Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

zavirovaný NTB, zřejmě červ, nelze odstranit

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#16 Příspěvek od Rudy »

Všechny utility na to byly zatím krátké. Ještě zkusíme AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

LSuki
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 07 čer 2018 20:49
Bydliště: Stoesser

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#17 Příspěvek od LSuki »

ComboFix 18-05-17.01 - adminlukas 09.06.2018 22:08:19.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3980.1157 [GMT 2:00]
Spuštěný z: c:\users\adminlukas\Desktop\ComboFix.exe
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: System Center Endpoint Protection *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: System Center Endpoint Protection *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-05-09 do 2018-06-09 )))))))))))))))))))))))))))))))
.
.
2018-06-09 20:23 . 2018-06-09 20:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2018-06-09 20:23 . 2018-06-09 20:23 -------- d-----w- c:\users\lukass\AppData\Local\temp
2018-06-09 20:23 . 2018-06-09 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-06-08 18:02 . 2018-06-09 17:32 44768 ----a-w- c:\windows\system32\drivers\mbam.sys
2018-06-08 18:02 . 2018-06-09 17:32 112872 ----a-w- c:\windows\system32\drivers\farflt.sys
2018-06-08 18:02 . 2018-06-09 17:32 94840 ----a-w- c:\windows\system32\drivers\mwac.sys
2018-06-08 18:02 . 2018-06-08 18:02 190696 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2018-06-08 18:02 . 2018-06-09 17:31 253664 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-06-08 18:01 . 2018-05-24 04:55 152184 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-06-08 18:01 . 2018-06-08 18:01 -------- d-----w- c:\programdata\Malwarebytes
2018-06-08 18:01 . 2018-06-08 18:01 -------- d-----w- c:\program files\Malwarebytes
2018-06-08 15:08 . 2018-06-08 15:08 -------- d-----w- C:\_OTM
2018-06-07 19:42 . 2018-06-08 21:06 -------- d-----w- c:\program files\trend micro
2018-06-07 19:42 . 2018-06-07 19:43 -------- d-----w- C:\rsit
2018-06-07 15:12 . 2018-06-07 15:12 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{949BE5EA-DA7E-4DA2-8A5B-0AE64B5E1F2D}\offreg.972.dll
2018-06-05 14:50 . 2018-05-15 19:10 14600328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{949BE5EA-DA7E-4DA2-8A5B-0AE64B5E1F2D}\mpengine.dll
2018-06-04 19:58 . 2018-06-05 14:30 -------- d-----w- c:\users\adminlukas\AppData\Local\ESET
2018-05-30 16:25 . 2018-05-15 19:10 14600328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-05-19 14:51 . 2018-05-19 14:51 -------- d-----w- c:\users\lukass\AppData\Local\Hewlett-Packard
2018-05-19 14:49 . 2018-05-19 14:49 -------- d-----w- c:\users\lukass\AppData\Roaming\Hewlett-Packard
2018-05-16 18:01 . 2018-05-23 18:08 -------- d-----w- c:\users\adminlukas\AppData\Roaming\AnyMeeting
2018-05-16 18:01 . 2018-05-16 18:02 -------- d-----w- c:\users\adminlukas\AppData\Local\AnyMeeting
2018-05-16 18:01 . 2018-05-16 18:02 -------- d-----w- c:\users\adminlukas\AppData\Local\SquirrelTemp
2018-05-10 23:12 . 2018-05-10 23:12 244208 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-06-09 01:09 . 2014-12-01 19:09 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-06-09 01:09 . 2014-12-01 19:09 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-03-23 19:50 . 2018-03-23 19:50 1094320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18B52F6A-5043-4797-A29C-47073B44BB02}\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-07-11 05:04 1524016 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-07-11 05:04 1524016 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-07-11 05:04 1524016 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"World of Tanks"="c:\games\World_of_Tanks\WargamingGameUpdater.exe" [2018-01-05 3139872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-03-01 56088]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-28 1667072]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2018-02-01 1194048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3697993826-1712495499-1262403601-1121\Scripts\Logon\0\0]
"Script"=pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3697993826-1712495499-1262403601-1121\Scripts\Logon\0\1]
"Script"=logonall.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 81057913
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - MPKSL9E7F9394
*Deregistered* - 81057913
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-15 10:18 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2018-06-06 c:\windows\Tasks\HPCeeScheduleForadminlukas.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2018-06-09 c:\windows\Tasks\HPCeeScheduleForlukass.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-07-11 05:03 2179376 ----a-w- c:\progra~1\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-07-11 05:03 2179376 ----a-w- c:\progra~1\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-07-11 05:03 2179376 ----a-w- c:\progra~1\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-05 1425408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do Microsoft Excelu - c:\progra~2\MICROS~1\Office16\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Poslat do On&eNotu - c:\progra~2\MICROS~1\Office16\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\TRANSLAT\WEBIE.DLL
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: Interfaces\{9223D93B-7400-441E-A964-CBCFA36AD5D5}: NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL
FF - ProfilePath - c:\users\adminlukas\AppData\Roaming\Mozilla\Firefox\Profiles\m9vzb57n.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
FF - prefs.js: keyword.URL - hxxps://duckduckgo.com/?q={searchTerms}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-22156959.sys
AddRemove-fotoknihyMCL_fotoknihyMCL - c:\windows\system32\fotoknihyMCL_fotoknihyMCL_uninstaller.exe
AddRemove-FOTOKNIHY_FOTOKNIHY - c:\windows\system32\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
AddRemove-StormWare Prodict 2002 Anglický velký slovník - c:\windows\IsUn0405.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-1202660629-725345543-12879\Software\SecuROM\License information*]
"datasecu"=hex:8d,69,a4,e8,ac,d5,6a,39,72,34,1b,c5,04,06,96,77,80,9f,55,88,46,
cd,85,9d,d6,15,0d,de,da,0d,0d,9d,55,bd,f3,08,bd,3a,1a,06,ef,43,1a,f5,0c,98,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.30"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2018-06-09 22:27:06
ComboFix-quarantined-files.txt 2018-06-09 20:27
.
- - End Of File - - D86452494759D032E0C25A9334490FDE

LSuki
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 07 čer 2018 20:49
Bydliště: Stoesser

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#18 Příspěvek od LSuki »

Raději to popíšu znova.
Kaspersky našel to co se nám nepovedlo odstranit. Pak restart.
Pak našel dalších 39 hrozeb a odstranil a přešel do restartu. Trvalo to přes pět a půl hodiny ...
Následně jsem spustil Kaspersky znova a nenašel nic. Mohlo by to být OK???

Pokud by byl NTB čistý, jak s USB rozhraními (fleškami)?
Právě přes ně jsem si toho všiml.Ze souborů se stávali "zástupci".
Stačí zformátovat?

Dá se říci, že se nám to podařilo vyčistit až tím Kasperskym?
Mám ještě ještě PC druhého syna, kde to vypadá na totéž.
Kde mám začít? Od ComboFixu a pak ten Kaspersky?

Lukáš

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#19 Příspěvek od Rudy »

Teď to vypadá podle logu CF, že je to svinstvo pryč. Flešky by mělo stačit zformátovat, pokud na nich nejsou pro vás potřebná data. U dalšího PC před skenem CF je třeba vědět, co obsahuje za aplikace. Tudíž udělejte sken FRST a log předložte ke kontrole. Některé (i regulérní) CF nemilosrdně maže a je nutné pak udělat zálohu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

LSuki
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 07 čer 2018 20:49
Bydliště: Stoesser

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#20 Příspěvek od LSuki »

OK. Jdu na druhý komp ...
Lukas

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#21 Příspěvek od Rudy »

:)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

LSuki
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 07 čer 2018 20:49
Bydliště: Stoesser

