitor\WinRing0x64.sys;e:\instal\OpenHardwareMonitor\WinRing0x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 18:20]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 15:51]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 15:51]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-12-13 c:\windows\Tasks\RegCure Pro.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-10-22 20:06]
.
2013-12-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files (x86)\RegCure\RegCure.exe [2012-07-13 11:45]
.
2013-12-13 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2012-07-13 11:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.20.3.1 192.168.20.9
TCP: Interfaces\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6}: NameServer = 160.218.161.60 160.218.167.5
TCP: Interfaces\{8FC1770C-3A85-4356-9DA8-23D7513444D6}: NameServer = 160.218.161.60 160.218.167.5
TCP: Interfaces\{C5373C0F-ACD8-4441-B153-92D593275B89}: NameServer = 160.218.161.60 160.218.167.5
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - ExtSQL: 2013-12-06 18:00; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1233362422-2132673313-2214222441-1000\Software\SecuROM\License information*]
"datasecu"=hex:78,2d,09,58,d7,c5,8b,7b,3b,de,b5,c0,2d,79,d2,0e,13,6d,9a,08,76,
19,7f,b5,21,bf,b9,7b,d4,41,96,55,bc,30,a6,06,e2,cf,72,00,b2,ec,a3,50,84,87,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-12-13 21:55:40
ComboFix-quarantined-files.txt 2013-12-13 20:55
.
Před spuštěním: Volných bajtů: 32 453 189 632
Po spuštění: Volných bajtů: 31 727 489 024
.
- - End Of File - - 7E8B16F6D2DC0228A84B61A101A3D231
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 13-12-13.01 - Tom 13.12.2013 21:51:49.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4092.2567 [GMT 1:00]
Spuštěný z: c:\download\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tom\msdata
c:\users\Tom\msdata\iexplorer.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-13 do 2013-12-13 )))))))))))))))))))))))))))))))
.
.
2013-12-13 20:54 . 2013-12-13 20:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-13 20:54 . 2013-12-13 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-13 18:05 . 2013-12-13 18:07 -------- d-----w- c:\programdata\RegCure
2013-12-13 18:05 . 2013-12-13 18:07 -------- d-----w- c:\program files (x86)\RegCure
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\users\Tom\AppData\Roaming\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\users\Tom\AppData\Roaming\DriverCure
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\programdata\ParetoLogic
2013-12-13 18:01 . 2013-12-13 18:01 -------- d-----w- c:\program files (x86)\ParetoLogic
2013-12-13 11:22 . 2013-12-13 11:22 -------- d-----w- c:\windows\ERUNT
2013-12-11 17:52 . 2006-11-16 18:28 1147904 ----a-w- c:\windows\SysWow64\BDGE.ocx
2013-12-11 17:52 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\Mscomct2.ocx
2013-12-11 17:52 . 2004-03-08 21:00 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2013-12-11 17:52 . 2004-03-08 21:00 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2013-12-11 17:52 . 2003-07-28 02:11 65536 ----a-w- c:\windows\SysWow64\wh2robo.dll
2013-12-11 17:52 . 2003-01-18 17:32 49152 ----a-w- c:\windows\SysWow64\INETWH32.dll
2013-12-11 17:52 . 1998-08-04 23:00 63488 ----a-w- c:\windows\SysWow64\MsCc2IT.dll
2013-12-11 17:52 . 1998-08-04 23:00 33792 ----a-w- c:\windows\SysWow64\CmDlgIT.dll
2013-12-11 17:52 . 1998-08-04 23:00 150528 ----a-w- c:\windows\SysWow64\MsCmCIT.dll
2013-12-11 17:52 . 1997-10-08 19:30 30720 ----a-w- c:\windows\SysWow64\linkweb.ocx
2013-12-11 17:52 . 2013-12-11 17:52 -------- d-----w- c:\program files (x86)\Pianeta Musica
2013-12-11 17:52 . 2003-07-28 00:50 1044480 ----a-w- c:\windows\SysWow64\ROBOEX32.dll
2013-12-11 17:34 . 2013-12-11 17:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-11 17:34 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-11 17:26 . 2013-12-13 17:42 -------- d-----w- C:\AdwCleaner
2013-12-09 18:11 . 2013-12-09 18:11 388096 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-09 18:11 . 2013-12-09 18:11 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-08 08:10 . 2013-12-13 11:30 -------- d-----w- c:\users\UpdatusUser
2013-12-08 07:39 . 2013-12-08 07:39 -------- d-----w- c:\windows\Migration
2013-12-08 07:38 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B05070F-ED55-4BD7-80E9-518686B49AE0}\mpengine.dll
2013-12-08 07:38 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-12-08 07:38 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-12-08 07:38 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-12-08 07:38 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-12-08 07:38 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-12-08 07:38 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-12-08 07:38 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-12-08 07:38 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-12-08 07:38 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\users\Tom\AppData\Local\3DMGAME
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\program files (x86)\Seznam.cz
2013-12-06 16:59 . 2013-12-13 18:14 -------- d-----w- c:\users\Tom\AppData\Roaming\Seznam.cz
2013-12-04 20:41 . 2013-12-04 20:41 -------- d-----w- c:\users\Tom\AppData\Roaming\AVG
2013-12-04 20:40 . 2013-12-04 20:41 -------- d-----w- c:\programdata\AVG
2013-12-04 20:40 . 2013-12-04 20:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-04 20:23 . 2013-12-04 20:23 -------- d-----w- c:\program files\CPUID
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\.android
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\AppData\Local\cache
2013-12-04 17:13 . 2013-12-04 20:46 -------- d-----w- c:\users\Tom\AppData\Local\Mobogenie
2013-12-04 17:13 . 2013-12-04 17:13 -------- d-----w- c:\users\Tom\AppData\Local\genienext
2013-11-25 17:22 . 2013-11-25 17:23 -------- d-----w- c:\program files (x86)\Dead Island
2013-11-20 18:03 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-11-20 18:03 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-20 17:57 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-20 17:56 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-20 17:56 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-20 17:56 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-20 17:56 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-20 17:56 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-20 17:56 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-20 17:48 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-20 17:48 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-20 17:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-20 17:46 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-20 17:45 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-20 17:45 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-20 17:45 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-20 17:45 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-20 17:45 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-18 17:35 . 2013-11-29 14:47 -------- d-----w- c:\program files (x86)\FreeRapid-0.9u3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 18:20 . 2012-08-08 18:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:20 . 2012-08-08 18:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-20 18:31 . 2012-08-08 18:04 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-19 02:33 . 2012-08-08 17:56 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 11:55 . 2012-08-08 17:32 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:55 . 2013-11-06 17:15 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-11-14 11:55 . 2012-08-08 17:32 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:55 . 2013-04-17 06:40 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-14 11:55 . 2012-08-08 17:32 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-11 15:02 . 2012-08-08 17:32 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2012-08-08 17:32 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2012-08-08 17:32 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2012-08-08 17:32 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2012-08-08 17:32 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2012-08-08 17:32 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-11 07:59 . 2013-11-11 07:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-23 10:30 . 2013-11-06 17:15 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-11-06 17:15 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-20 13:37 . 2013-10-20 13:37 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-10-20 13:37 . 2013-10-20 13:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-10-20 13:37 . 2013-10-20 13:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-10-20 13:37 . 2013-10-20 13:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-10-20 13:37 . 2013-10-20 13:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-10-20 13:37 . 2013-10-20 13:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-10-20 13:37 . 2013-10-20 13:37 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-10-20 13:37 . 2013-10-20 13:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-10-20 13:37 . 2013-10-20 13:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-10-20 13:37 . 2013-10-20 13:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-10-20 13:37 . 2013-10-20 13:37 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-10-20 13:37 . 2013-10-20 13:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-10-20 13:37 . 2013-10-20 13:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-10-20 13:37 . 2013-10-20 13:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-10-20 13:37 . 2013-10-20 13:37 441856 ----a-w- c:\windows\system32\html.iec
2013-10-20 13:37 . 2013-10-20 13:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-10-20 13:37 . 2013-10-20 13:37 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-10-20 13:37 . 2013-10-20 13:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-10-20 13:37 . 2013-10-20 13:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-20 13:37 . 2013-10-20 13:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-10-20 13:37 . 2013-10-20 13:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-10-20 13:37 . 2013-10-20 13:37 235008 ----a-w- c:\windows\system32\url.dll
2013-10-20 13:37 . 2013-10-20 13:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-10-20 13:37 . 2013-10-20 13:37 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-10-20 13:37 . 2013-10-20 13:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-10-20 13:37 . 2013-10-20 13:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-10-20 13:37 . 2013-10-20 13:37 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-10-20 13:37 . 2013-10-20 13:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-20 13:37 . 2013-10-20 13:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-10-20 13:37 . 2013-10-20 13:37 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-10-20 13:37 . 2013-10-20 13:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-20 13:37 . 2013-10-20 13:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-10-20 13:37 . 2013-10-20 13:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-10-20 13:37 . 2013-10-20 13:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-10-20 13:37 . 2013-10-20 13:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-10-20 13:37 . 2013-10-20 13:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-10-20 13:37 . 2013-10-20 13:37 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-10-20 13:37 . 2013-10-20 13:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-10-20 13:37 . 2013-10-20 13:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-10-20 13:37 . 2013-10-20 13:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-10-20 13:37 . 2013-10-20 13:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-10-20 13:37 . 2013-10-20 13:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-10-20 13:37 . 2013-10-20 13:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-10-20 13:37 . 2013-10-20 13:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-10-20 13:37 . 2013-10-20 13:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-10-20 13:37 . 2013-10-20 13:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-10-20 13:37 . 2013-10-20 13:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-10-20 13:37 . 2013-10-20 13:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-10-20 13:37 . 2013-10-20 13:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-10-20 13:35 . 2013-10-20 13:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-20 13:35 . 2013-10-20 13:35 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-10-20 13:35 . 2013-10-20 13:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-10-20 13:35 . 2013-10-20 13:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-10-20 13:35 . 2013-10-20 13:35 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-10-20 13:35 . 2013-10-20 13:35 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-10-20 13:35 . 2013-10-20 13:35 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-10-20 13:35 . 2013-10-20 13:35 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-10-20 13:35 . 2013-10-20 13:35 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-20 13:35 . 2013-10-20 13:35 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-10-20 13:35 . 2013-10-20 13:35 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-10-20 13:35 . 2013-10-20 13:35 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-20 13:35 . 2013-10-20 13:35 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-20 13:35 . 2013-10-20 13:35 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-10-20 13:35 . 2013-10-20 13:35 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-10-20 13:35 . 2013-10-20 13:35 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files (x86)\Logitech\SetPoint\SetPoint.exe [2012-8-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XICTAMDM;CELOT-W USB MODEM Driver;c:\windows\system32\DRIVERS\XICTAMDM.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAMDM.sys [x]
R3 XICTANmea;CELOT-W NMEA Device Driver(WDM);c:\windows\system32\DRIVERS\XICTANmea.sys;c:\windows\SYSNATIVE\DRIVERS\XICTANmea.sys [x]
R3 XICTAVSP;CELOT-W DM Interface Driver(WDM);c:\windows\system32\DRIVERS\XICTAVSP.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAVSP.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;e:\instal\OpenHardwareMonitor\WinRing0x64.sys;e:\instal\OpenHardwareMonitor\WinRing0x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 18:20]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 15:51]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 15:51]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-12-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-12-13 c:\windows\Tasks\RegCure Pro.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-10-22 20:06]
.
2013-12-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files (x86)\RegCure\RegCure.exe [2012-07-13 11:45]
.
2013-12-13 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2012-07-13 11:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.20.3.1 192.168.20.9
TCP: Interfaces\{675DA55C-CF9B-447B-8BDF-C7B8BA3B9EA6}: NameServer = 160.218.161.60 160.218.167.5
TCP: Interfaces\{8FC1770C-3A85-4356-9DA8-23D7513444D6}: NameServer = 160.218.161.60 160.218.167.5
TCP: Interfaces\{C5373C0F-ACD8-4441-B153-92D593275B89}: NameServer = 160.218.161.60 160.218.167.5
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - ExtSQL: 2013-12-06 18:00; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\oj23w72w.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1233362422-2132673313-2214222441-1000\Software\SecuROM\License information*]
"datasecu"=hex:78,2d,09,58,d7,c5,8b,7b,3b,de,b5,c0,2d,79,d2,0e,13,6d,9a,08,76,
19,7f,b5,21,bf,b9,7b,d4,41,96,55,bc,30,a6,06,e2,cf,72,00,b2,ec,a3,50,84,87,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-12-13 21:55:40
ComboFix-quarantined-files.txt 2013-12-13 20:55
.
Před spuštěním: Volných bajtů: 32 453 189 632
Po spuštění: Volných bajtů: 31 727 489 024
.
- - End Of File - - 7E8B16F6D2DC0228A84B61A101A3D231
A36C5E4F47E84449FF07ED3517B43A31
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: PC se seká - kontrola logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Folder::
c:\program files (x86)\Seznam.cz
c:\users\Tom\AppData\Roaming\Seznam.cz
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Google\Update
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"=-
Driver::
SBSDWSCService
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
DDS::
uLocal Page = c:\windows\system32\blank.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 68 hostů