prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
lara
nováček
Příspěvky: 18
Registrován: květen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod lara » 24 srp 2015 14:10

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Liba on po 24.08.2015 at 13:09:28,45.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Liba\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2015-05-19-191126.log 15775 bytes

==== Empty Folders Check ======================

C:\Users\Liba\AppData\Roaming\Publish Providers deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Liba\.android deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Files Recently Created / Modified ======================

====== C:\windows ====
2015-08-18 10:12:42 B58952E67FC2FA0E689F4F0F4E3091E6 43112 ----a-w- C:\windows\avastSS.scr
2015-07-30 08:46:58 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\windows\prleth.sys
2015-07-30 08:46:58 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\windows\hgfs.sys
====== C:\Users\Liba\AppData\Local\Temp ====
2015-08-17 09:30:04 3556D5A8BF2CC508BDAB51DEC38D7C61 1731936 ----a-w- C:\Users\Liba\AppData\Local\Temp\dllnt_dump.dll
====== Java Cache =====
====== C:\windows\SysWOW64 =====
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2015-08-18 10:12:53 A4DDD3B3A0B3EB00EC64D90CDF5405DD 378880 ----a-w- C:\windows\Sysnative\aswBoot.exe
====== C:\windows\Sysnative\drivers =====
2015-08-18 10:12:24 6EBBD0E2CF55056DA75B539F6BA8F70E 454016 ----a-w- C:\windows\Sysnative\drivers\aswNdisFlt.sys
2015-08-17 09:30:05 531121E7ED50084B493A69F8F8A7A927 37624 ----a-w- C:\windows\Sysnative\drivers\TrueSight.sys
2015-08-17 09:18:24 60F5579B6B33F509C52200207F79B795 79064 ----a-w- C:\windows\Sysnative\drivers\kbkhww.sys
2015-08-04 10:08:42 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-08-04 10:08:12 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\windows\Sysnative\drivers\mbamchameleon.sys
2015-08-04 10:08:12 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\windows\Sysnative\drivers\mwac.sys
2015-08-04 10:08:12 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\windows\Sysnative\drivers\mbam.sys
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
2015-07-30 09:38:57 -------- d-----w- C:\Program Files\Windows Live
======= C:\PROGRA~2 =====
2015-07-30 09:38:32 -------- d-----w- C:\PROGRA~2\Windows Live
2015-07-30 09:32:33 -------- d-----w- C:\PROGRA~2\Microsoft OneDrive
2015-07-30 08:51:17 -------- d-----w- C:\PROGRA~2\AVG
2015-07-30 08:43:41 -------- d-----w- C:\PROGRA~2\COMMON~1\Windows Live
======= C: =====
====== C:\Users\Liba\AppData\Roaming ======
2015-08-21 09:23:42 00193A4B31CBFDA32E36936A9BCD6C67 759 ----a-w- C:\Users\Liba\AppData\Local\recently-used.xbel
2015-08-21 09:15:55 -------- d-----w- C:\Users\Liba\AppData\Local\fontconfig
2015-08-21 09:11:47 -------- d-----w- C:\Users\Liba\AppData\Roaming\inkscape
2015-08-12 09:35:17 -------- d-----w- C:\windows\SysNative\config\systemprofile\AppData\Local\CrashDumps
2015-08-09 13:10:28 -------- d-----w- C:\Users\Liba\AppData\Local\ACD Systems
2015-08-04 08:16:29 -------- d-----w- C:\Users\Liba\AppData\Local\CrashDumps
2015-08-04 07:55:41 -------- d-----w- C:\Users\Liba\AppData\Local\Adobe
2015-08-04 06:51:10 -------- d-----w- C:\Users\Liba\AppData\Local\Broadcom
2015-08-03 01:03:34 -------- d-----w- C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG
2015-07-30 08:52:22 -------- d-----w- C:\windows\SysNative\config\systemprofile\AppData\Local\Avg
2015-07-30 08:51:29 -------- d-----w- C:\Users\Liba\AppData\Roaming\AVG
2015-07-30 08:51:23 -------- d-----w- C:\windows\sysWoW64\config\systemprofile\AppData\Local\Avg
2015-07-30 08:43:53 -------- d-----w- C:\Users\Liba\AppData\Local\Windows Live
2015-07-30 08:12:15 -------- d-----w- C:\Users\Liba\AppData\Roaming\avidemux
2015-07-30 08:01:15 -------- d-----w- C:\Users\Liba\AppData\Roaming\Machete Lite
====== C:\Users\Liba ======
2015-08-24 07:44:23 89C4CCAF2E9049F5EFEC2D4ED8064283 6505624 ----a-w- C:\Users\Liba\Downloads\FileZilla_3.13.0_win64-setup.exe
2015-08-17 09:29:42 -------- d-----w- C:\ProgramData\RogueKiller
2015-08-17 08:33:01 39C0EDB70CCBBB74FA3F81A9FBB7B8EC 22658120 ----a-w- C:\Users\Liba\Downloads\winlogon.exe
2015-07-30 09:41:22 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-07-30 09:32:29 -------- d-----r- C:\Users\Liba\OneDrive
2015-07-30 09:32:02 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-07-30 08:50:21 -------- d--h--w- C:\ProgramData\Common Files
2015-07-30 08:50:20 -------- d-----w- C:\ProgramData\AVG
2015-07-27 16:08:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