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#22 Příspěvek od LSuki »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by adminlukas (administrator) on BEJOCZ0711001 (10-06-2018 11:01:20)
Running from C:\Users\Adminlukas\Desktop
Loaded Profiles: adminlukas (Available Profiles: uzivatel & adminlukas)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\Temp\gD837.tmp.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(© 2015 Microsoft Corporation) C:\Users\Adminlukas\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(MP Soft, Masa&PPP Software) C:\UP2016\QBUpdateClient.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Charity Engine) C:\Program Files (x86)\BOINC\boinctray.exe
(Charity Engine) C:\Program Files (x86)\BOINC\charityengine.exe
(TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version9\TeamViewer.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
(Charity Engine) C:\Program Files (x86)\BOINC\boinc.exe
(TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version9\tv_x64.exe
(Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
(Space Sciences Laboratory) C:\ProgramData\BOINC\projects\work.charityengine.com\wrapper_26014_windows_intelx86.exe
(Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
(Node.js) C:\ProgramData\BOINC\slots\0\ce11.exe
(Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [89274] => wscript.exe //B "C:\Users\Adminlukas\AppData\Roaming\89274.tmp.vbs"
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard)
HKLM-x32\...\Run: [QBUpdateClient] => C:\UP2016\QBUpdateClient.exe [371200 2011-03-11] (MP Soft, Masa&PPP Software)
HKLM-x32\...\Run: [zzzHPSETUP] => E:\Setup.exe
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [71312 2014-03-07] (Charity Engine)
HKLM-x32\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\charityengine.exe [3757712 2014-03-07] (Charity Engine)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2017-11-08] (PDF Complete Inc)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-06-01] (Valve Corporation)
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\Run: [BingSvc] => C:\Users\Adminlukas\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\Run: [89274] => wscript.exe //B "C:\Users\Adminlukas\AppData\Roaming\89274.tmp.vbs"
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\Run: [9342784758] => wscript.exe //B "C:\Users\Adminlukas\AppData\Roaming\9342784758.tmp.vbs"
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\MountPoints2: {16250d2a-6f09-11e7-acb4-e06995a60382} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\MountPoints2: {16250e13-6f09-11e7-acb4-e06995a60382} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\MountPoints2: {37bcd3f0-30c2-11e7-ad48-e06995a60382} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\MountPoints2: {83837c27-230f-11e8-b02b-e7e37dbcf30d} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-73586283-1202660629-725345543-12879\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Microsoft Security Client] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
Startup: C:\Users\Adminlukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\89274.tmp.vbs [2018-01-01] ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{10365E7E-D177-405F-BF0D-39C0F1F33756}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-73586283-1202660629-725345543-12879\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.bing.com?pc=CMDTDF
HKU\S-1-5-21-73586283-1202660629-725345543-12879\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMDTDF
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {9663961C-8CF8-42EE-93E2-7C29BB2CDDD5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {9663961C-8CF8-42EE-93E2-7C29BB2CDDD5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-73586283-1202660629-725345543-12879 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-73586283-1202660629-725345543-12879 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-29] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-29] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-73586283-1202660629-725345543-12879 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF DefaultProfile: lcsmsl49.default
FF ProfilePath: C:\Users\Adminlukas\AppData\Roaming\Mozilla\Firefox\Profiles\lcsmsl49.default [2018-01-25]
FF Homepage: Mozilla\Firefox\Profiles\lcsmsl49.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-ww
www.google.cz
FF Extension: (Bing Search) - C:\Users\Adminlukas\AppData\Roaming\Mozilla\Firefox\Profiles\lcsmsl49.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-08-30] [Legacy]
FF SearchPlugin: C:\Users\Adminlukas\AppData\Roaming\Mozilla\Firefox\Profiles\lcsmsl49.default\searchplugins\bing-.xml [2017-08-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-03-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-08] ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2011-11-24] (Software602 a.s.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-02-03] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-08-22] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default [2018-06-07]
CHR Extension: (Docs) - C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-06]
CHR Extension: (Google Drive) - C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-17]
CHR Extension: (YouTube) - C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-17]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-03-10]
CHR Extension: (Sheets) - C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Gmail) - C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-17]
CHR Extension: (Chrome Media Router) - C:\Users\Adminlukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-06]
CHR HKU\S-1-5-21-73586283-1202660629-725345543-12879\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [84520 2011-03-14] (Software602 a.s.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1783200 2017-02-28] (Microsoft Corporation)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [699808 2017-02-28] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2017-10-19] (EasyAntiCheat Ltd)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [399720 2017-08-22] (WildTangent)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 OnePointDomainAdminService; C:\Windows\OnePointDomainAgent\DCTAgentService.exe [91648 2014-05-19] (Microsoft Corporation) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1793088 2017-11-08] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [332192 2017-02-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc. )
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] (OEM)
S3 OxSer; C:\Windows\system32\drivers\OxSer.sys [98352 2009-09-16] (OEM)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26992 2012-02-20] (Microsoft Corporation)
S1 wfcre; system32\drivers\wfcre.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-10 11:01 - 2018-06-10 11:03 - 000028858 _____ C:\Users\Adminlukas\Desktop\FRST.txt
2018-06-10 11:01 - 2018-06-10 11:01 - 000000000 ____D C:\FRST
2018-06-10 11:00 - 2018-06-10 11:00 - 002413056 _____ (Farbar) C:\Users\Adminlukas\Desktop\FRST64.exe
2018-05-24 14:22 - 2018-05-24 14:22 - 000001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2018-05-24 14:22 - 2018-05-24 14:22 - 000000000 ____D C:\Program Files\paint.net
2018-05-24 14:21 - 2018-05-24 15:01 - 000000000 ____D C:\Users\Adminlukas\AppData\Local\paint.net
2018-05-24 07:13 - 2017-04-28 00:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-05-24 07:13 - 2017-04-12 15:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-05-21 16:46 - 2018-05-22 14:14 - 000000049 _____ C:\Users\Adminlukas\AppData\Roaming\SSS.dat
2018-05-21 16:46 - 2018-05-22 14:14 - 000000014 _____ C:\Users\Adminlukas\AppData\Roaming\Sans Simulator Settings.ini
2018-05-17 19:26 - 2018-05-17 19:26 - 000000000 ____D C:\Users\Adminlukas\AppData\Local\Deployment
2018-05-17 19:26 - 2018-05-17 19:26 - 000000000 ____D C:\Users\Adminlukas\AppData\Local\Apps\2.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-10 11:04 - 2017-07-15 14:48 - 000016694 _____ C:\Windows\System32\Tasks\3DMarkIt
2018-06-10 11:03 - 2009-07-14 06:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-10 11:03 - 2009-07-14 06:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-10 10:57 - 2016-03-11 13:42 - 000000000 ____D C:\UP2016
2018-06-10 10:57 - 2012-01-12 09:40 - 000000581 _____ C:\Windows\SMSCFG.ini
2018-06-10 10:56 - 2017-11-19 18:10 - 000000000 ____D C:\ProgramData\BOINC
2018-06-10 10:54 - 2017-05-04 18:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-10 10:54 - 2011-07-11 18:13 - 000000000 ____D C:\ProgramData\PDFC
2018-06-10 10:53 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-08 21:24 - 2014-11-06 15:00 - 000000580 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3697993826-1712495499-1262403601-1106.job
2018-06-08 21:04 - 2017-05-21 14:06 - 000004542 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-06-08 21:04 - 2012-10-16 08:10 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-08 21:04 - 2012-10-16 08:10 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-08 21:04 - 2011-11-30 15:26 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-08 21:04 - 2011-08-08 09:19 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-08 21:04 - 2011-07-11 18:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-08 20:33 - 2018-03-14 12:04 - 000004530 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-07 18:45 - 2011-08-01 14:29 - 000000000 ____D C:\Users\Adminlukas
2018-06-07 18:34 - 2011-07-11 17:44 - 000675660 _____ C:\Windows\system32\perfh005.dat
2018-06-07 18:34 - 2011-07-11 17:44 - 000144154 _____ C:\Windows\system32\perfc005.dat
2018-06-07 18:34 - 2009-07-14 07:13 - 001598308 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-07 18:34 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-06-07 18:26 - 2017-03-08 14:15 - 000000000 ____D C:\AdwCleaner
2018-06-07 18:19 - 2015-06-01 14:38 - 000000676 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3697993826-1712495499-1262403601-1106.job
2018-06-07 18:11 - 2017-06-11 14:00 - 000000000 ____D C:\Users\Adminlukas\AppData\Local\CrashDumps
2018-06-06 07:19 - 2017-10-10 14:24 - 000000352 _____ C:\Windows\Tasks\HPCeeScheduleForadminlukas.job
2018-06-05 09:16 - 2017-10-10 14:24 - 000003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForadminlukas
2018-06-03 21:18 - 2013-12-02 09:24 - 000000000 ___RD C:\AVG
2018-05-31 21:03 - 2017-07-23 12:54 - 000000000 ____D C:\Users\Adminlukas\AppData\Local\GeometryDash
2018-05-29 07:03 - 2018-02-26 17:52 - 000000000 ____D C:\Users\Adminlukas\AppData\Roaming\libraries
2018-05-27 15:31 - 2017-08-16 13:20 - 000000000 ____D C:\Users\Adminlukas\AppData\Local\UNDERTALE
2018-05-25 15:22 - 2017-05-03 14:20 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1493814015
2018-05-25 15:22 - 2017-05-03 14:20 - 000000000 ____D C:\Program Files (x86)\Opera
2018-05-24 15:13 - 2017-05-02 17:45 - 000000000 ___RD C:\SLOŽKA
2018-05-24 07:15 - 2011-02-11 22:29 - 001576690 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-15 13:53 - 2017-06-11 14:00 - 000000000 ____D C:\Users\Adminlukas\AppData\Roaming\vlc
2018-05-15 07:09 - 2015-07-02 13:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-15 07:09 - 2014-12-29 07:41 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-12 07:43 - 2009-07-14 07:08 - 000032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-11 21:13 - 2017-11-29 21:13 - 000000000 ____D C:\Users\Adminlukas\AppData\Roaming\StardewValley

==================== Files in the root of some directories =======

2013-11-28 12:22 - 2014-06-03 08:59 - 000003739 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2018-01-01 23:10 - 2018-01-01 23:10 - 000030130 _____ () C:\Users\Adminlukas\AppData\Roaming\89274.tmp.vbs
2018-01-01 23:10 - 2018-01-28 18:14 - 000000000 _____ () C:\Users\Adminlukas\AppData\Roaming\9342784758.tmp.vbs
2017-12-15 15:45 - 2013-07-21 22:59 - 000012005 _____ () C:\Users\Adminlukas\AppData\Roaming\alsoft.ini
2018-04-20 15:21 - 2018-04-20 15:21 - 000041472 _____ (FZDJN) C:\Users\Adminlukas\AppData\Roaming\IJPKIJ.exe
2018-05-21 16:46 - 2018-05-22 14:14 - 000000014 _____ () C:\Users\Adminlukas\AppData\Roaming\Sans Simulator Settings.ini
2018-05-21 16:46 - 2018-05-22 14:14 - 000000049 _____ () C:\Users\Adminlukas\AppData\Roaming\SSS.dat
2017-07-15 14:49 - 2017-07-15 14:49 - 007320064 _____ () C:\Users\Adminlukas\AppData\Local\agent.dat
2017-07-15 14:49 - 2017-07-15 14:49 - 000070800 _____ () C:\Users\Adminlukas\AppData\Local\Config.xml
2017-07-15 14:49 - 2017-07-15 14:47 - 002554368 _____ (TODO: <Company name>) C:\Users\Adminlukas\AppData\Local\Keyfax.exe
2017-07-15 14:49 - 2017-07-15 14:49 - 000278510 _____ () C:\Users\Adminlukas\AppData\Local\Keyfax.tst
2017-07-15 14:49 - 2017-07-15 14:49 - 000005568 _____ () C:\Users\Adminlukas\AppData\Local\md.xml
2017-07-15 14:49 - 2017-07-15 14:49 - 000126464 _____ () C:\Users\Adminlukas\AppData\Local\noah.dat
2017-07-15 14:49 - 2017-07-15 14:47 - 002554368 _____ (TODO: <Company name>) C:\Users\Adminlukas\AppData\Local\S-trax.exe
2017-07-15 14:49 - 2017-07-15 14:49 - 001898550 _____ () C:\Users\Adminlukas\AppData\Local\S-trax.tst

Some files in TEMP:
====================
2018-03-30 22:29 - 2018-03-30 22:29 - 001876992 _____ (Opera Software) C:\Users\Adminlukas\AppData\Local\Temp\Opera_installer_180330202946366.dll
2018-03-30 22:29 - 2018-03-30 22:29 - 001876992 _____ (Opera Software) C:\Users\Adminlukas\AppData\Local\Temp\Opera_installer_180330202946756.dll
2018-03-30 22:29 - 2018-03-30 22:29 - 001876992 _____ (Opera Software) C:\Users\Adminlukas\AppData\Local\Temp\Opera_installer_180330202947817.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-08 21:24

==================== End of FRST.txt ============================

LSuki
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 07 čer 2018 20:49
Bydliště: Stoesser

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#23 Příspěvek od LSuki »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by adminlukas (10-06-2018 11:04:25)
Running from C:\Users\Adminlukas\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-07-25 10:37:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1645959127-2865139422-814047988-500 - Administrator - Disabled)
Guest (S-1-5-21-1645959127-2865139422-814047988-501 - Limited - Enabled)
uzivatel (S-1-5-21-1645959127-2865139422-814047988-1000 - Administrator - Enabled) => C:\Users\uzivatel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: System Center Endpoint Protection (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: System Center Endpoint Protection (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

15354 Webcam Live (HKLM-x32\...\{3AC11667-B4DD-4984-AD0B-B2D4E40AB573}) (Version: 1.2.0.0 - )
64 Bit HP CIO Components Installer (HKLM\...\{5737101A-27C4-408A-8A57-D1DC78DF84B4}) (Version: 8.2.1 - Hewlett-Packard) Hidden
ACDSee Photo Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Acrobat X Standard - Eastern European (Group 1) (HKLM-x32\...\{AC76BA86-1029-4770-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Balíček ovladače systému Windows - Nokia Modem (10/12/2007 3.6) (HKLM\...\6A630DCEC5EEC912115F2FF59D8C2C769798D930) (Version: 10/12/2007 3.6 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Bejeweled 2 Deluxe (HKLM-x32\...\WT089453) (Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WT089498) (Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
BOOKcase 4.0 (HKLM-x32\...\BOOKcase 4.0) (Version: - )
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Cambridge Learner's Dictionary (HKLM-x32\...\Cambridge Learner's Dictionary) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Configuration Manager Client (HKLM\...\{3926E6CB-FD37-4E8D-8B08-7F485E118C2D}) (Version: 5.00.8498.1000 - Microsoft Corporation) Hidden
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 20170929 - GOG.com)
Czech Module for Microsoft Dynamics NAV 2016 Role Tailored Client (HKLM-x32\...\{00000000-0000-9000-3000-0CE90DA3512B}) (Version: 9.0.42815.0 - Microsoft Corporation)
Czech Module for Microsoft Dynamics NAV Classic Client (HKLM-x32\...\{00000000-0000-6002-3000-FDACB85853AF}) (Version: 6.0.32012.0 - Microsoft Corporation) Hidden
Czech Module for Microsoft Dynamics NAV Role Tailored Client (HKLM-x32\...\{00000000-0000-8000-3000-0CE90DA3512B}) (Version: 8.0.43389.0 - Microsoft Corporation) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (HKLM-x32\...\WT089470) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT089504) (Version: 2.2.0.95 - WildTangent) Hidden
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Lifetime Updater (HKLM-x32\...\{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}) (Version: 2.1.11 - Garmin)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Connect Solutions (HKLM-x32\...\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}) (Version: 1.0.0.4 - Hewlett-Packard)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.8.1.0 - Hewlett-Packard)
Charity Engine (HKLM-x32\...\{7309D717-F38D-436D-9537-066AA0AC7639}) (Version: 7.0.80 - Charity Engine)
Chuzzle Deluxe (HKLM-x32\...\WT089454) (Version: 2.2.0.95 - WildTangent) Hidden
IDES-CZ (HKLM-x32\...\{15EDA964-9FA7-43BC-8DC2-033306253D12}) (Version: 8.0 - Werum Software & Systems, AG)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
InstatDesk-CZ (HKLM-x32\...\{B8E0B1B3-D9DB-4C10-84DF-A3980EB7E706}) (Version: 2.0.1 - XPIS)
InstatDesk-CZ (HKLM-x32\...\{FF60EF48-4C83-4E3B-BCE2-421110FC4D15}) (Version: 1.0.41 - XPIS)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.110 - Oracle)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
Little Inferno (HKLM-x32\...\1444053723_is1) (Version: 2.0.0.1 - GOG.com)
Mah Jong Medley (HKLM-x32\...\WT087393) (Version: 2.2.0.95 - WildTangent) Hidden
Media Go (HKLM-x32\...\{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}) (Version: 2.1.392 - Sony)
Media Go Video Playback Engine 1.88.110.12050 (HKLM-x32\...\{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}) (Version: 1.88.110.12050 - Sony)
Microsoft .NET Framework 4.7.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Dynamics NAV 2009 R2 (HKLM-x32\...\DynamicsNav60) (Version: 6.0.32012.0 - Microsoft Corporation)
Microsoft Dynamics NAV 2015 (HKLM-x32\...\DynamicsNav80) (Version: 8.0.43389.0 - Microsoft Corporation)
Microsoft Dynamics NAV 2016 RoleTailored Client (HKLM-x32\...\{00000000-0000-9000-0000-0CE90DA3512B}) (Version: 9.0.45834.0 - Microsoft Corporation)
Microsoft Dynamics® ERP Translation Tool (HKLM-x32\...\{D7BB38EE-08DA-4E52-B382-54EB4097C50C}) (Version: 1.0.1258.850 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Report Viewer 2015 Runtime (HKLM-x32\...\{3ECE8FC7-7020-4756-A71C-C345D4725B77}) (Version: 12.0.2402.15 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25711 (HKLM\...\{7D02C46E-2953-3EB1-A5D5-7943C9D7684F}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25711 (HKLM\...\{043D5787-5988-3DE2-928D-3B6A75E2126E}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25711 (HKLM-x32\...\{8FDCF95F-4756-34F4-9DA2-D708E7FAC504}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25711 (HKLM-x32\...\{6E894015-A182-3C1E-A7D2-3032CB2E1D43}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 57.0.4 (x64 cs) (HKLM\...\Mozilla Firefox 57.0.4 (x64 cs)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
MSVC80_x64 (HKLM\...\{68660049-8D48-427C-9FF7-139D8340CDC0}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86 (HKLM-x32\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Multilingual App Toolkit (HKLM-x32\...\{0EFF0E71-0034-4EBB-8F40-767928A55ADF}) (Version: 3.1.1250.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\WT089496) (Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089484) (Version: 2.2.0.95 - WildTangent) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 53.0.2907.68 (HKLM-x32\...\Opera 53.0.2907.68) (Version: 53.0.2907.68 - Opera Software)
osu! (HKLM-x32\...\{478b6fbe-3897-4f6d-8d91-c210a8d25aad}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.26 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plague Inc Evolved (HKLM-x32\...\Plague Inc Evolved_is1) (Version: 0.8.4.2 - Decepticon)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089458) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.8.1.14440 - Sony Computer Entertainment Inc.)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Prostředí Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Rayman Legends (HKLM-x32\...\{B43A81C7-79C9-4518-8305-53AC94A8D479}) (Version: 6.0 - Black Box)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.3929 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Room Arranger (32-bit) (HKLM-x32\...\Room Arranger) (Version: 9.5.3 - Jan Adamec)
Scribblenauts Unmasked A DC Comics Adventure (HKLM-x32\...\Scribblenauts Unmasked A DC Comics Adventure_is1) (Version: - )
Skype for Business Web App Plug-in (HKLM-x32\...\{5EEFC600-CE9E-4DCE-862A-E7D4A9C7B568}) (Version: 15.8.20020.369 - Microsoft Corporation)
Skype verze 8.19 (HKLM-x32\...\Skype_is1) (Version: 8.19 - Skype Technologies S.A.)
Slingo Supreme (HKLM-x32\...\WT089457) (Version: 2.2.0.95 - WildTangent) Hidden
Software602 Form Filler (HKLM-x32\...\{1320CACA-1955-4E9E-84A1-B75F064221BB}) (Version: 4.12 - Software602 a.s.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.6.0.8 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StormWare Prodict 2002 Anglický velký slovník (HKLM-x32\...\StormWare Prodict 2002 Anglický velký slovník) (Version: - )
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
TeamViewer 9 Host (HKLM-x32\...\TeamViewer 9 Host) (Version: 9.0.29947 - TeamViewer)
TeamViewer 9 Host (MSI Wrapper) (HKLM-x32\...\{36BEE6BB-3BF8-4540-B8E0-993ADE2D1BEB}) (Version: 9.0.29947 - TeamViewer)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.0.0.1 - GOG.com)
The Binding of Isaac Rebirth 1.0 (HKLM-x32\...\The Binding of Isaac Rebirth 1.0) (Version: 1.0 - Games on Cat-A-Cat.Net)
The Escapists 2 - Wicked Ward (HKLM-x32\...\The Escapists 2 - Wicked Ward_is1) (Version: - )
Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.)
Účetní poradce (HKLM-x32\...\{2BE1DE38-5B5D-433E-BB92-B055AD540530}) (Version: 02/2011 - MP-Soft)
Update for Skype for Business 2016 (KB3178717) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{45503767-F19E-4421-B930-8B0004ACA804}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3178717) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{45503767-F19E-4421-B930-8B0004ACA804}) (Version: - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO Image Resizer 4.0.0.42 (HKLM-x32\...\{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1) (Version: 4.0.0.42 - VSO-Software)
Web Translator (HKLM-x32\...\Web Translator) (Version: - )
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.30 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.28 - WildTangent) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Filmora(Build 8.6.1) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
XDPH - kontrola nespolehlivých plátců (HKLM-x32\...\XDPH - kontrola nespolehlivých plátců_is1) (Version: - LAN Consult, spol. s r.o.)
Zuma Deluxe (HKLM-x32\...\WT089455) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2013-12-18] (Adobe Systems Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2013-10-31] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-27] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2013-12-18] (Adobe Systems Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0394B1F7-D40F-4EFC-9BFB-1F3273EB63FD} - System32\Tasks\HPCeeScheduleForadminlukas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {125D8E74-1DA4-4C23-BE89-BE7231290C2B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {14F1CF06-2C3D-4830-A1F8-3F3640C02A32} - System32\Tasks\NCH Software\ExpressZipDowngrade => C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe [2013-08-06] (NCH Software)
Task: {153DC4CE-C60C-4B84-B089-1C9C10CFD1B0} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {275502C6-56E8-4499-8F88-45735E29FC2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {27A3B941-B1EE-428D-8738-3D68505F8AA6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {314F90FE-414A-49F0-9A31-A2CA725901AC} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2017-02-28] (Microsoft Corporation)
Task: {3D0B0B0A-F133-4FBC-B47E-4F548BFF3E2D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {500DDC83-24C6-4D7F-995D-D6382AE5BD20} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {5107DDD5-4084-4428-B2F1-540D91D22CFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {64434213-4921-4E0F-8EA6-3D31F574E28A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {6B984E49-A9E7-4DD0-93A2-A7CA3F206284} - System32\Tasks\G2MUploadTask-S-1-5-21-3697993826-1712495499-1262403601-1106 => C:\Users\lukass.CZ\AppData\Local\Citrix\GoToMeeting\3277\g2mupload.exe
Task: {6DBD8519-687E-4784-80DA-53C9FE3F6B2D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7039A778-D05E-4F26-A0E2-25E4F7624013} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-28] ()
Task: {7187BF8F-31C6-42DB-A7F3-6D9C3EB12B9C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {7F9B1FE3-0EE3-4CCB-A8D0-43663205EA67} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {9D44C8C5-CD8B-4655-A57A-DCCF328ED8DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {9F98DCF5-F114-4259-8F2D-EF512BDD439C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-21] (Google Inc.)
Task: {AEFD02F9-47AA-4700-A5AC-F3EF6EE9E3D8} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-03-30] (CyberLink)
Task: {BF95613A-6AF2-478A-95B3-6D97ADD625B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {C33E6563-C5F0-4B8D-A16F-FF150E8713F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {CA9D685A-E5EA-4E76-864E-707F1A08ACB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-21] (Google Inc.)
Task: {D1248864-F104-4610-B05A-4AF98017090F} - System32\Tasks\Opera scheduled Autoupdate 1493814015 => C:\Program Files (x86)\Opera\launcher.exe [2018-05-23] (Opera Software)
Task: {DE37B759-781F-41B3-A133-0BAC2ECFE6F7} - System32\Tasks\G2MUpdateTask-S-1-5-21-3697993826-1712495499-1262403601-1106 => C:\Users\lukass.CZ\AppData\Local\Citrix\GoToMeeting\3277\g2mupdate.exe
Task: {E1368E29-3A60-4DDF-B8A8-7E8809CF3FF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {EDCA31D2-1671-47C4-8BD7-EC885F424CCC} - System32\Tasks\3DMarkIt => C:\Windows\system32\rundll32.exe "C:\Program Files\3DMarkIt\3DMarkIt.dll",hFBMVimYNqk <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3697993826-1712495499-1262403601-1106.job => C:\Users\lukass.CZ\AppData\Local\Citrix\GoToMeeting\3277\g2mupdate.exe C:\Users\lukass.CZ
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3697993826-1712495499-1262403601-1106.job => C:\Users\lukass.CZ\AppData\Local\Citrix\GoToMeeting\3277\g2mupload.exe C:\Users\lukass.CZ
Task: C:\Windows\Tasks\HPCeeScheduleForadminlukas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-10-22 09:38 - 2012-09-18 15:27 - 000192512 _____ () C:\Windows\System32\zlhp1020.dll
2013-10-22 09:38 - 2012-09-18 15:27 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2017-07-15 14:48 - 2015-06-01 00:22 - 002483200 _____ () C:\Program Files\3DMarkIt\3DMarkIt.dll
2017-07-26 09:58 - 2017-07-26 09:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-06-08 21:21 - 2018-06-10 10:54 - 000983040 _____ () C:\Windows\TEMP\gD837.tmp.exe
2011-07-11 18:07 - 2009-02-28 04:13 - 000053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2011-07-11 17:52 - 2011-01-27 04:11 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-11 18:06 - 2009-07-02 23:58 - 000406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2018-06-02 20:46 - 2018-06-02 20:47 - 001794048 _____ () C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
2013-12-18 20:43 - 2013-12-18 20:43 - 000019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\cs_cz\acrotray.cze
2018-03-15 21:16 - 2017-09-12 11:34 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-03-15 21:16 - 2016-07-21 11:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2011-07-11 18:07 - 2009-02-20 02:22 - 000028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2018-05-25 15:22 - 2018-05-23 07:02 - 086162520 _____ () C:\Program Files (x86)\Opera\53.0.2907.68\opera_browser.dll
2012-10-19 14:18 - 2012-10-19 14:18 - 000081920 _____ () C:\Program Files (x86)\BOINC\zlib1.dll
2018-05-25 15:21 - 2018-05-23 07:02 - 003742296 _____ () C:\Program Files (x86)\Opera\53.0.2907.68\libglesv2.dll
2018-05-25 15:21 - 2018-05-23 07:02 - 000086616 _____ () C:\Program Files (x86)\Opera\53.0.2907.68\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\ws2003eln -> ws2003eln
IE trusted site: HKU\S-1-5-21-73586283-1202660629-725345543-12879\...\ws2003qonline -> ws2003qonline

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-02-26 16:34 - 000017671 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
127.0.0.1 w9448963.iavs9x.u.avast.com
127.0.0.1 w9448963.ivps9x.u.avast.com
127.0.0.1 w9448963.ivps9tiny.u.avast.com
127.0.0.1 w9448963.vpsnitro.u.avast.com
127.0.0.1 w9448963.vpsnitrotiny.u.avast.com
127.0.0.1 w9448963.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com

There are 435 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-73586283-1202660629-725345543-12879\Control Panel\Desktop\\Wallpaper -> C:\Users\Adminlukas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{BFC2CAAD-3E8F-4651-8555-5C6CC6153673}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{ADAA137B-01FC-45B8-A509-AEEEA2D7C296}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{D5C2A386-7DF1-4A26-8B74-9125E5B58EDC}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{77BAC8DA-5992-4B7F-8DD3-CF5973248D29}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{209509A8-E6EF-4F90-99F2-5C66A0643549}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDA3FCE8-3A84-4E83-95FF-817E2C593CCF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3FD339B9-3C8B-4095-8F0B-75CAB4645881}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{92E94A49-67B1-4FFC-A561-7BB0F9498FE7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D596FAE0-21D5-4D5D-93B7-8AA5D88291C1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9532A30C-5993-4A9D-A872-B5EE3E5D904B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8AF03B1C-FC38-419F-B494-3467DE52E983}] => (Allow) C:\Program Files (x86)\Microsoft Dynamics NAV\80\RoleTailored Client\Microsoft.Dynamics.Nav.Client.exe
FirewallRules: [{EE1B9F5C-A68D-4C24-A946-9076EAE8788C}] => (Allow) C:\Program Files (x86)\Teamviewer\Version9\TeamViewer.exe
FirewallRules: [{EF9A3BC9-7992-45B5-BB9B-67DE95A07C71}] => (Allow) C:\Program Files (x86)\Teamviewer\Version9\TeamViewer.exe
FirewallRules: [{AB63BD61-EAFC-40CE-8CD4-D72DB2B1FB3A}] => (Allow) C:\Program Files (x86)\Teamviewer\Version9\TeamViewer_Service.exe
FirewallRules: [{3299C403-A885-45A1-B91B-377E18264B89}] => (Allow) C:\Program Files (x86)\Teamviewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1763BCE3-F60F-46B8-97C8-85CC50C79DF7}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{117FC396-71C6-47E8-9DFB-02FC7739CF48}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{55D5EEC6-3F8A-4C3F-BFA0-F5F78AE31F96}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{CB72383D-92C8-463C-BC36-F05FE473F64B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{51F19E6F-AC28-40BC-9385-E06327B10E4F}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{543B132D-D413-49E2-A71B-10771BB398FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CACF4DE3-787E-4C2B-8257-5401B1160BDE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0F83926F-248C-4354-9650-53F1FE9A105D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3F99EC32-945D-49BE-98FF-26862C5E1BF4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{73567ABB-A4E8-41E8-B9F9-9E99744ABB1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{C1E8DB4B-D072-4FA2-842D-5311034F836B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{3E6B470D-9621-452A-99B4-34B42830F8F8}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{C5E74E43-2EF2-4D5E-B543-5FD5CA90503F}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{10E52BA3-AFB9-4E11-9BB3-42BFB809F15F}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{426B0129-DC25-45A7-8BA5-EB75D0BEDC8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{7F9B0FFD-FE03-4C51-A7A4-E5C9E53B924E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{6F16E474-A700-4E9D-9776-84D8A976507D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{0B11715D-CD63-4717-A4B2-5447A28E024E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{4DAFA4A4-CECE-4144-BD1D-83E7DBBA9B36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Find_You\Find_You.exe
FirewallRules: [{AC31FF2E-A74F-4C87-A143-78283E736790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Find_You\Find_You.exe
FirewallRules: [{136728A9-E501-47A8-AF09-D0EBBE2CA100}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{0045E27E-1FB7-483C-9D07-2384BC1B44F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{09AD61FB-EDA6-4D45-92F0-23D248BC9F4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{58474532-BFB8-4233-9569-05DEEBC5D282}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{AC97586A-930A-4E0C-9348-2B1F45DF35CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{8ACDF7D5-BCE0-4301-B6BA-622862BE156D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{C9D01687-565F-4066-A239-6E7BD0436BD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{24B7663A-3A01-470C-867A-50FF42205086}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4149E773-32AC-48FC-BB41-B28FFD3279CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D1AB3D63-73E1-4CF9-A85A-FBBBAB7F0FB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F1CD66D2-BC50-48FC-A16D-B3C47B57ECED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{0DB61620-C482-4DC6-BDEC-A9BAD8EEA97B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0EDD1899-16DF-439E-84C3-29FABE2CA8B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{73E71107-161D-4F58-9C61-8FF409679699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{1BA52E07-C2BC-4DB2-871C-4A6204A069D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Snout\IronSnout.exe
FirewallRules: [{0EE51AD5-3137-4F04-A7A7-B6DA7E42EB2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Snout\IronSnout.exe
FirewallRules: [{AA6A3ABE-FCA0-4509-B426-A7CF77823AF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{58F32C35-9B73-4256-8F6F-D14129B53FE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{E9654017-F7F6-48BC-9229-62A3BEF0FEAF}C:\users\adminlukas\desktop\zilak - get ultimate chicken horse for free\game\ultimate chicken horse\64 bit\ultimatechickenhorse.exe] => (Block) C:\users\adminlukas\desktop\zilak - get ultimate chicken horse for free\game\ultimate chicken horse\64 bit\ultimatechickenhorse.exe
FirewallRules: [UDP Query User{466766FF-0551-431B-80AD-41C261CF572E}C:\users\adminlukas\desktop\zilak - get ultimate chicken horse for free\game\ultimate chicken horse\64 bit\ultimatechickenhorse.exe] => (Block) C:\users\adminlukas\desktop\zilak - get ultimate chicken horse for free\game\ultimate chicken horse\64 bit\ultimatechickenhorse.exe
FirewallRules: [TCP Query User{EA9870D9-352C-4A84-B8E7-26CD60BF09AA}C:\složka\ostatní\zilak - get ultimate chicken horse for free\game\ultimate chicken horse\64 bit\ultimatechickenhorse.exe] => (Block) C:\složka\ostatní\zilak - get ultimate chicken horse for free\game\ultimate chicken horse\64 bit\ultimatechickenhorse.exe
FirewallRules: [UDP Query User{49D94367-D09F-4A16-8770-2A2D0A87B17B}C:\složka\ostatní\zilak - get ultimate chicken horse for free\game\ultimate chicken horse\64 bit\ultimatechickenhorse.exe] => (Block) C:\složka\ostatní\zilak - get ultimate chicken horse for free\game\ultimate chicken horse\64 bit\ultimatechickenhorse.exe
FirewallRules: [{C0F4D2DB-F182-4E14-8FA6-20EF29E3E708}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9AA56942-A05B-4338-84F0-77884A697660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{770C7776-96CB-43D4-8596-458D35B59070}C:\users\adminlukas\desktop\carried.away\carriedaway.exe] => (Block) C:\users\adminlukas\desktop\carried.away\carriedaway.exe
FirewallRules: [UDP Query User{E2EE4482-18F8-47BC-830F-A0A9D98F3C8B}C:\users\adminlukas\desktop\carried.away\carriedaway.exe] => (Block) C:\users\adminlukas\desktop\carried.away\carriedaway.exe
FirewallRules: [{448C3910-65ED-463D-B75D-534DF853F452}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{47F1600B-76B5-4DC2-9575-FB57F168C9D1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{46E9F410-5733-410A-81BF-B55CA1568549}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{7E3D7E9A-572B-4D43-9EAB-15F523B0ECF4}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Block) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{460C484F-23D8-42FB-893F-2FEB89A392AE}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Block) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{A7966BD3-F7FA-487F-A4B7-6AB9A3C17219}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{6A1531D8-3B5E-4F6F-AA52-4431303B2C3B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{D1E08F56-97F6-4372-8B44-88CD0F7BDA96}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.99\opera.exe
FirewallRules: [{1FAD5594-9378-4F48-B214-F75C89F03B5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E8A9032F-C3B4-4660-B19D-98D729135F57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{8017A591-CD84-45BC-AAC6-CE8348FF0C3E}] => (Allow) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
FirewallRules: [{F819D87B-197D-4737-A512-9871C6544A45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{A267100B-58E9-4071-9193-7A18AC149678}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{FC0BDE98-72D1-4E45-BAC5-4274D099D073}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{4551B330-2BF1-4152-82E8-903D5F9802AB}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

18-05-2018 10:22:22 Naplánovaný kontrolní bod
24-05-2018 07:12:44 Windows Update
24-05-2018 14:21:39 paint.net 4.0.21
02-06-2018 21:21:05 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Adaptér tunelového režimu Microsoft Teredo
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: wfcre
Description: wfcre
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: wfcre
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2018 10:55:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/10/2018 10:47:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/08/2018 08:57:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/08/2018 08:48:53 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/08/2018 08:26:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generování kontextu aktivace pro C:\SLOŽKA\OSTATNÍ BLBOSTI\audacity.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/08/2018 08:23:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/08/2018 06:01:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/07/2018 06:51:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: gA18B.tmp.exe, verze: 0.0.0.0, časové razítko: 0x5b00c9d0
Název chybujícího modulu: gA18B.tmp.exe, verze: 0.0.0.0, časové razítko: 0x5b00c9d0
Kód výjimky: 0xc0000409
Posun chyby: 0x00000000000135c3
ID chybujícího procesu: 0x1284
Čas spuštění chybující aplikace: 0x01d3fe7fa81a2c9d
Cesta k chybující aplikaci: C:\Windows\TEMP\gA18B.tmp.exe
Cesta k chybujícímu modulu: C:\Windows\TEMP\gA18B.tmp.exe
ID zprávy: 0a3053cd-6a73-11e8-b94f-e06995a60382


System errors:
=============
Error: (06/10/2018 10:54:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
wfcre

Error: (06/10/2018 10:54:07 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: BEJO)
Description: Zpracování zásad skupiny selhalo v důsledku toho, že se nebylo v síti možné připojit k řadiči domény. Může se jednat o přechodný stav. Po připojení počítače k řadiči domény a úspěšném zpracování zásad skupiny bude odeslána zpráva o úspěšné provedení těchto akcí. Pokud se tato zpráva nezobrazí během několika hodin, obraťte se na správce.

Error: (06/10/2018 10:53:50 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: Zpracování zásad skupiny selhalo. Systém Windows nerozpoznal název počítače. Může to být způsobeno jedním nebo více z následujících důvodů:
a) Selhal překlad IP adres v aktuálním řadiči domény.
b) Čekací doba replikace služby Active Directory (účet vytvořený na jiném řadiči domény nebyl replikován na aktuální řadič domény).

Error: (06/10/2018 10:53:50 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Tento počítač nemohl nastavit zabezpečenou relaci s řadičem
domény v doméně BEJO z následujícího důvodu:
Pro vyřízení žádosti o přihlášení nejsou nyní k dispozici žádné přihlašovací servery.


To může vést k potížím při ověřování. Přesvědčte se, zda je tento
počítač připojen k síti. Pokud potíže trvají,
obraťte se na správce domény.



DALŠÍ INFORMACE

Pokud je tento počítač řadičem domény pro určenou doménu,
nastaví zabezpečenou relaci s emulátorem primárního řadiče domény v určené
doméně. V opačném případě tento počítač nastaví zabezpečenou relaci s libovolným řadičem domény
v určené doméně.

Error: (06/10/2018 10:46:43 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.269.521.0

Update Source: Internal Definition Update Server

Update Stage: Search

Source Path: http://BEJONLSCCM01.BEJO.LOCAL:8530

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.14901.4

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (06/10/2018 10:46:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
wfcre

Error: (06/10/2018 10:46:00 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: Zpracování zásad skupiny selhalo. Systém Windows nerozpoznal název počítače. Může to být způsobeno jedním nebo více z následujících důvodů:
a) Selhal překlad IP adres v aktuálním řadiči domény.
b) Čekací doba replikace služby Active Directory (účet vytvořený na jiném řadiči domény nebyl replikován na aktuální řadič domény).

Error: (06/10/2018 10:46:00 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Tento počítač nemohl nastavit zabezpečenou relaci s řadičem
domény v doméně BEJO z následujícího důvodu:
Pro vyřízení žádosti o přihlášení nejsou nyní k dispozici žádné přihlašovací servery.


To může vést k potížím při ověřování. Přesvědčte se, zda je tento
počítač připojen k síti. Pokud potíže trvají,
obraťte se na správce domény.



DALŠÍ INFORMACE

Pokud je tento počítač řadičem domény pro určenou doménu,
nastaví zabezpečenou relaci s emulátorem primárního řadiče domény v určené
doméně. V opačném případě tento počítač nastaví zabezpečenou relaci s libovolným řadičem domény
v určené doméně.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 82%
Total physical RAM: 4000.31 MB
Available physical RAM: 716.02 MB
Total Virtual: 7998.81 MB
Available Virtual: 4288.19 MB

==================== Drives ================================

Drive c: (DATA) (Fixed) (Total:454.34 GB) (Free:156.14 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.32 GB) (Free:1.35 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{9ba123f5-b6f3-11e0-bcd3-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0BAA2D29)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#24 Příspěvek od Rudy »

Máte pravdu, je tam stejný šmejd. Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

LSuki
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 07 čer 2018 20:49
Bydliště: Stoesser

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#25 Příspěvek od LSuki »

ComboFix 18-05-17.01 - adminlukas 10.06.2018 14:20:17.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4000.1940 [GMT 2:00]
Spuštěný z: c:\users\Adminlukas\Desktop\ComboFix.exe
AV: System Center Endpoint Protection *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: System Center Endpoint Protection *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\3872871776
c:\users\Adminlukas\AppData\Local\assembly\tmp
c:\users\Adminlukas\AppData\Local\Keyfax.tst
c:\users\Adminlukas\AppData\Roaming\9342784758.tmp.vbs
c:\users\Adminlukas\AppData\Roaming\IJPKIJ.exe
c:\users\Adminlukas\AppData\Roaming\Love
c:\users\Adminlukas\AppData\Roaming\Love\mari0\options.txt
c:\users\jiric\AppData\Local\assembly\tmp
c:\users\lukass\AppData\Local\assembly\tmp
c:\users\lukass\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C33B1B37-64AF-480F-8260-06B8CE4AD979}.xps
c:\users\lukass\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF3881AB-A587-4058-BAD0-A3F7F18374DE}.xps
c:\users\lukass\AppData\Local\Microsoft\Windows\Temporary Internet Files\WDICT32.INI
c:\windows\IsUn0405.exe
c:\windows\msdownld.tmp
c:\windows\TEMP\gD837.tmp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-05-10 do 2018-06-10 )))))))))))))))))))))))))))))))
.
.
2018-06-10 12:33 . 2018-06-10 12:33 -------- d-----w- c:\users\zdenekj\AppData\Local\temp
2018-06-10 12:33 . 2018-06-10 12:33 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2018-06-10 12:33 . 2018-06-10 12:33 -------- d-----w- c:\users\petrh\AppData\Local\temp
2018-06-10 12:33 . 2018-06-10 12:33 -------- d-----w- c:\users\mediacz\AppData\Local\temp
2018-06-10 12:33 . 2018-06-10 12:33 -------- d-----w- c:\users\lukass\AppData\Local\temp
2018-06-10 12:33 . 2018-06-10 12:33 -------- d-----w- c:\users\jiric\AppData\Local\temp
2018-06-10 12:33 . 2018-06-10 12:33 -------- d-----w- c:\users\jeroenbeemster\AppData\Local\temp
2018-06-10 12:33 . 2018-06-10 12:33 -------- d-----w- c:\users\infocz\AppData\Local\temp
2018-06-10 12:13 . 2018-06-10 12:13 58120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\MpKslacc3e7c0.sys
2018-06-10 09:01 . 2018-06-10 09:05 -------- d-----w- C:\FRST
2018-06-10 08:59 . 2018-06-10 08:59 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\offreg.932.dll
2018-06-10 08:47 . 2018-05-15 19:10 14600328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\mpengine.dll
2018-06-03 07:14 . 2018-05-15 19:10 14600328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-05-24 12:22 . 2018-05-24 12:22 -------- d-----w- c:\program files\paint.net
2018-05-24 12:21 . 2018-05-24 13:01 -------- d-----w- c:\users\Adminlukas\AppData\Local\paint.net
2018-05-24 05:13 . 2017-04-12 13:05 4296704 ----a-w- c:\windows\system32\D3DCompiler_47.dll
2018-05-24 05:13 . 2017-04-27 22:50 3550208 ----a-w- c:\windows\SysWow64\D3DCompiler_47.dll
2018-05-17 17:26 . 2018-06-10 12:32 -------- d-----w- c:\users\Adminlukas\AppData\Local\assembly
2018-05-17 17:26 . 2018-05-17 17:26 -------- d-----w- c:\users\Adminlukas\AppData\Local\Deployment
2018-05-17 17:26 . 2018-05-17 17:26 -------- d-----w- c:\users\Adminlukas\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-06-08 19:04 . 2012-10-16 06:10 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-06-08 19:04 . 2011-08-08 07:19 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-04-29 18:50 . 2017-12-16 19:20 62741696 ----a-w- c:\users\Adminlukas\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2018-04-12 10:47 . 2018-04-12 10:47 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2018-04-12 10:47 . 2018-04-12 10:47 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2018-03-24 16:13 . 2018-03-24 16:13 1094320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5227F8B0-D485-476C-BDFB-E80C1BAD3A34}\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-22 22:58 1524528 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-22 22:58 1524528 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-22 22:58 1524528 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2018-06-01 3200800]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2017-05-24 160824]
"BingSvc"="c:\users\Adminlukas\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-05 144008]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"89274"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"QBUpdateClient"="c:\up2016\QBUpdateClient.exe" [2011-03-11 371200]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2014-03-07 71312]
"boincmgr"="c:\program files (x86)\BOINC\charityengine.exe" [2014-03-07 3757712]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2017-11-08 1194048]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2017-09-12 2133728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft Security Client"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
.
c:\users\Adminlukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
89274.tmp.vbs [2018-1-1 30130]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 wfcre;wfcre;c:\windows\system32\drivers\wfcre.sys;c:\windows\SYSNATIVE\drivers\wfcre.sys [x]
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service ;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdPlusAndroidSvc;BlueStacks Plus Android Service ;c:\program files (x86)\BlueStacks\HD-Plus-Service.exe BstHdPlusAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Plus-Service.exe BstHdPlusAndroidSvc Android [x]
R3 BstkDrv;BlueStacks Plus Hypervisor;c:\program files (x86)\BlueStacks\BstkDrv.sys;c:\program files (x86)\BlueStacks\BstkDrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 OnePointDomainAdminService;Active Directory Migration Agent;c:\windows\OnePointDomainAgent\DCTAgentService.exe en-US 0x409;c:\windows\OnePointDomainAgent\DCTAgentService.exe en-US 0x409 [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys;c:\windows\SYSNATIVE\drivers\OxPPort.sys [x]
R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys;c:\windows\SYSNATIVE\drivers\OxSer.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe;c:\windows\CCM\RemCtrl\CmRcService.exe [x]
S1 MpKslacc3e7c0;MpKslacc3e7c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\MpKslacc3e7c0.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\MpKslacc3e7c0.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\Teamviewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\Teamviewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLACC3E7C0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2018-06-06 c:\windows\Tasks\HPCeeScheduleForadminlukas.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-22 22:56 2179376 ----a-w- c:\progra~1\MICROS~2\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-22 22:56 2179376 ----a-w- c:\progra~1\MICROS~2\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-22 22:56 2179376 ----a-w- c:\progra~1\MICROS~2\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-09 167960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-09 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
"89274"="wscript.exe" [2013-10-12 168960]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~2\Office16\EXCEL.EXE/3000
IE: Poslat do On&eNotu - c:\progra~1\MICROS~2\Office16\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files (x86)\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files (x86)\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files (x86)\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files (x86)\TRANSLAT\WEBIE.DLL
Trusted Zone: bejo.com\support
Trusted Zone: bejo.com\trial
Trusted Zone: ws2003eln
Trusted Zone: ws2003qonline
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: Interfaces\{10365E7E-D177-405F-BF0D-39C0F1F33756}: NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL
FF - ProfilePath - c:\users\Adminlukas\AppData\Roaming\Mozilla\Firefox\Profiles\lcsmsl49.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osm ... .google.cz
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-zzzHPSETUP - E:\Setup.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
AddRemove-HP Remote Solution - c:\programdata\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}\HP_Remote_Solution_Install.exe
AddRemove-StormWare Prodict 2002 Anglický velký slovník - c:\windows\IsUn0405.exe
AddRemove-{C611CF88-969D-43E6-A877-D6D6439DD081} - c:\programdata\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}\HP_Remote_Solution_Install.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-1202660629-725345543-12879\Software\SecuROM\License information*]
"datasecu"=hex:33,41,c8,95,49,79,f4,fc,6f,99,da,f3,b0,56,35,98,97,f3,90,40,02,
ef,b7,38,c5,ad,5f,3b,4b,19,78,4d,8e,95,71,69,71,93,09,9a,bb,d7,b3,66,a1,73,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.30"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2018-06-10 14:36:33
ComboFix-quarantined-files.txt 2018-06-10 12:36
.
Před spuštěním: Volných bajtů: 171 242 098 688
Po spuštění: Volných bajtů: 172 709 081 088
.
- - End Of File - - 99C9081D31CE51A7063FD7E325C30A8C

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#26 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\users\Adminlukas\AppData\Local\Microsoft\BingSvc
c:\users\Adminlukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\89274.tmp.vbs

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=-
"89274"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"89274"=-

drivers::
ZAM

RegLock::
[HKEY_USERS\S-1-5-21-73586283-1202660629-725345543-12879\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot:
Uložte na plochu jako CFScript.txt. Pak jej uchopte myší a přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

LSuki
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 07 čer 2018 20:49
Bydliště: Stoesser

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#27 Příspěvek od LSuki »

ComboFix 18-05-17.01 - adminlukas 10.06.2018 15:30:46.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4000.1688 [GMT 2:00]
Spuštěný z: c:\users\Adminlukas\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Adminlukas\Desktop\CFScript.txt
AV: System Center Endpoint Protection *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: System Center Endpoint Protection *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Adminlukas\AppData\Local\Microsoft\BingSvc"
"c:\users\Adminlukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\89274.tmp.vbs"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adminlukas\AppData\Roaming\89274.tmp.vbs
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-05-10 do 2018-06-10 )))))))))))))))))))))))))))))))
.
.
2018-06-10 12:13 . 2018-06-10 12:13 58120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\MpKslacc3e7c0.sys
2018-06-10 09:01 . 2018-06-10 09:05 -------- d-----w- C:\FRST
2018-06-10 08:59 . 2018-06-10 08:59 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\offreg.932.dll
2018-06-10 08:47 . 2018-05-15 19:10 14600328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\mpengine.dll
2018-06-03 07:14 . 2018-05-15 19:10 14600328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-05-24 12:22 . 2018-05-24 12:22 -------- d-----w- c:\program files\paint.net
2018-05-24 12:21 . 2018-05-24 13:01 -------- d-----w- c:\users\Adminlukas\AppData\Local\paint.net
2018-05-24 05:13 . 2017-04-12 13:05 4296704 ----a-w- c:\windows\system32\D3DCompiler_47.dll
2018-05-24 05:13 . 2017-04-27 22:50 3550208 ----a-w- c:\windows\SysWow64\D3DCompiler_47.dll
2018-05-17 17:26 . 2018-06-10 12:32 -------- d-----w- c:\users\Adminlukas\AppData\Local\assembly
2018-05-17 17:26 . 2018-05-17 17:26 -------- d-----w- c:\users\Adminlukas\AppData\Local\Deployment
2018-05-17 17:26 . 2018-05-17 17:26 -------- d-----w- c:\users\Adminlukas\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-06-10 13:44 . 2018-06-10 13:44 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\offreg.952.dll
2018-06-08 19:04 . 2012-10-16 06:10 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-06-08 19:04 . 2011-08-08 07:19 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-04-29 18:50 . 2017-12-16 19:20 62741696 ----a-w- c:\users\Adminlukas\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2018-04-12 10:47 . 2018-04-12 10:47 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2018-04-12 10:47 . 2018-04-12 10:47 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2018-03-24 16:13 . 2018-03-24 16:13 1094320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5227F8B0-D485-476C-BDFB-E80C1BAD3A34}\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-22 22:58 1524528 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-22 22:58 1524528 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-22 22:58 1524528 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2018-06-01 3200800]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2017-05-24 160824]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"QBUpdateClient"="c:\up2016\QBUpdateClient.exe" [2011-03-11 371200]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2014-03-07 71312]
"boincmgr"="c:\program files (x86)\BOINC\charityengine.exe" [2014-03-07 3757712]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2017-11-08 1194048]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2017-09-12 2133728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft Security Client"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
.
c:\users\Adminlukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
89274.tmp.vbs [2018-1-1 30130]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 wfcre;wfcre;c:\windows\system32\drivers\wfcre.sys;c:\windows\SYSNATIVE\drivers\wfcre.sys [x]
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service ;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdPlusAndroidSvc;BlueStacks Plus Android Service ;c:\program files (x86)\BlueStacks\HD-Plus-Service.exe BstHdPlusAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Plus-Service.exe BstHdPlusAndroidSvc Android [x]
R3 BstkDrv;BlueStacks Plus Hypervisor;c:\program files (x86)\BlueStacks\BstkDrv.sys;c:\program files (x86)\BlueStacks\BstkDrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 OnePointDomainAdminService;Active Directory Migration Agent;c:\windows\OnePointDomainAgent\DCTAgentService.exe en-US 0x409;c:\windows\OnePointDomainAgent\DCTAgentService.exe en-US 0x409 [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys;c:\windows\SYSNATIVE\drivers\OxPPort.sys [x]
R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys;c:\windows\SYSNATIVE\drivers\OxSer.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe;c:\windows\CCM\RemCtrl\CmRcService.exe [x]
S1 MpKslacc3e7c0;MpKslacc3e7c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\MpKslacc3e7c0.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B86BFA-132A-4C04-AE4A-E0AA25E82675}\MpKslacc3e7c0.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\Teamviewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\Teamviewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2018-06-10 c:\windows\Tasks\HPCeeScheduleForadminlukas.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-22 22:56 2179376 ----a-w- c:\progra~1\MICROS~2\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-22 22:56 2179376 ----a-w- c:\progra~1\MICROS~2\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-22 22:56 2179376 ----a-w- c:\progra~1\MICROS~2\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-09 167960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-09 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~2\Office16\EXCEL.EXE/3000
IE: Poslat do On&eNotu - c:\progra~1\MICROS~2\Office16\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files (x86)\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files (x86)\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files (x86)\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files (x86)\TRANSLAT\WEBIE.DLL
Trusted Zone: bejo.com\support
Trusted Zone: bejo.com\trial
Trusted Zone: ws2003eln
Trusted Zone: ws2003qonline
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: Interfaces\{10365E7E-D177-405F-BF0D-39C0F1F33756}: NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL
FF - ProfilePath - c:\users\Adminlukas\AppData\Roaming\Mozilla\Firefox\Profiles\lcsmsl49.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osm ... .google.cz
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-HP Remote Solution - c:\programdata\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}\HP_Remote_Solution_Install.exe
AddRemove-StormWare Prodict 2002 Anglický velký slovník - c:\windows\IsUn0405.exe
AddRemove-{C611CF88-969D-43E6-A877-D6D6439DD081} - c:\programdata\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}\HP_Remote_Solution_Install.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-1202660629-725345543-12879\Software\SecuROM\License information*]
"datasecu"=hex:33,41,c8,95,49,79,f4,fc,6f,99,da,f3,b0,56,35,98,97,f3,90,40,02,
ef,b7,38,c5,ad,5f,3b,4b,19,78,4d,8e,95,71,69,71,93,09,9a,bb,d7,b3,66,a1,73,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Teamviewer\Version9\TeamViewer.exe
c:\program files (x86)\Teamviewer\Version9\tv_w32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\CCM\SCNotification.exe
.
**************************************************************************
.
Celkový čas: 2018-06-10 15:50:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2018-06-10 13:50
ComboFix2.txt 2018-06-10 12:36
.
Před spuštěním: Volných bajtů: 172 686 548 992
Po spuštění: Volných bajtů: 172 583 485 440
.
- - End Of File - - B97D1E93874818D89EC15F56953D6DFE

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#28 Příspěvek od Rudy »

Ještě odmažte ze startupu toto:
c:\users\Adminlukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\89274.tmp.vbs [2018-1-1 30130]
Šmejd je pryč, takže by to mělo jít. Pokud by to nešlo, zkuste to z nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

LSuki
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 07 čer 2018 20:49
Bydliště: Stoesser

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#29 Příspěvek od LSuki »

Šlo to vymazat bez problému. Pak restart. Vypadá to teďka v pohodě.
Takže by to mělo být už v pohodě.
Děkuji.

Jak se budeme rovnat?
Lukáš

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: zavirovaný NTB, zřejmě červ, nelze odstranit

#30 Příspěvek od Rudy »

Ano teď už je vše OK. On to byl sice jen autostart toho šmejdu, mohl by ale dával hlášku že ho nemohl spustit. Rovnat se nebudeme nijak, toto free služba pro home usery a my to tu máme jako relax. Nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět