Logfile of HijackThis v1.99.1
Scan saved at 10:11:07, on 11.9.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Running processes:
C:\Program Files\Hide Folders 2012\hf.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Mirajs\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\Resources\csy.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\Resources\csy.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.1 ... rol_32.CAB
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 9224101338
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service (file missing)
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Bluetooth Device Manager - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Low Energy Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\LEsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: FSPro Filter Service 2 (fsproflt2) - FSPro Labs - C:\Windows\SysWOW64\fsproflt2.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
Prosím o kontrolu logu (preventivní) Vyřešeno
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu (preventivní)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu (preventivní)
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 11.9.2014
Čas skenování: 11:24:36
Protokol: malwarebytes.txt
Správce: Ano
Verze: 2.00.2.1012
Databáze malwaru: v2014.09.11.01
Databáze rootkitů: v2014.09.10.02
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Self-protection: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Mirajs
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 309112
Uplynulý čas: 13 min, 41 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(No malicious items detected)
Moduly: 0
(No malicious items detected)
Klíče registru: 0
(No malicious items detected)
Hodnoty registru: 0
(No malicious items detected)
Data registru: 0
(No malicious items detected)
Složky: 0
(No malicious items detected)
Soubory: 1
RiskWare.Tool.CK, C:\Program Files (x86)\Internet Download Manager\(IDM) Keygen + Patch Update 1 -UnREaL.exe, , [f9648a624a317eb8f4e80afcbd48f808],
Fyzické sektory: 0
(No malicious items detected)
(end)
# AdwCleaner v3.309 - Report created 11/09/2014 at 11:44:57
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Mirajs - MIRAJS-PC
# Running from : C:\Users\Mirajs\Desktop\adwcleaner_3.309.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
*************************
AdwCleaner[R0].txt - [540 octets] - [11/09/2014 11:44:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [599 octets] ##########
www.malwarebytes.org
Datum skenování: 11.9.2014
Čas skenování: 11:24:36
Protokol: malwarebytes.txt
Správce: Ano
Verze: 2.00.2.1012
Databáze malwaru: v2014.09.11.01
Databáze rootkitů: v2014.09.10.02
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Self-protection: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Mirajs
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 309112
Uplynulý čas: 13 min, 41 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(No malicious items detected)
Moduly: 0
(No malicious items detected)
Klíče registru: 0
(No malicious items detected)
Hodnoty registru: 0
(No malicious items detected)
Data registru: 0
(No malicious items detected)
Složky: 0
(No malicious items detected)
Soubory: 1
RiskWare.Tool.CK, C:\Program Files (x86)\Internet Download Manager\(IDM) Keygen + Patch Update 1 -UnREaL.exe, , [f9648a624a317eb8f4e80afcbd48f808],
Fyzické sektory: 0
(No malicious items detected)
(end)
# AdwCleaner v3.309 - Report created 11/09/2014 at 11:44:57
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Mirajs - MIRAJS-PC
# Running from : C:\Users\Mirajs\Desktop\adwcleaner_3.309.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
*************************
AdwCleaner[R0].txt - [540 octets] - [11/09/2014 11:44:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [599 octets] ##########
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu (preventivní)
Zatím to vypadá OK
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu (preventivní)
RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Mirajs [Práva správce]
Mód : Kontrola -- Datum : 09/11/2014 12:34:43
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 26 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_494A\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_494A\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_494A\ControlSet001\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_494A\ControlSet002\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NALEZENO
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7AC1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7AC1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7AC1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7AC1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.HomePage] (X64) HKEY_USERS\RK_Mirajs_ON_D_520F\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NALEZENO
[PUM.HomePage] (X86) HKEY_USERS\RK_Mirajs_ON_D_520F\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NALEZENO
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NALEZENO
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NALEZENO
¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> NALEZENO
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 23 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x248c2c0
[EAT:Addr] (explorer.exe) csy.dll - AddProxW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11538e50
[EAT:Addr] (explorer.exe) csy.dll - DllCanUnloadNow : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc200
[EAT:Addr] (explorer.exe) csy.dll - DllGetClassObject : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc250
[EAT:Addr] (explorer.exe) csy.dll - DllMain : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc230
[EAT:Addr] (explorer.exe) csy.dll - DllRegisterServer : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc270
[EAT:Addr] (explorer.exe) csy.dll - DllUnregisterServer : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc360
[EAT:Addr] (explorer.exe) csy.dll - HideComputerBluetoothIconW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11539450
[EAT:Addr] (explorer.exe) csy.dll - OpenMyBluetoothW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11537dc0
[EAT:Addr] (explorer.exe) csy.dll - SendToW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11538ef0
[EAT:Addr] (explorer.exe) csy.dll - ShowComputerBluetoothIconW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11538f90
[EAT:Addr] (explorer.exe) csy.dll - StopTrayAppW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11537e60
[EAT:Addr] (explorer.exe) csy.dll - TrayAppW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x115382e0
[EAT:Addr] (explorer.exe) csy.dll - VdpPlayW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11537f50
[EAT:Addr] (explorer.exe) csy.dll - VdpSinkConnectW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11539c30
[EAT:Addr] (explorer.exe) csy.dll - VdpSinkDisconnectW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x115380d0
[EAT:Addr] (explorer.exe) csy.dll - VdpStreamW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11537ea0
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2eb9e4f7100988c56cd20802fceafc64
[BSP] 7f61ba03981a08fe027a3a9b58907aa1 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102629 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210186240 | Size: 202614 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD5003ABYX-01WERA2 ATA Device +++++
--- User ---
[MBR] 7da8aa0deaddad36b7e3df19b9951ca9
[BSP] 7ca185f13bb5762363b519487baf2969 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Mirajs on źt 11.09.2014 at 12:38:03,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{50266B1D-7AD2-49F4-BC3C-09FA27C78237}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 11.09.2014 at 12:46:12,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Mirajs [Práva správce]
Mód : Kontrola -- Datum : 09/11/2014 12:34:43
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 26 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_494A\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_494A\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_494A\ControlSet001\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_494A\ControlSet002\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NALEZENO
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7AC1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7AC1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7AC1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7AC1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.HomePage] (X64) HKEY_USERS\RK_Mirajs_ON_D_520F\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NALEZENO
[PUM.HomePage] (X86) HKEY_USERS\RK_Mirajs_ON_D_520F\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NALEZENO
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NALEZENO
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NALEZENO
¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> NALEZENO
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 23 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x248c2c0
[EAT:Addr] (explorer.exe) csy.dll - AddProxW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11538e50
[EAT:Addr] (explorer.exe) csy.dll - DllCanUnloadNow : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc200
[EAT:Addr] (explorer.exe) csy.dll - DllGetClassObject : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc250
[EAT:Addr] (explorer.exe) csy.dll - DllMain : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc230
[EAT:Addr] (explorer.exe) csy.dll - DllRegisterServer : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc270
[EAT:Addr] (explorer.exe) csy.dll - DllUnregisterServer : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x114dc360
[EAT:Addr] (explorer.exe) csy.dll - HideComputerBluetoothIconW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11539450
[EAT:Addr] (explorer.exe) csy.dll - OpenMyBluetoothW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11537dc0
[EAT:Addr] (explorer.exe) csy.dll - SendToW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11538ef0
[EAT:Addr] (explorer.exe) csy.dll - ShowComputerBluetoothIconW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11538f90
[EAT:Addr] (explorer.exe) csy.dll - StopTrayAppW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11537e60
[EAT:Addr] (explorer.exe) csy.dll - TrayAppW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x115382e0
[EAT:Addr] (explorer.exe) csy.dll - VdpPlayW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11537f50
[EAT:Addr] (explorer.exe) csy.dll - VdpSinkConnectW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11539c30
[EAT:Addr] (explorer.exe) csy.dll - VdpSinkDisconnectW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x115380d0
[EAT:Addr] (explorer.exe) csy.dll - VdpStreamW : C:\Program Files\Motorola\Bluetooth\btmshell.dll @ 0x11537ea0
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2eb9e4f7100988c56cd20802fceafc64
[BSP] 7f61ba03981a08fe027a3a9b58907aa1 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102629 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210186240 | Size: 202614 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD5003ABYX-01WERA2 ATA Device +++++
--- User ---
[MBR] 7da8aa0deaddad36b7e3df19b9951ca9
[BSP] 7ca185f13bb5762363b519487baf2969 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Mirajs on źt 11.09.2014 at 12:38:03,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{50266B1D-7AD2-49F4-BC3C-09FA27C78237}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 11.09.2014 at 12:46:12,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu (preventivní)
Ten internet download manager odinstaluj. To jsem přehlídl. Je to k ničemu, když to crackneš...
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu (preventivní)
RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Mirajs [Práva správce]
Mód : Odebrat -- Datum : 09/11/2014 14:05:27
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 30 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_D713\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_D713\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_D713\ControlSet001\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_D713\ControlSet002\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NEVYBRÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NEVYBRÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NEVYBRÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NEVYBRÁNO
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NEVYBRÁNO
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_B942\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_B942\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_B942\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_B942\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.HomePage] (X64) HKEY_USERS\RK_Mirajs_ON_D_DC04\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NEVYBRÁNO
[PUM.HomePage] (X86) HKEY_USERS\RK_Mirajs_ON_D_DC04\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NEVYBRÁNO
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NEVYBRÁNO
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NEVYBRÁNO
¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> VYMAZÁNO
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 9 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x248b2c0
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom1 (\SystemRoot\system32\drivers\ndis.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\drivers\ndis.sys)
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2eb9e4f7100988c56cd20802fceafc64
[BSP] 7f61ba03981a08fe027a3a9b58907aa1 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102629 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210186240 | Size: 202614 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD5003ABYX-01WERA2 ATA Device +++++
--- User ---
[MBR] 7da8aa0deaddad36b7e3df19b9951ca9
[BSP] 7ca185f13bb5762363b519487baf2969 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_09112014_123443.log - RKreport_SCN_09112014_140315.log
Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Mirajs on źt 11.09.2014 at 14:07:25,24.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mirajs\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11.9.2014 14:08:24 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F385C231-605B-4D8F-ACA9-DBFF765BBE17} deleted successfully
HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F385C231-605B-4D8F-ACA9-DBFF765BBE17} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F385C231-605B-4D8F-ACA9-DBFF765BBE17} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F385C231-605B-4D8F-ACA9-DBFF765BBE17} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\EPSON deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Mirajs\AppData\Roaming\Godlike\wtpro" deleted
"C:\Users\Mirajs\AppData\Roaming\DMCache" deleted
"C:\Users\Mirajs\AppData\Roaming\Godlike" deleted
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{50266B1D-7AD2-49F4-BC3C-09FA27C78237}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50266B1D-7AD2-49F4-BC3C-09FA27C78237}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{5C95AE98-3B05-4496-B09D-76EE3B57EEB8} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_5"
{657DA85E-8F89-4392-BAF4-67AFFF61F290} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_5"
{C1B82589-8E39-4923-90BC-A56B6B6F76D3} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_5"
{CE3620A1-CD23-479E-A39D-32593A371223} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
{ECAA9FFF-BCF4-42B9-931A-033A3C6DC2BE} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_5"
{F48BE30F-A91B-4442-AA2F-E27EFDC22F66} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_5"
{FC1BF29F-C866-4DA1-ABD6-CA7B53CCCFE8} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_5"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=6 folders=5 199637 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Mirajs\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Mirajs\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on źt 11.09.2014 at 14:25:43,75 ======================
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Mirajs [Práva správce]
Mód : Odebrat -- Datum : 09/11/2014 14:05:27
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 30 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_D713\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_D713\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_D713\ControlSet001\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_D713\ControlSet002\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NEVYBRÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NEVYBRÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NEVYBRÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NEVYBRÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NEVYBRÁNO
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NEVYBRÁNO
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_B942\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_B942\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_B942\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_B942\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.HomePage] (X64) HKEY_USERS\RK_Mirajs_ON_D_DC04\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NEVYBRÁNO
[PUM.HomePage] (X86) HKEY_USERS\RK_Mirajs_ON_D_DC04\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NEVYBRÁNO
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NEVYBRÁNO
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NEVYBRÁNO
¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> VYMAZÁNO
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 9 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x248b2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x248b2c0
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom1 (\SystemRoot\system32\drivers\ndis.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\drivers\ndis.sys)
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2eb9e4f7100988c56cd20802fceafc64
[BSP] 7f61ba03981a08fe027a3a9b58907aa1 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102629 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210186240 | Size: 202614 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD5003ABYX-01WERA2 ATA Device +++++
--- User ---
[MBR] 7da8aa0deaddad36b7e3df19b9951ca9
[BSP] 7ca185f13bb5762363b519487baf2969 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_09112014_123443.log - RKreport_SCN_09112014_140315.log
Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Mirajs on źt 11.09.2014 at 14:07:25,24.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mirajs\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11.9.2014 14:08:24 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F385C231-605B-4D8F-ACA9-DBFF765BBE17} deleted successfully
HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F385C231-605B-4D8F-ACA9-DBFF765BBE17} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F385C231-605B-4D8F-ACA9-DBFF765BBE17} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F385C231-605B-4D8F-ACA9-DBFF765BBE17} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\EPSON deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Mirajs\AppData\Roaming\Godlike\wtpro" deleted
"C:\Users\Mirajs\AppData\Roaming\DMCache" deleted
"C:\Users\Mirajs\AppData\Roaming\Godlike" deleted
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{50266B1D-7AD2-49F4-BC3C-09FA27C78237}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50266B1D-7AD2-49F4-BC3C-09FA27C78237}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{5C95AE98-3B05-4496-B09D-76EE3B57EEB8} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_5"
{657DA85E-8F89-4392-BAF4-67AFFF61F290} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_5"
{C1B82589-8E39-4923-90BC-A56B6B6F76D3} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_5"
{CE3620A1-CD23-479E-A39D-32593A371223} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
{ECAA9FFF-BCF4-42B9-931A-033A3C6DC2BE} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_5"
{F48BE30F-A91B-4442-AA2F-E27EFDC22F66} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_5"
{FC1BF29F-C866-4DA1-ABD6-CA7B53CCCFE8} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_5"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=6 folders=5 199637 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Mirajs\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Mirajs\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on źt 11.09.2014 at 14:25:43,75 ======================
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu (preventivní)
V Rogue jsi sice dal režim Odebrat, ale nic k odstranění jsi nevybral, takže znovu a vyber všechny nabízené položky...
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu (preventivní)
RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Mirajs [Práva správce]
Mód : Odebrat -- Datum : 09/11/2014 16:09:42
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 30 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B64B\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B64B\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B64B\ControlSet001\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B64B\ControlSet002\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NAHRAZENO (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NAHRAZENO (1)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_386A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_386A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_386A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_386A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.HomePage] (X64) HKEY_USERS\RK_Mirajs_ON_D_34BE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_Mirajs_ON_D_34BE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> VYMAZÁNO
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost -> VYMAZÁNO
¤¤¤ Antirootkit : 13 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x248c2c0
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom1 (\SystemRoot\System32\drivers\fwpkclnt.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\drivers\fwpkclnt.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys)
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2eb9e4f7100988c56cd20802fceafc64
[BSP] 7f61ba03981a08fe027a3a9b58907aa1 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102629 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210186240 | Size: 202614 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD5003ABYX-01WERA2 ATA Device +++++
--- User ---
[MBR] 7da8aa0deaddad36b7e3df19b9951ca9
[BSP] 7ca185f13bb5762363b519487baf2969 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_09112014_140526.log - RKreport_SCN_09112014_123443.log - RKreport_SCN_09112014_140315.log - RKreport_SCN_09112014_160653.log
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Mirajs [Práva správce]
Mód : Odebrat -- Datum : 09/11/2014 16:09:42
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 30 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B64B\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B64B\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B64B\ControlSet001\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B64B\ControlSet002\Services\Tcpip\Parameters\Interfaces\{34BEE1DF-BC56-4EF0-BA82-B12A802FD6CE} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D11C9C4-A30D-42EF-8689-DD34CFECEE42} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NAHRAZENO ()
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NAHRAZENO (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> NAHRAZENO (1)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_386A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_386A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_386A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_386A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.HomePage] (X64) HKEY_USERS\RK_Mirajs_ON_D_34BE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_Mirajs_ON_D_34BE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> VYMAZÁNO
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost -> VYMAZÁNO
¤¤¤ Antirootkit : 13 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x248c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x248c2c0
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom1 (\SystemRoot\System32\drivers\fwpkclnt.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\drivers\fwpkclnt.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys)
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2eb9e4f7100988c56cd20802fceafc64
[BSP] 7f61ba03981a08fe027a3a9b58907aa1 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102629 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210186240 | Size: 202614 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD5003ABYX-01WERA2 ATA Device +++++
--- User ---
[MBR] 7da8aa0deaddad36b7e3df19b9951ca9
[BSP] 7ca185f13bb5762363b519487baf2969 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_09112014_140526.log - RKreport_SCN_09112014_123443.log - RKreport_SCN_09112014_140315.log - RKreport_SCN_09112014_160653.log
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu (preventivní)
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu (preventivní)
ComboFix 14-09-11.01 - Mirajs 11.09.2014 17:36:54.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3071.1785 [GMT 2:00]
Spuštěný z: c:\users\Mirajs\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-11 do 2014-09-11 )))))))))))))))))))))))))))))))
.
.
2014-09-11 16:14 . 2014-09-11 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-11 12:21 . 2014-09-11 12:07 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-11 12:21 . 2014-09-11 16:14 -------- d-----w- c:\users\Mirajs\AppData\Local\Temp
2014-09-11 12:07 . 2014-09-11 12:18 -------- d-----w- C:\zoek_backup
2014-09-11 10:22 . 2014-09-11 10:22 -------- d-----w- c:\windows\ERUNT
2014-09-11 10:21 . 2014-09-11 13:57 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-11 10:21 . 2014-09-11 10:21 -------- d-----w- c:\programdata\RogueKiller
2014-09-11 09:20 . 2014-09-11 09:20 -------- d-----w- c:\programdata\Malwarebytes
2014-09-11 09:07 . 2014-09-11 09:07 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2014-09-11 09:07 . 2014-09-11 09:07 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2014-09-11 09:07 . 2014-09-11 09:07 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2014-09-11 09:07 . 2014-09-11 09:07 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2014-09-11 09:07 . 2014-09-11 09:07 -------- d-----w- c:\programdata\MicroWorld
2014-09-11 05:18 . 2014-09-11 05:27 -------- d-----w- c:\program files (x86)\Total PDF Converter
2014-09-11 05:08 . 2014-09-11 05:08 -------- d-----w- c:\users\Mirajs\AppData\Roaming\Softplicity
2014-09-10 04:27 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 04:27 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 04:26 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-09-10 04:26 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-09-10 04:26 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-09-10 04:26 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-09-10 04:26 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-09-10 04:26 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-09-10 04:26 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-09-10 04:26 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 04:26 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 04:25 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 04:25 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 04:25 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 04:25 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 04:25 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 04:25 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 04:25 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 04:25 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 04:25 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-09 16:01 . 2012-07-12 00:15 49512 ----a-w- c:\windows\SysWow64\fsproflt2.exe
2014-09-09 16:01 . 2011-06-03 21:59 57648 ----a-w- c:\windows\system32\drivers\FSPFltd2.sys
2014-09-09 16:01 . 2014-09-09 16:02 -------- d-----w- c:\program files\Hide Folders 2012
2014-09-03 13:58 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-09-03 13:30 . 2014-09-09 13:50 -------- d-----w- c:\program files (x86)\NewSoftware's
2014-09-03 13:21 . 2014-09-03 14:21 -------- d-----w- c:\program files (x86)\Folder Protect
2014-09-03 10:35 . 2014-09-03 15:06 225680 ----a-w- c:\windows\SysWow64\WinVDEdrv.sys
2014-09-03 09:13 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-09-03 09:13 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-09-03 09:13 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-09-03 09:06 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-09-03 09:06 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-09-03 09:06 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-09-03 09:06 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-09-03 09:06 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-09-03 09:06 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-09-03 09:06 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-09-03 09:06 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-09-03 09:06 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-09-03 09:06 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-09-03 09:05 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-09-03 09:05 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-09-03 09:05 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-09-03 09:05 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-23 01:02 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-23 01:02 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-23 01:02 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-23 01:02 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-23 01:02 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-23 01:02 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-23 01:02 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-23 01:02 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-22 15:01 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-22 15:01 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-22 15:01 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-22 15:01 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-22 15:01 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-22 15:01 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-22 15:01 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-22 15:01 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-22 15:01 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-22 15:01 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-22 15:01 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-22 14:56 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-22 14:56 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 09:42 . 2012-05-03 10:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 09:42 . 2012-05-03 10:31 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 04:27 . 2012-05-03 10:18 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-04 07:40 . 2014-04-23 09:12 2786424 ----a-w- c:\windows\system32\auto_reactivate.exe
2014-08-10 16:51 . 2014-08-10 16:51 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-05 08:40 . 2012-07-17 12:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-25 13:50 . 2014-07-28 13:23 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2013-10-30 15:24 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-07-28 13:23 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2013-10-30 15:24 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-02 20:48 . 2013-10-30 15:07 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2013-10-30 15:07 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2012-05-11 08:28 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2012-02-09 20:43 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 18:55 . 2012-05-11 08:30 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2012-05-11 08:30 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2012-05-11 08:30 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2012-05-11 08:30 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2012-05-11 08:30 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2012-05-11 08:30 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 10:14 . 2014-05-28 16:16 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-16 13:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-16 13:18 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-02-20 6161176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2537096]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys;c:\windows\SYSNATIVE\DRIVERS\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd2.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 Bluetooth Low Energy Service;Bluetooth Low Energy Service;c:\program files\Motorola\Bluetooth\LEsrv.exe;c:\program files\Motorola\Bluetooth\LEsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\SysWOW64\fsproflt2.exe;c:\windows\SysWOW64\fsproflt2.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 09:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-17 391144]
"EPSON Stylus DX3800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE" [2005-02-08 98304]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"EPSON Stylus DX3800 Series (kopie 2)"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE" [2005-02-08 98304]
.
------- Doplňkový sken -------
.
uStart Page = https://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Block This Image (ABP) - c:\program files (x86)\Adblock Pro\blockimg.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1 ... rol_32.CAB
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile=c:\windows\SysWow64\WScript.exe "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WinFPdrv.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):49,39,f4,9a,b7,de,0d,a9,f7,22,72,90,1c,e5,fc,20,b8,e4,24,c8,e0,
fe,9f,29,45,1f,a2,60,19,a9,82,39,cf,c8,d2,cd,e5,9b,f3,13,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001_Classes\Wow6432Node\CLSID\{d712007d-5f5d-48c4-bb4f-671eea06ba41}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012d
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="204A3524417AF1DF2D8F8AEFCD13497C61EB49FD60C49A6560E86F99E2735ECD2369745D5B011B1C943F1DDEF22ECC1B8E4C8A64580230B115332A25674445BA759CE629AB8ABF58220939A6A5D0296DE9B1F8806B23E895FEFD8A4795D917B24501D5D07AE316917F130CE1392006933CEDC6DF9A4987EC9D62681A39EE49766F98DB220000690986E7172DF569266E7B33788FDAB8DE5DAA5BED3E14DE648A09C8E8ECEAF517C4CB772EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452A9C6AECB7A5D1407A2D97226D213B5558A479335C93E3D0588275E9A39B0A6F8DFDF8A67E56A52A226668DC71E007F5FFE99E3E096E6159D3085E0F106993A21C7EA7EC2570FF31F511E50E8E37D5BA69F33FCD0C26B5B5721FA45A62B1E8B69C64B2180DE408788F823E85F28F1EA7B231092066C994F9AC26EF8104705DF9E15F538E9BA617B2E4814168DEA8267D1451AFD15726E91A403390F973B4B63E0F150AFDFEC8F2437EC053BE6EF046C76C4B3BC27FA9E2683D12A3DBC2BA222261EB595D53B94389D9AFD5FF3BD81FA8666B170F9EA12F89CA404DC11806D11B7DF769D52B0F3D4AD08FB31D01FB9F7F6725D5B5F7063D5A5727A6CB9694705B000D41E719AE2F60BEE6E7E2D239EA98C3373E73BFB62EE2CB9390D73D6F93903CD0813E00CCA822A0F39BCCD1E573EE3F8252488C012580EF9DD050AFC07CAF1983999665BC9C055A9B4028BA63E466A1717BED2B7AB0D02B8F93E61D523BD18B70AF55721B0DAAA862C0B529761B46365638DBC1D19690D7E94C7EE9D37F661050D0F1FBC05E19B6FDFB7221084E36440160BFAEF7B2F0C572751BDD6DDC18E5CC76F3DCF01C8EC34058C0F739C0FDA863052D57425042FD4A0326BC66A4CB4A136C4C5419165BA274230C1E85555039BA7A32D351D70F90AE0642AF45F2ABB39C864DEBA5875701EB3EF76DA0DBDF06764E5EF7A1FE34391BF84C0AEF54FE10D5FC3C52A2A9751F3EA3AFD79D4AF8B56C32124D69C2D390687D60A069A97B689D37D474112CE7208E924BB37F5F60D569702E31FB603D80A743E73D06D429F226F50C6F6CC823DBCA9E4284C68C483DC24595B6AC57FF641B9477EA6C3EFD54C7221BD064CFD71F796D8D0335CACD360229C4B94561E3C547D9E42E5A528E4018FF435EAB5F09E260F00D3AAB3A7B25D3EE38B3DA6C2A270D996E92FCF552F3EEC78CE69E1EE2BB46AFDE6368591AB539BEC82C9AA31FB455CA4B267B2C46705A5F7BB86DE6F5195EC9A511D1AAC1E454D182FE20A926A8807E26F37F22A975CCA68438D6F4E1E40D4C1F06AF29A3BBBDDEA22F2A074E6F1CF0F050DE89B9C4DDC5F420C07C8F4AF518334ECC1E48CC1C78E00AB"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-09-11 18:16:40
ComboFix-quarantined-files.txt 2014-09-11 16:16
.
Před spuštěním: Volných bajtů: 51 850 096 640
Po spuštění: Volných bajtů: 51 673 030 656
.
- - End Of File - - 0AF5B761AEFE79019CA1FDA3BB17E88E
4C6D7894E1A2D44EF190C37E57729EA6
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3071.1785 [GMT 2:00]
Spuštěný z: c:\users\Mirajs\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-11 do 2014-09-11 )))))))))))))))))))))))))))))))
.
.
2014-09-11 16:14 . 2014-09-11 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-11 12:21 . 2014-09-11 12:07 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-11 12:21 . 2014-09-11 16:14 -------- d-----w- c:\users\Mirajs\AppData\Local\Temp
2014-09-11 12:07 . 2014-09-11 12:18 -------- d-----w- C:\zoek_backup
2014-09-11 10:22 . 2014-09-11 10:22 -------- d-----w- c:\windows\ERUNT
2014-09-11 10:21 . 2014-09-11 13:57 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-11 10:21 . 2014-09-11 10:21 -------- d-----w- c:\programdata\RogueKiller
2014-09-11 09:20 . 2014-09-11 09:20 -------- d-----w- c:\programdata\Malwarebytes
2014-09-11 09:07 . 2014-09-11 09:07 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2014-09-11 09:07 . 2014-09-11 09:07 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2014-09-11 09:07 . 2014-09-11 09:07 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2014-09-11 09:07 . 2014-09-11 09:07 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2014-09-11 09:07 . 2014-09-11 09:07 -------- d-----w- c:\programdata\MicroWorld
2014-09-11 05:18 . 2014-09-11 05:27 -------- d-----w- c:\program files (x86)\Total PDF Converter
2014-09-11 05:08 . 2014-09-11 05:08 -------- d-----w- c:\users\Mirajs\AppData\Roaming\Softplicity
2014-09-10 04:27 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 04:27 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 04:26 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-09-10 04:26 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-09-10 04:26 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-09-10 04:26 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-09-10 04:26 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-09-10 04:26 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-09-10 04:26 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-09-10 04:26 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 04:26 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 04:25 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 04:25 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 04:25 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 04:25 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 04:25 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 04:25 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 04:25 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 04:25 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 04:25 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-09 16:01 . 2012-07-12 00:15 49512 ----a-w- c:\windows\SysWow64\fsproflt2.exe
2014-09-09 16:01 . 2011-06-03 21:59 57648 ----a-w- c:\windows\system32\drivers\FSPFltd2.sys
2014-09-09 16:01 . 2014-09-09 16:02 -------- d-----w- c:\program files\Hide Folders 2012
2014-09-03 13:58 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-09-03 13:30 . 2014-09-09 13:50 -------- d-----w- c:\program files (x86)\NewSoftware's
2014-09-03 13:21 . 2014-09-03 14:21 -------- d-----w- c:\program files (x86)\Folder Protect
2014-09-03 10:35 . 2014-09-03 15:06 225680 ----a-w- c:\windows\SysWow64\WinVDEdrv.sys
2014-09-03 09:13 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-09-03 09:13 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-09-03 09:13 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-09-03 09:06 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-09-03 09:06 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-09-03 09:06 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-09-03 09:06 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-09-03 09:06 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-09-03 09:06 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-09-03 09:06 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-09-03 09:06 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-09-03 09:06 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-09-03 09:06 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-09-03 09:05 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-09-03 09:05 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-09-03 09:05 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-09-03 09:05 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-23 01:02 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-23 01:02 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-23 01:02 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-23 01:02 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-23 01:02 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-23 01:02 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-23 01:02 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-23 01:02 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-22 15:01 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-22 15:01 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-22 15:01 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-22 15:01 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-22 15:01 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-22 15:01 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-22 15:01 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-22 15:01 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-22 15:01 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-22 15:01 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-22 15:01 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-22 14:56 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-22 14:56 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 09:42 . 2012-05-03 10:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 09:42 . 2012-05-03 10:31 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 04:27 . 2012-05-03 10:18 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-04 07:40 . 2014-04-23 09:12 2786424 ----a-w- c:\windows\system32\auto_reactivate.exe
2014-08-10 16:51 . 2014-08-10 16:51 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-05 08:40 . 2012-07-17 12:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-25 13:50 . 2014-07-28 13:23 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2013-10-30 15:24 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-07-28 13:23 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2013-10-30 15:24 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-02 20:48 . 2013-10-30 15:07 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2013-10-30 15:07 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2012-05-11 08:28 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2012-02-09 20:43 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 18:55 . 2012-05-11 08:30 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2012-05-11 08:30 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2012-05-11 08:30 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2012-05-11 08:30 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2012-05-11 08:30 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2012-05-11 08:30 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 10:14 . 2014-05-28 16:16 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-16 13:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-16 13:18 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-02-20 6161176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2537096]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys;c:\windows\SYSNATIVE\DRIVERS\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd2.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 Bluetooth Low Energy Service;Bluetooth Low Energy Service;c:\program files\Motorola\Bluetooth\LEsrv.exe;c:\program files\Motorola\Bluetooth\LEsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\SysWOW64\fsproflt2.exe;c:\windows\SysWOW64\fsproflt2.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 09:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-17 391144]
"EPSON Stylus DX3800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE" [2005-02-08 98304]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"EPSON Stylus DX3800 Series (kopie 2)"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE" [2005-02-08 98304]
.
------- Doplňkový sken -------
.
uStart Page = https://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Block This Image (ABP) - c:\program files (x86)\Adblock Pro\blockimg.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1 ... rol_32.CAB
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile=c:\windows\SysWow64\WScript.exe "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WinFPdrv.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):49,39,f4,9a,b7,de,0d,a9,f7,22,72,90,1c,e5,fc,20,b8,e4,24,c8,e0,
fe,9f,29,45,1f,a2,60,19,a9,82,39,cf,c8,d2,cd,e5,9b,f3,13,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4161170964-2679075385-4201197099-1001_Classes\Wow6432Node\CLSID\{d712007d-5f5d-48c4-bb4f-671eea06ba41}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012d
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="204A3524417AF1DF2D8F8AEFCD13497C61EB49FD60C49A6560E86F99E2735ECD2369745D5B011B1C943F1DDEF22ECC1B8E4C8A64580230B115332A25674445BA759CE629AB8ABF58220939A6A5D0296DE9B1F8806B23E895FEFD8A4795D917B24501D5D07AE316917F130CE1392006933CEDC6DF9A4987EC9D62681A39EE49766F98DB220000690986E7172DF569266E7B33788FDAB8DE5DAA5BED3E14DE648A09C8E8ECEAF517C4CB772EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452A9C6AECB7A5D1407A2D97226D213B5558A479335C93E3D0588275E9A39B0A6F8DFDF8A67E56A52A226668DC71E007F5FFE99E3E096E6159D3085E0F106993A21C7EA7EC2570FF31F511E50E8E37D5BA69F33FCD0C26B5B5721FA45A62B1E8B69C64B2180DE408788F823E85F28F1EA7B231092066C994F9AC26EF8104705DF9E15F538E9BA617B2E4814168DEA8267D1451AFD15726E91A403390F973B4B63E0F150AFDFEC8F2437EC053BE6EF046C76C4B3BC27FA9E2683D12A3DBC2BA222261EB595D53B94389D9AFD5FF3BD81FA8666B170F9EA12F89CA404DC11806D11B7DF769D52B0F3D4AD08FB31D01FB9F7F6725D5B5F7063D5A5727A6CB9694705B000D41E719AE2F60BEE6E7E2D239EA98C3373E73BFB62EE2CB9390D73D6F93903CD0813E00CCA822A0F39BCCD1E573EE3F8252488C012580EF9DD050AFC07CAF1983999665BC9C055A9B4028BA63E466A1717BED2B7AB0D02B8F93E61D523BD18B70AF55721B0DAAA862C0B529761B46365638DBC1D19690D7E94C7EE9D37F661050D0F1FBC05E19B6FDFB7221084E36440160BFAEF7B2F0C572751BDD6DDC18E5CC76F3DCF01C8EC34058C0F739C0FDA863052D57425042FD4A0326BC66A4CB4A136C4C5419165BA274230C1E85555039BA7A32D351D70F90AE0642AF45F2ABB39C864DEBA5875701EB3EF76DA0DBDF06764E5EF7A1FE34391BF84C0AEF54FE10D5FC3C52A2A9751F3EA3AFD79D4AF8B56C32124D69C2D390687D60A069A97B689D37D474112CE7208E924BB37F5F60D569702E31FB603D80A743E73D06D429F226F50C6F6CC823DBCA9E4284C68C483DC24595B6AC57FF641B9477EA6C3EFD54C7221BD064CFD71F796D8D0335CACD360229C4B94561E3C547D9E42E5A528E4018FF435EAB5F09E260F00D3AAB3A7B25D3EE38B3DA6C2A270D996E92FCF552F3EEC78CE69E1EE2BB46AFDE6368591AB539BEC82C9AA31FB455CA4B267B2C46705A5F7BB86DE6F5195EC9A511D1AAC1E454D182FE20A926A8807E26F37F22A975CCA68438D6F4E1E40D4C1F06AF29A3BBBDDEA22F2A074E6F1CF0F050DE89B9C4DDC5F420C07C8F4AF518334ECC1E48CC1C78E00AB"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-09-11 18:16:40
ComboFix-quarantined-files.txt 2014-09-11 16:16
.
Před spuštěním: Volných bajtů: 51 850 096 640
Po spuštění: Volných bajtů: 51 673 030 656
.
- - End Of File - - 0AF5B761AEFE79019CA1FDA3BB17E88E
4C6D7894E1A2D44EF190C37E57729EA6
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu (preventivní) Vyřešeno
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 131 hostů