====== C: exe-files ==
2015-08-24 09:47:48 E62D4FB43C9EBFC135D0573ABFD2251D 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3465981613-3088051064-1141345442-1001\$IJELV0G.exe
2015-08-24 07:44:23 89C4CCAF2E9049F5EFEC2D4ED8064283 6505624 ----a-w- C:\Users\Liba\Downloads\FileZilla_3.13.0_win64-setup.exe
2015-08-24 07:22:10 FB520334532FBCAE142BBA57B147791F 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3465981613-3088051064-1141345442-1001\$I5AHOST.exe
2015-08-24 07:22:10 DAD937659E51397255F0904A48A79511 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3465981613-3088051064-1141345442-1001\$I5ZQEP6.exe
2015-08-24 07:22:10 D41150FD6FC3EA96BC75627FECA195CF 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3465981613-3088051064-1141345442-1001\$IX78TVL.exe
2015-08-24 07:22:10 C7FCFC739ADE8EF99EB3F52C8C600C06 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3465981613-3088051064-1141345442-1001\$I2NH9ZF.exe
2015-08-23 10:57:49 E2AB465A4F48E9E64FE028374249B881 981584 ----a-w- C:\Program Files (x86)\Google\Update\Install\{06546712-7ADC-4CCD-8405-0BC9F33BCD35}\44.0.2403.157_44.0.2403.155_chrome_updater.exe
2015-08-23 10:57:49 E2AB465A4F48E9E64FE028374249B881 981584 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.157\44.0.2403.157_44.0.2403.155_chrome_updater.exe
2015-08-18 10:12:53 A4DDD3B3A0B3EB00EC64D90CDF5405DD 378880 ----a-w- C:\Windows\System32\aswBoot.exe
=== C: other files ==
2015-08-18 10:12:24 6EBBD0E2CF55056DA75B539F6BA8F70E 454016 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"331BigDog"="C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"OnekeyStudio"="C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2011-01-24 09:45:45 876 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2013-12-04 12:08:25 2653 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12.08.2015 19:17]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13.04.2013 19:48]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13.04.2013 19:48]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\{3744EC5D-4935-4CC2-BFD9-125B9B44EAE4}" ["c:\program files (x86)\opera\launcher.exe"]
"C:\windows\SysNative\tasks\{62C9C5EB-3E77-47A9-A15F-02D8551BB604}" ["c:\program files (x86)\opera\launcher.exe"]
"C:\windows\SysNative\tasks\{9393C7B9-8417-46CA-8ED9-7E5F83A6FDD5}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]
"C:\windows\SysNative\tasks\{AFBB136B-52FB-4F6B-94D9-43A850C74CF6}" ["c:\program files (x86)\opera\launcher.exe"]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Liba\AppData\Roaming\TomTom\HOME\Profiles\bqpi4wg4.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [18.08.2015 12:12]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Liba\AppData\Roaming\TomTom\HOME\Profiles\bqpi4wg4.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 44.0.2403.157

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[22.07.2015 15:50]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[22.07.2015 15:50]

Avast SafePrice - Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Web Store Payments - Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Preferences
ifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/gcm","https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleapis.com/gcm/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\44.0.2403.107\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"homepage":"https://www.google.cz/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8","homepage_changed":true,"homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1608B0EFF2612A56AF83A8200160079294AA391408C65E2B4D2D768B9572726A"},"default_search_provider":{"keyword":"317B44D4E2E7989FE721D1852EF922806E1F0577C37840E95F12600B8A6C9324","name":"5FBC57DEBB72CAE6A58643B39546227CFAB9D026A1B12A5B8E73B03D316F998E","search_url":"1CA3CF5C672057B2B37B5B7231A529388D6E20C173BAF2EE26EA0AC5FFF35304"},"default_search_provider_data":{"template_url_data":"324D7C5226A7D2292FC85C6B82EE03B9EF27FD9B8A01A811D14A21F1A20BAB6C"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"ACD1FDD4F5F1210E906E63E020E7562F2820C00AE9D7933683DF24E80F1E535E","bepbmhgboaologfdajaanbcjmnhjmhfn":"4C736BFE47FA6B587EED5B74500B479D13AF64E945BE4235DD40658322EA3B8A","eemcgdkfndhakfknompkggombfjjjeno":"51E35C13407C5642B8DD9FD4CD82BCD6B7F5FB90FDCB625274A1828A637D58AE","ennkphjdgehloodpbhlhldgbnhmacadg":"8D583A2EEE6B6300040E5E47620E1F121607ECC2DB35F8501AA476BCCD626E4A","eofcbnmajmjmplflapaojjnihcjkigck":"ECF05DBE4F912307E9F21572863F8D620EEA48D296922D4A67E2EEAE0756D346","gfdkimpbcpahaombhbimeihdjnejgicl":"B0C7811C61257C09B231898731E4FFC626B439009DB6975041B620927D8A3EE6","gomekmidlodglbbmalcneegieacbdmki":"BBCA9232D7AF99A55BFAE81CDE3393F53E0257195D76DFFA5744FDCC86FC734B","kmendfapggjehodndflmmgagdbamhnfd":"FE5F7B77BFB9FE34E795B69799FD0CBF22E3B29D41D80BE42786AB0AE68107C6","mfehgcgbbipciphmccgaenjidiccnmng":"D0F4F959C70C62C6AF0A2652A3C03510483F28E8BA36D901D4B2C34291888197","mgndgikekgjfcpckkfioiadnlibdjbkf":"51B43D9DDF66848098B7578AEC8FFD7B1D5BB7282442EE30353E87461027DC6F","mhjfbmdgcfjbbpaeojofohoefgiehjai":"1A951570FBD665C7F8C02BAFFB03E5DCBB0485829FD7807239F7F487D0375998","neajdppkdcdipfabeoofebfddakdcjhd":"9391190C80B1278F7665C3BB7031867E97B97F9A24AA5ED242171C3407BE68CB","nkeimhogjdpnpccoofpliimaahmaaome":"D3E68CD8CFB13D3B43E6691C02A3570AFA9FB413265F394D181CD0DFA94ADA62","nmmhkkegccagdldgiimedpiccmgmieda":"E30165167BA22D98EF7859E3373AAD106D964D7D458E4776C308E4393C001AA4","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"62070D98753B6B29C946D54B0559B4B43A1707768EF1A835D365A3AF60486EA9"}},"google":{"services":{"account_id":"1EED7F3671193FF7CFB3EFD19BEF78029BA7E4717898F1D7BFF67BB1F7E2A132","last_username":"38AC06465E26C10B136137655F5ECFD968308AA16AAE917DA34D8568E69FAEEB","username":"ADD2EE9EFABF7B6FD94892D077FB06ED1E64A056BD75169AAC4212B5C7C4873E"}},"homepage":"85DC61FA7BEFE8B5586E00081E5A0805D47940A69EA1143D5BA25D7B0A7F56B5","homepage_is_newtabpage":"838CD3E1BB7717F1F8D0C57684D56DFB892A2C58EBDAC172C8EC5FE5FADB9449","pinned_tabs":"92B2F6B5FC31DB6109CD56D7588D6FAA2BE540A74D805B499E2A818B6C8DB96A","prefs":{"preference_reset_time":"40D93AD6F6A6D457328893AB7099E475AB3E9C7D23425C02CB27871E2A302E41"},"profile":{"reset_prompt_memento":"71683A8E840CC65FFB1E285E9B3341A0D18E051CB8ED49E5B12DEDD88400130E"},"safebrowsing":{"incidents_sent":"B82140D0BF098E0E6CF2282569F3C2D49F092D6469854A1248929D17FCC708F7"},"search_provider_overrides":"DF78935BD6AF4C949F2765305084C160C2C3F97306AF929F7FF42D0DCBFF277C","session":{"restore_on_startup":"8D9B7DFA0BD310ACD408B00E928706BC2A625A26B65815788A77CA0136AF92B7","startup_urls":"38FB56B65E14781E98E35BC45022529B4BBD9C9AEA45900E7798EC258EB8E9D6"},"software_reporter":{"prompt_reason":"2DCF3876BE71B78FE8FB8A72A3CB3B28595976130A6439B4EFF58F0BC4E265B6","prompt_seed":"F1EBE7554CD9EDC8819104738D2CA2BA88E0DFF575C8F248FCB8C4D964CF0E37","prompt_version":"1F995D05A3287AB384F93483EB9793F237AB129328DE31EAFA4FC3018D39DC56"},"sync":{"remaining_rollback_tries":"7E65597CFA8B475C8B454333DC9DB647238E30AB5AF6AAD924CFCE0CDB25BC14"}},"super_mac":"EC3C81A2B812979204EE94F3F35DD69624E43DB7180199D1B6B910A1BDF21BAF"},"session":{"restore_on_startup":1,"startup_urls":["http://www.google.cz/"]}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Liba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Liba\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Liba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Liba\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=92 folders=32 95656988 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Liba\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Liba\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Liba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on po 24.08.2015 at 14:08:07,48 ======================
Nahoru
Reklama
Top
lara
nováček
Příspěvky: 18
Registrován: květen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod lara » 24 srp 2015 14:47

ComboFix 15-08-24.01 - Liba 24.08.2015 14:21:32.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2935.1198 [GMT 2:00]
Spuštěný z: c:\users\Liba\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\s.bat
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-24 do 2015-08-24 )))))))))))))))))))))))))))))))
.
.
2015-08-24 12:32 . 2015-08-24 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-24 12:04 . 2015-08-24 11:09 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-24 12:04 . 2015-08-24 12:32 -------- d-----w- c:\users\Liba\AppData\Local\Temp
2015-08-21 09:15 . 2015-08-21 09:15 -------- d-----w- c:\users\Liba\AppData\Local\fontconfig
2015-08-21 09:13 . 2015-08-21 09:13 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\offreg.2688.dll
2015-08-21 09:11 . 2015-08-21 09:11 -------- d-----w- c:\users\Liba\AppData\Roaming\inkscape
2015-08-18 10:12 . 2015-08-18 10:12 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-08-18 10:12 . 2015-08-18 10:12 43112 ----a-w- c:\windows\avastSS.scr
2015-08-18 10:12 . 2015-08-18 10:12 454016 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-08-17 09:30 . 2015-08-24 10:27 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-17 09:29 . 2015-08-17 09:32 -------- d-----w- c:\programdata\RogueKiller
2015-08-17 09:18 . 2015-08-17 09:18 79064 ----a-w- c:\windows\system32\drivers\kbkhww.sys
2015-08-13 16:31 . 2015-08-13 16:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\offreg.4668.dll
2015-08-13 16:22 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\mpengine.dll
2015-08-09 13:10 . 2015-08-09 13:10 -------- d-----w- c:\users\Liba\AppData\Local\ACD Systems
2015-08-04 10:08 . 2015-08-17 08:34 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-04 10:08 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-04 10:08 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-04 10:08 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-04 10:08 . 2015-08-04 10:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-04 08:16 . 2015-08-24 08:12 -------- d-----w- c:\users\Liba\AppData\Local\CrashDumps
2015-08-04 07:55 . 2015-08-04 07:55 -------- d-----w- c:\users\Liba\AppData\Local\Adobe
2015-08-04 06:51 . 2015-08-04 06:51 -------- d-----w- c:\users\Liba\AppData\Local\Broadcom
2015-07-30 09:41 . 2015-07-30 09:41 -------- d-----w- c:\windows\cs
2015-07-30 09:41 . 2015-07-30 09:41 -------- d-----w- c:\windows\en
2015-07-30 09:41 . 2015-07-30 09:41 -------- d-----w- c:\windows\sk
2015-07-30 09:38 . 2015-07-30 09:38 -------- d-----w- c:\program files\Windows Live
2015-07-30 09:38 . 2015-07-30 09:40 -------- d-----w- c:\program files (x86)\Windows Live
2015-07-30 09:38 . 2015-07-30 09:38 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-07-30 09:32 . 2015-07-30 09:32 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2015-07-30 09:32 . 2015-07-30 09:32 -------- d-----r- c:\users\Liba\OneDrive
2015-07-30 09:32 . 2015-07-30 09:32 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-07-30 08:51 . 2015-07-30 08:51 -------- d-----w- c:\users\Liba\AppData\Roaming\AVG
2015-07-30 08:51 . 2015-07-30 08:51 -------- d-----w- c:\program files (x86)\AVG
2015-07-30 08:50 . 2015-07-30 08:50 -------- d--h--w- c:\programdata\Common Files
2015-07-30 08:50 . 2015-07-30 08:52 -------- d-----w- c:\programdata\AVG
2015-07-30 08:46 . 2015-07-30 08:46 0 ----a-w- c:\windows\prleth.sys
2015-07-30 08:46 . 2015-07-30 08:46 0 ----a-w- c:\windows\hgfs.sys
2015-07-30 08:43 . 2015-07-30 08:43 -------- d-----w- c:\users\Liba\AppData\Local\Windows Live
2015-07-30 08:43 . 2015-07-30 08:43 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2015-07-30 08:12 . 2015-07-30 08:45 -------- d-----w- c:\users\Liba\AppData\Roaming\avidemux
2015-07-30 08:01 . 2015-07-30 08:04 -------- d-----w- c:\users\Liba\AppData\Roaming\Machete Lite
2015-07-27 15:40 . 2015-07-27 15:40 -------- d-----w- c:\program files (x86)\CCleaner
2015-07-26 17:07 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2015-07-26 17:07 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-26 17:07 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2015-07-26 17:07 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-26 17:07 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2015-07-26 17:07 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2015-07-26 17:07 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2015-07-26 17:07 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-07-26 17:07 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2015-07-26 17:07 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-07-26 17:06 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-26 17:06 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-07-26 17:06 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-07-26 17:06 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-18 10:13 . 2015-07-22 13:51 1048344 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-08-18 10:12 . 2015-07-22 13:51 150672 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-08-18 10:12 . 2015-07-22 13:51 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-18 10:12 . 2015-07-22 13:51 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-18 10:12 . 2015-07-22 13:51 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-18 10:12 . 2015-07-22 13:51 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-18 10:12 . 2015-07-22 13:51 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-18 10:12 . 2015-07-22 13:51 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-08-18 10:12 . 2015-07-22 13:51 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-08-12 17:17 . 2012-11-03 18:58 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 17:17 . 2012-11-03 18:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-21 14:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-07-21 14:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-07-20 19:39 . 2015-07-20 19:39 52320 ----a-w- c:\windows\system32\drivers\56848928.sys
2015-07-03 06:43 . 2011-10-22 10:51 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-06-23 11:30 . 2011-12-14 16:03 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-22 13:19 . 2015-06-22 13:19 404624 ----a-w- c:\windows\cadkasdeinst01e_64.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-07-30 09:32 223432 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-07-30 09:32 223432 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-07-30 09:32 223432 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-18 6109776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 yxdkklix;yxdkklix;c:\windows\system32\drivers\yxdkklix.sys;c:\windows\SYSNATIVE\drivers\yxdkklix.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz134;cpuz134;c:\users\Liba\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Liba\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-23 10:57 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 17:17]
.
2015-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 17:48]
.
2015-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 17:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-07-30 09:32 262344 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-07-30 09:32 262344 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-07-30 09:32 262344 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-18 10:12 778056 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.192.60.6 213.192.60.5 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-10633755.sys
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe
AddRemove-Wandoujia2 - c:\program files (x86)\WandouLabs\Uninst.exe
AddRemove-{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe
AddRemove-{0CE226F3-EB27-4ECD-BBF5-F088716779FD} - c:\program files (x86)\InstallShield Installation Information\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}\setup.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe
AddRemove-{8991E763-21F5-4DEA-A938-5D9D77DCB488} - c:\program files (x86)\InstallShield Installation Information\{8991E763-21F5-4DEA-A938-5D9D77DCB488}\setup.exe
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe
AddRemove-{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332} - c:\program files (x86)\InstallShield Installation Information\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0332}\setup.exe
AddRemove-{DFB19121-0609-49C1-92B1-546E5A940FE8} - c:\program files (x86)\InstallShield Installation Information\{DFB19121-0609-49C1-92B1-546E5A940FE8}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001_Classes\Wow6432Node\CLSID\{480dc0dd-3419-48ee-b63d-049bb1d65ad9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b8
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,63,5c,b2,5e,2a,c6,21,1c,b0,60,ad,fc,e8,66,7e,71,7b,c8,57,bd,ac,5a,\
.
[HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):cd,85,01,e1,c2,f6,f9,99,2a,77,89,3f,e0,91,ef,d3,a2,77,10,00,b8,
d5,f4,b4,7e,01,31,bc,9d,c6,2a,b2,7b,4f,0d,7f,32,5f,98,93,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-24 14:37:04
ComboFix-quarantined-files.txt 2015-08-24 12:37
.
Před spuštěním: Volných bajtů: 241 300 013 056
Po spuštění: Volných bajtů: 241 165 045 760
.
- - End Of File - - BB1C4D4ACFCADA73061986A296C77837
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 24 srp 2015 15:08

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
Collect::
c:\windows\system32\drivers\yxdkklix.sys

File::
c:\windows\prleth.sys
c:\windows\hgfs.sys
c:\windows\system32\drivers\56848928.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\users\Liba\AppData\Roaming\AVG
c:\program files (x86)\AVG
c:\programdata\AVG
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
yxdkklix
SkypeUpdate
cpuz134

RegLock::
[HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001_Classes\Wow6432Node\CLSID\{480dc0dd-3419-48ee-b63d-049bb1d65ad9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b8
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
 38,95,44,63,5c,b2,5e,2a,c6,21,1c,b0,60,ad,fc,e8,66,7e,71,7b,c8,57,bd,ac,5a,\
.
[HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):cd,85,01,e1,c2,f6,f9,99,2a,77,89,3f,e0,91,ef,d3,a2,77,10,00,b8,
 d5,f4,b4,7e,01,31,bc,9d,c6,2a,b2,7b,4f,0d,7f,32,5f,98,93,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\kbkhww.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
lara
nováček
Příspěvky: 18
Registrován: květen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod lara » 25 srp 2015 14:21

ComboFix 15-08-24.01 - Liba 24.08.2015 14:21:32.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2935.1198 [GMT 2:00]
Spuštěný z: c:\users\Liba\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\s.bat
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-24 do 2015-08-24 )))))))))))))))))))))))))))))))
.
.
2015-08-24 12:32 . 2015-08-24 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-24 12:04 . 2015-08-24 11:09 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-24 12:04 . 2015-08-24 12:32 -------- d-----w- c:\users\Liba\AppData\Local\Temp
2015-08-21 09:15 . 2015-08-21 09:15 -------- d-----w- c:\users\Liba\AppData\Local\fontconfig
2015-08-21 09:13 . 2015-08-21 09:13 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\offreg.2688.dll
2015-08-21 09:11 . 2015-08-21 09:11 -------- d-----w- c:\users\Liba\AppData\Roaming\inkscape
2015-08-18 10:12 . 2015-08-18 10:12 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-08-18 10:12 . 2015-08-18 10:12 43112 ----a-w- c:\windows\avastSS.scr
2015-08-18 10:12 . 2015-08-18 10:12 454016 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-08-17 09:30 . 2015-08-24 10:27 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-17 09:29 . 2015-08-17 09:32 -------- d-----w- c:\programdata\RogueKiller
2015-08-17 09:18 . 2015-08-17 09:18 79064 ----a-w- c:\windows\system32\drivers\kbkhww.sys
2015-08-13 16:31 . 2015-08-13 16:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\offreg.4668.dll
2015-08-13 16:22 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\mpengine.dll
2015-08-09 13:10 . 2015-08-09 13:10 -------- d-----w- c:\users\Liba\AppData\Local\ACD Systems
2015-08-04 10:08 . 2015-08-17 08:34 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-04 10:08 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-04 10:08 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-04 10:08 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-04 10:08 . 2015-08-04 10:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-04 08:16 . 2015-08-24 08:12 -------- d-----w- c:\users\Liba\AppData\Local\CrashDumps
2015-08-04 07:55 . 2015-08-04 07:55 -------- d-----w- c:\users\Liba\AppData\Local\Adobe
2015-08-04 06:51 . 2015-08-04 06:51 -------- d-----w- c:\users\Liba\AppData\Local\Broadcom
2015-07-30 09:41 . 2015-07-30 09:41 -------- d-----w- c:\windows\cs
2015-07-30 09:41 . 2015-07-30 09:41 -------- d-----w- c:\windows\en
2015-07-30 09:41 . 2015-07-30 09:41 -------- d-----w- c:\windows\sk
2015-07-30 09:38 . 2015-07-30 09:38 -------- d-----w- c:\program files\Windows Live
2015-07-30 09:38 . 2015-07-30 09:40 -------- d-----w- c:\program files (x86)\Windows Live
2015-07-30 09:38 . 2015-07-30 09:38 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-07-30 09:32 . 2015-07-30 09:32 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2015-07-30 09:32 . 2015-07-30 09:32 -------- d-----r- c:\users\Liba\OneDrive
2015-07-30 09:32 . 2015-07-30 09:32 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-07-30 08:51 . 2015-07-30 08:51 -------- d-----w- c:\users\Liba\AppData\Roaming\AVG
2015-07-30 08:51 . 2015-07-30 08:51 -------- d-----w- c:\program files (x86)\AVG
2015-07-30 08:50 . 2015-07-30 08:50 -------- d--h--w- c:\programdata\Common Files
2015-07-30 08:50 . 2015-07-30 08:52 -------- d-----w- c:\programdata\AVG
2015-07-30 08:46 . 2015-07-30 08:46 0 ----a-w- c:\windows\prleth.sys
2015-07-30 08:46 . 2015-07-30 08:46 0 ----a-w- c:\windows\hgfs.sys
2015-07-30 08:43 . 2015-07-30 08:43 -------- d-----w- c:\users\Liba\AppData\Local\Windows Live
2015-07-30 08:43 . 2015-07-30 08:43 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2015-07-30 08:12 . 2015-07-30 08:45 -------- d-----w- c:\users\Liba\AppData\Roaming\avidemux
2015-07-30 08:01 . 2015-07-30 08:04 -------- d-----w- c:\users\Liba\AppData\Roaming\Machete Lite
2015-07-27 15:40 . 2015-07-27 15:40 -------- d-----w- c:\program files (x86)\CCleaner
2015-07-26 17:07 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2015-07-26 17:07 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-26 17:07 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2015-07-26 17:07 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-26 17:07 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2015-07-26 17:07 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2015-07-26 17:07 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2015-07-26 17:07 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-07-26 17:07 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2015-07-26 17:07 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-07-26 17:06 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-26 17:06 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-07-26 17:06 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-07-26 17:06 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-18 10:13 . 2015-07-22 13:51 1048344 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-08-18 10:12 . 2015-07-22 13:51 150672 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-08-18 10:12 . 2015-07-22 13:51 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-18 10:12 . 2015-07-22 13:51 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-18 10:12 . 2015-07-22 13:51 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-18 10:12 . 2015-07-22 13:51 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-18 10:12 . 2015-07-22 13:51 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-18 10:12 . 2015-07-22 13:51 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-08-18 10:12 . 2015-07-22 13:51 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-08-12 17:17 . 2012-11-03 18:58 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 17:17 . 2012-11-03 18:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-21 14:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-07-21 14:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-07-20 19:39 . 2015-07-20 19:39 52320 ----a-w- c:\windows\system32\drivers\56848928.sys
2015-07-03 06:43 . 2011-10-22 10:51 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-06-23 11:30 . 2011-12-14 16:03 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-22 13:19 . 2015-06-22 13:19 404624 ----a-w- c:\windows\cadkasdeinst01e_64.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-07-30 09:32 223432 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-07-30 09:32 223432 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-07-30 09:32 223432 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-18 6109776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 yxdkklix;yxdkklix;c:\windows\system32\drivers\yxdkklix.sys;c:\windows\SYSNATIVE\drivers\yxdkklix.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz134;cpuz134;c:\users\Liba\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Liba\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-23 10:57 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 17:17]
.
2015-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 17:48]
.
2015-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 17:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-07-30 09:32 262344 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-07-30 09:32 262344 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-07-30 09:32 262344 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-18 10:12 778056 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.192.60.6 213.192.60.5 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-10633755.sys
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe
AddRemove-Wandoujia2 - c:\program files (x86)\WandouLabs\Uninst.exe
AddRemove-{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe
AddRemove-{0CE226F3-EB27-4ECD-BBF5-F088716779FD} - c:\program files (x86)\InstallShield Installation Information\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}\setup.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe
AddRemove-{8991E763-21F5-4DEA-A938-5D9D77DCB488} - c:\program files (x86)\InstallShield Installation Information\{8991E763-21F5-4DEA-A938-5D9D77DCB488}\setup.exe
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe
AddRemove-{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332} - c:\program files (x86)\InstallShield Installation Information\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0332}\setup.exe
AddRemove-{DFB19121-0609-49C1-92B1-546E5A940FE8} - c:\program files (x86)\InstallShield Installation Information\{DFB19121-0609-49C1-92B1-546E5A940FE8}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001_Classes\Wow6432Node\CLSID\{480dc0dd-3419-48ee-b63d-049bb1d65ad9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b8
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,63,5c,b2,5e,2a,c6,21,1c,b0,60,ad,fc,e8,66,7e,71,7b,c8,57,bd,ac,5a,\
.
[HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):cd,85,01,e1,c2,f6,f9,99,2a,77,89,3f,e0,91,ef,d3,a2,77,10,00,b8,
d5,f4,b4,7e,01,31,bc,9d,c6,2a,b2,7b,4f,0d,7f,32,5f,98,93,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-24 14:37:04
ComboFix-quarantined-files.txt 2015-08-24 12:37
.
Před spuštěním: Volných bajtů: 241 300 013 056
Po spuštění: Volných bajtů: 241 165 045 760
.
- - End Of File - - BB1C4D4ACFCADA73061986A296C77837
Nahoru
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Orcus » 25 srp 2015 15:45

Combofix se skriptem ještě jednou, ale v nouzovém režimu, protože skript se neprovedl. A taky vypni ten Avast, který jsi nevypnula ani prvně.

"AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}"
Láska hřeje, ale uhlí je uhlí. :fire:


Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.
Nahoru
lara
nováček
Příspěvky: 18
Registrován: květen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod lara » 25 srp 2015 17:08

ComboFix 15-08-24.01 - Liba 25.08.2015 16:49:07.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2935.1686 [GMT 2:00]
Spuštěný z: c:\users\Liba\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Liba\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\hgfs.sys"
"c:\windows\prleth.sys"
"c:\windows\system32\drivers\56848928.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.28.1\goopdate.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.28.1\psmachine.dll
c:\program files (x86)\Google\Update\1.3.28.1\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.28.1\psuser.dll
c:\program files (x86)\Google\Update\1.3.28.1\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.1\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.157\44.0.2403.157_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.5.1557\GoogleEarth-Win-Bundle-7.1.5.1557.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{0635ACFE-7FA6-45DC-B1B9-95831C244FED}\44.0.2403.107_chrome_installer.exe
c:\program files (x86)\Google\Update\Install\{06546712-7ADC-4CCD-8405-0BC9F33BCD35}\44.0.2403.157_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{08ED1E07-B31E-4FC9-85AC-94FF847C4630}\GoogleEarth-Win-Bundle-7.1.5.1557.exe
c:\program files (x86)\Google\Update\Install\{2245D288-2AC2-45DF-89A3-50C8F6D81953}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{29E130E9-1166-44F7-B33F-411A527EC2DC}\44.0.2403.130_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{5B206641-8806-4C69-ADC6-F0234C109462}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{7F395181-D23D-4A5A-96D4-C9507B6ACE26}\44.0.2403.155_44.0.2403.130_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{908298B3-0897-4F28-956D-6D7503400E3F}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{EC04B372-0758-4A80-8320-E9325F7FB647}\GoogleUpdateSetup.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\AVG
c:\programdata\AVG\AWL\AvgRep.xml
c:\programdata\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\programdata\AVG\AWL\TUProgMan.10.tudb
c:\programdata\AVG\AWL\TUProgManagerCache.10.tudb
c:\programdata\AVG\AWL\TUTuningIndex.10.2.tudb
c:\programdata\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\programdata\AVG\AWL2015\TTUSvc.tt
c:\programdata\AVG\AWL2015\TUProgRating.10.tudb
c:\programdata\AVG\AWL2015\TUReportData.10.tudb
c:\users\Liba\AppData\Roaming\AVG
c:\users\Liba\AppData\Roaming\AVG\AWL2015\Backups\00000001.rcb
c:\users\Liba\AppData\Roaming\AVG\AWL2015\Dashboard\IntegratorStates_cs-CZ.xml
c:\windows\hgfs.sys
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\prleth.sys
c:\windows\system32\drivers\56848928.sys
c:\windows\SysWow64\AdobePDF.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ134
-------\Service_cpuz134
-------\Service_SkypeUpdate
-------\Service_yxdkklix
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-25 do 2015-08-25 )))))))))))))))))))))))))))))))
.
.
2015-08-25 14:56 . 2015-08-25 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-25 12:38 . 2015-08-18 10:12 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-08-24 12:04 . 2015-08-24 11:09 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-24 12:04 . 2015-08-25 14:56 -------- d-----w- c:\users\Liba\AppData\Local\Temp
2015-08-21 09:15 . 2015-08-21 09:15 -------- d-----w- c:\users\Liba\AppData\Local\fontconfig
2015-08-21 09:11 . 2015-08-21 09:11 -------- d-----w- c:\users\Liba\AppData\Roaming\inkscape
2015-08-18 10:12 . 2015-08-18 10:12 43112 ----a-w- c:\windows\avastSS.scr
2015-08-17 09:30 . 2015-08-24 10:27 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-17 09:29 . 2015-08-17 09:32 -------- d-----w- c:\programdata\RogueKiller
2015-08-17 09:18 . 2015-08-17 09:18 79064 ----a-w- c:\windows\system32\drivers\kbkhww.sys
2015-08-09 13:10 . 2015-08-09 13:10 -------- d-----w- c:\users\Liba\AppData\Local\ACD Systems
2015-08-04 10:08 . 2015-08-17 08:34 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-04 10:08 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-04 10:08 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-04 10:08 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-04 10:08 . 2015-08-04 10:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-04 08:16 . 2015-08-25 13:48 -------- d-----w- c:\users\Liba\AppData\Local\CrashDumps
2015-08-04 07:55 . 2015-08-04 07:55 -------- d-----w- c:\users\Liba\AppData\Local\Adobe
2015-08-04 06:51 . 2015-08-04 06:51 -------- d-----w- c:\users\Liba\AppData\Local\Broadcom
2015-07-30 09:41 . 2015-07-30 09:41 -------- d-----w- c:\windows\cs
2015-07-30 09:41 . 2015-07-30 09:41 -------- d-----w- c:\windows\en
2015-07-30 09:41 . 2015-07-30 09:41 -------- d-----w- c:\windows\sk
2015-07-30 09:38 . 2015-07-30 09:38 -------- d-----w- c:\program files\Windows Live
2015-07-30 09:38 . 2015-07-30 09:40 -------- d-----w- c:\program files (x86)\Windows Live
2015-07-30 09:38 . 2015-07-30 09:38 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-07-30 09:32 . 2015-07-30 09:32 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2015-07-30 09:32 . 2015-07-30 09:32 -------- d-----r- c:\users\Liba\OneDrive
2015-07-30 09:32 . 2015-07-30 09:32 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-07-30 08:50 . 2015-07-30 08:50 -------- d--h--w- c:\programdata\Common Files
2015-07-30 08:43 . 2015-07-30 08:43 -------- d-----w- c:\users\Liba\AppData\Local\Windows Live
2015-07-30 08:43 . 2015-07-30 08:43 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2015-07-30 08:12 . 2015-07-30 08:45 -------- d-----w- c:\users\Liba\AppData\Roaming\avidemux
2015-07-30 08:01 . 2015-07-30 08:04 -------- d-----w- c:\users\Liba\AppData\Roaming\Machete Lite
2015-07-27 15:40 . 2015-07-27 15:40 -------- d-----w- c:\program files (x86)\CCleaner
2015-07-26 17:07 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2015-07-26 17:07 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-26 17:07 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2015-07-26 17:07 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-26 17:07 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2015-07-26 17:07 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2015-07-26 17:07 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2015-07-26 17:07 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-07-26 17:07 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2015-07-26 17:07 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-07-26 17:06 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-26 17:06 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-07-26 17:06 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-07-26 17:06 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-25 13:00 . 2015-08-25 13:00 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\offreg.3044.dll
2015-08-21 09:13 . 2015-08-21 09:13 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\offreg.2688.dll
2015-08-18 10:13 . 2015-07-22 13:51 1048344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-18 10:12 . 2015-07-22 13:51 150672 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-08-18 10:12 . 2015-07-22 13:51 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-18 10:12 . 2015-07-22 13:51 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-18 10:12 . 2015-07-22 13:51 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-18 10:12 . 2015-07-22 13:51 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-18 10:12 . 2015-07-22 13:51 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-18 10:12 . 2015-07-22 13:51 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-08-13 16:31 . 2015-08-13 16:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\offreg.4668.dll
2015-08-12 17:17 . 2012-11-03 18:58 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 17:17 . 2012-11-03 18:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-21 14:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-07-21 14:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-07-15 01:12 . 2015-08-13 16:22 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14359992-3011-4771-8AF6-0780E5B321E3}\mpengine.dll
2015-07-03 06:43 . 2011-10-22 10:51 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-06-23 11:30 . 2011-12-14 16:03 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-22 13:19 . 2015-06-22 13:19 404624 ----a-w- c:\windows\cadkasdeinst01e_64.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-07-30 09:32 223432 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-07-30 09:32 223432 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-07-30 09:32 223432 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-18 6109776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-23 10:57 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 17:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-07-30 09:32 262344 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-07-30 09:32 262344 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-07-30 09:32 262344 ----a-w- c:\users\Liba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-18 10:12 778056 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.192.60.6 213.192.60.5 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe
AddRemove-Wandoujia2 - c:\program files (x86)\WandouLabs\Uninst.exe
AddRemove-{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe
AddRemove-{0CE226F3-EB27-4ECD-BBF5-F088716779FD} - c:\program files (x86)\InstallShield Installation Information\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}\setup.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe
AddRemove-{8991E763-21F5-4DEA-A938-5D9D77DCB488} - c:\program files (x86)\InstallShield Installation Information\{8991E763-21F5-4DEA-A938-5D9D77DCB488}\setup.exe
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe
AddRemove-{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332} - c:\program files (x86)\InstallShield Installation Information\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0332}\setup.exe
AddRemove-{DFB19121-0609-49C1-92B1-546E5A940FE8} - c:\program files (x86)\InstallShield Installation Information\{DFB19121-0609-49C1-92B1-546E5A940FE8}\setup.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-08-25 17:04:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-25 15:04
ComboFix2.txt 2015-08-24 12:37
.
Před spuštěním: Volných bajtů: 241 631 789 056
Po spuštění: Volných bajtů: 241 403 039 744
.
- - End Of File - - 5DFD5AF354C709D1A665E861DD43E258
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 25 srp 2015 17:23

c:\windows\system32\drivers\kbkhww.sys ten soubor na VT je kde?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
lara
nováček
Příspěvky: 18
Registrován: květen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod lara » 25 srp 2015 17:43

no to nevím. Nerozumím tomu vůbec
Nahoru
Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jerabina » 25 srp 2015 18:31

V jakém kroku jste se zasekla?

Postupujte prosím následovně:
1) Otevřete si složku c:\windows\system32\drivers\
2) Najděte soubor kbkhww.sys a zkopírujte ho na plochu
2) Otevřete si stránku http://www.virustotal.com
3) Klikněte na tlačítko Choose File
4) V postranním panelu klikněte na tlačítko Plocha, najdete a kliknete na soubor kbkhww.sys a kliknete na Otevřít
5) Klikněte na tlačítko Scan it!
6) Proběhne nahrání souboru, vydržte prosím. Pokud se vám ukáže, že soubor byl již analyzován (File already analysed), klikněte na Reanalyse
7) Následně se soubor zanalyzuje. Po dokončení analýzy zkopírujte URL odkaz na danou stránku a odkaz nám sem vložte.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Nahoru
lara
nováček
Příspěvky: 18
Registrován: květen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod lara » 26 srp 2015 09:16

https://www.virustotal.com/cs/file/1ab9 ... 440573328/
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 26 srp 2015 15:34

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
lara
nováček
Příspěvky: 18
Registrován: květen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod lara » 26 srp 2015 19:31

Nenašla jsem odinstal. ComboFix

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:30:12, on 26.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Liba\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9239 bytes
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů