Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

VIR

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: VIR

#16 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
"DAEMON Tools Lite"=-
"Akamai NetSession Interface"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"=-
"PDVD9LanguageShortcut"=-
"RoxWatchTray"=-
"Adobe ARM"=-
"APSDaemon"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2528674237-432385662-938004786-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2528674237-432385662-938004786-1001UA.job

DDS::
uStart Page = hxxp://www1.euro.dell.com/content/defau ... l=cs&s=bsd

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zigac
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 pro 2010 10:14

Re: VIR

#17 Příspěvek od Zigac »

mám pocit, jakoby se Combofix přitom seknul. Nejprve po přetažení filu na Combofix vyskočila notifikace o nové verzi (tak jsem nechal stáhnout) a pak začal vyskakovat Avast a hlásit řadu podezřelých souborů u kterých teda nezjistil závadnost, ale dával na výběr zda spustit či zavřít, tak jsem dal zavřít ... nyní to vypadá jako by se seknul (zelená linka sice jakoby prijíždí s ní bíle světlo), ale už nepostupuje dál - zastaveno na cca 90-95%...
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: VIR

#18 Příspěvek od vyosek »

Zopakujte pripadne aplikaci skriptu v nouzovem rezimu...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zigac
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 pro 2010 10:14

Re: VIR

#19 Příspěvek od Zigac »

tal v nouzovem režimu se snad povedlo:
ComboFix 13-09-23.02 - Michal 23.09.2013 21:05:12.2.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3977.2608 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2528674237-432385662-938004786-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2528674237-432385662-938004786-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\out.txt
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2528674237-432385662-938004786-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2528674237-432385662-938004786-1001UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-23 do 2013-09-23 )))))))))))))))))))))))))))))))
.
.
2013-09-23 19:10 . 2013-09-23 19:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-23 19:10 . 2013-09-23 19:10 -------- d-----w- c:\users\Hanka\AppData\Local\temp
2013-09-23 19:10 . 2013-09-23 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-23 19:10 . 2013-09-23 19:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-22 19:46 . 2013-09-23 15:38 -------- d-----w- C:\AdwCleaner
2013-09-22 18:48 . 2013-09-22 18:48 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2013-09-22 18:48 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-22 18:48 . 2013-09-22 18:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-22 18:34 . 2013-09-22 18:34 -------- d-----w- c:\programdata\Malwarebytes
2013-09-22 18:34 . 2013-09-22 18:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-22 17:44 . 2013-09-22 17:59 -------- d-----w- c:\program files\trend micro
2013-09-22 17:44 . 2013-09-22 17:44 -------- d-----w- C:\rsit
2013-09-21 19:56 . 2013-09-21 19:56 -------- d-----w- c:\windows\SysWow64\Dell
2013-09-21 19:46 . 2013-09-15 22:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD07AD14-23E3-4BD9-ADC4-E2DCCF84BD61}\mpengine.dll
2013-09-21 19:18 . 2013-09-21 19:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-09-21 19:18 . 2013-09-21 19:18 -------- d-----r- c:\program files (x86)\Skype
2013-09-21 17:54 . 2013-09-21 17:54 0 ----a-w- c:\windows\invcol.tmp
2013-09-21 16:09 . 2013-09-21 16:09 -------- d-----w- c:\users\Michal\AppData\Roaming\Dell
2013-09-21 16:09 . 2013-09-21 18:30 -------- d-----w- c:\programdata\PCDr
2013-09-21 16:09 . 2013-09-21 16:09 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-09-21 16:09 . 2013-09-21 16:09 -------- d-----w- c:\program files\Dell Support Center
2013-09-21 16:08 . 2013-09-21 16:09 -------- d-----w- c:\program files\My Dell
2013-09-21 16:07 . 2013-09-21 16:07 -------- d-----w- c:\users\Michal\AppData\Roaming\PCDr
2013-09-21 16:06 . 2013-09-21 16:30 -------- d-----w- C:\temp
2013-09-21 15:44 . 2013-09-21 15:44 -------- d-----w- c:\programdata\Creative
2013-09-19 16:56 . 2013-09-19 16:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-19 16:56 . 2013-09-19 16:56 -------- d-----w- c:\programdata\Oracle
2013-09-19 16:55 . 2013-09-19 16:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-11 16:27 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-11 16:26 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-11 16:26 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-08-29 23:57 . 2013-08-29 23:57 -------- d-----w- c:\users\Michal\AppData\Roaming\MAPILab Ltd
2013-08-29 23:57 . 2013-08-29 23:57 -------- d-----w- c:\program files (x86)\Common Files\Outlook Security Manager
2013-08-29 23:57 . 2013-08-29 23:57 -------- d-----w- c:\program files (x86)\Common Files\MAPILab Ltd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 16:55 . 2012-06-24 13:30 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-19 16:55 . 2011-11-03 22:36 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-11 16:37 . 2011-11-10 23:01 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-11 16:23 . 2012-04-04 15:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 16:23 . 2011-11-03 22:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-30 07:48 . 2013-03-20 16:26 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-03-20 16:26 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-02-26 19:54 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2011-11-09 18:29 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2011-11-09 18:29 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2011-11-09 18:29 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2011-11-09 18:29 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2011-11-09 18:29 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2011-11-09 18:29 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2011-11-09 18:29 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-11 16:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-16 16:47 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-16 16:47 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-16 16:47 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-16 16:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-16 16:47 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-16 16:47 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-16 16:47 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-16 16:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-16 16:47 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-16 16:47 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-16 16:47 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-16 16:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-16 16:47 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-16 16:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-16 16:46 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-06-27 442896]
"RIM PeerManager"="c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2013-09-12 4423168]
.
c:\users\Hanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe;c:\windows\SYSNATIVE\nvservice.exe [x]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;d:\program files\TeamViewer\Version8\TeamViewer_Service.exe;d:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 7077272]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-08 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-08 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-08 441840]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1692264]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 172.26.0.10 172.26.0.11
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\4l72jmdo.default-1379871111878\
FF - prefs.js: browser.startup.homepage - hxxp://forum.hooligans.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-09-23 21:18:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-23 19:18
ComboFix2.txt 2013-09-22 20:22
.
Před spuštěním: Volných bajtů: 16 067 866 624
Po spuštění: Volných bajtů: 15 841 808 384
.
- - End Of File - - 8A1C39A9F071303279223BA09F271C4E
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: VIR

#20 Příspěvek od vyosek »

Aaaano, povedlo...

Jak se chova nas pacient :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zigac
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 pro 2010 10:14

Re: VIR

#21 Příspěvek od Zigac »

rychlostně již od včera OK, ani ty problémy s capslockem apod. nejsou už od včera , ale složka "C:\Documents and Settings" je stále zamčená. Přiznám se, že nevím, zda je to tak správně, ale mám účet admina, tak nerozumím, proč bych se tam neměl dostat
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: VIR

#22 Příspěvek od vyosek »

:arrow: Tak na to jeste mrkneme :wink:

:arrow: Stahnete FRST 64-bit version z teto stranky http://www.bleepingcomputer.com/downloa ... scan-tool/

:arrow: Spuštění FRST
  • Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na [Ano].
  • Dooznačíme položku Addition.txt - viz obrázek.
    Obrázek
  • Klikneme na tlačítko [Scan], čímž spustíme skenování.
  • Počkáme na dokončení skenování FRST
  • Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
  • Na ploše nám zbyde utilita FRST a dva logy - FRST.txt a Addition.txt - nic z toho zatím nemažeme!
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zigac
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 pro 2010 10:14

Re: VIR

#23 Příspěvek od Zigac »

OK díky ... bohužel zas až navečír se k tomu dostanu, takže log bude až pak :wink:

EDIT:obrázek nebo odkaz na něj nevidím... :)
Nahoru
Zigac
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 pro 2010 10:14

Re: VIR

#24 Příspěvek od Zigac »

Tak jsem tu a posílám log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Michal (administrator) on DELL6520 on 24-09-2013 18:32:42
Running from C:\Users\Michal\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Windows\system32\nvservice.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() c:\Windows\SysWOW64\srvany.exe
(O2Micro.) c:\Windows\sysWOW64\SDIOAssist.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TomTom) D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] - c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-28] (Wave Systems Corp.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1692264 2011-05-05] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-09] (Intel Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [avast] - D:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896 2013-06-27] (Research In Motion Limited)
HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4423168 2013-09-12] (Research In Motion Limited)
HKU\Hanka\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Hanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {E4E25770-2636-42B2-B86D-496BA75FB89A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {E4E25770-2636-42B2-B86D-496BA75FB89A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 172.26.0.10 172.26.0.11

FireFox:
========
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\4l72jmdo.default-1379871111878
FF Homepage: hxxp://forum.hooligans.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - D:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - D:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Michal\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Michal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-06-27] (Research In Motion Limited)
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-01-25] (NVIDIA Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] ()
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-09-12] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1283072 2013-09-12] (Research In Motion Limited)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 TeamViewer8; D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [3467768 2012-12-14] (TeamViewer GmbH)
R2 TomTomHOMEService; D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-03-22] (TomTom)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2011-01-15] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-03] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-20] (Dell Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-27] (NVIDIA Corporation)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
U2 SBKUPNT;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-24 18:32 - 2013-09-24 18:32 - 00000000 ____D C:\FRST
2013-09-24 18:31 - 2013-09-24 18:31 - 01955802 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2013-09-23 21:18 - 2013-09-23 21:18 - 00022197 _____ C:\ComboFix.txt
2013-09-23 21:12 - 2013-09-23 21:12 - 00000000 _____ C:\Windows\SysWOW64\out.txt
2013-09-23 21:04 - 2013-09-23 21:18 - 00000000 ____D C:\ComboFix
2013-09-23 17:36 - 2013-09-23 17:37 - 01042066 _____ C:\Users\Michal\Desktop\adwcleaner.exe
2013-09-23 01:20 - 2013-09-23 01:20 - 00292144 _____ C:\Windows\Minidump\092313-13540-01.dmp
2013-09-22 22:07 - 2013-09-23 21:18 - 00000000 ____D C:\Qoobox
2013-09-22 22:07 - 2013-09-22 22:19 - 00000000 ____D C:\Windows\erdnt
2013-09-22 22:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-22 22:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-22 22:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-22 22:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-22 22:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-22 22:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-22 22:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-22 22:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-22 22:02 - 2013-09-22 22:02 - 00002368 _____ C:\Users\Michal\Desktop\Rkill.txt
2013-09-22 22:02 - 2013-09-22 22:02 - 00000000 ____D C:\Users\Michal\Desktop\rkill
2013-09-22 21:58 - 2013-09-23 20:40 - 05129279 ____R (Swearware) C:\Users\Michal\Desktop\ComboFix.exe
2013-09-22 21:58 - 2013-09-22 21:58 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Michal\Desktop\rkill.com
2013-09-22 21:46 - 2013-09-23 17:38 - 00000000 ____D C:\AdwCleaner
2013-09-22 20:48 - 2013-09-22 20:48 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-22 20:48 - 2013-09-22 20:48 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Malwarebytes
2013-09-22 20:48 - 2013-09-22 20:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-22 20:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-22 20:36 - 2013-09-22 20:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michal\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-22 20:34 - 2013-09-22 20:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-22 20:34 - 2013-09-22 20:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-22 20:33 - 2013-09-22 20:46 - 00000000 ____D C:\Users\Michal\Desktop\mbar
2013-09-22 20:32 - 2013-09-22 20:33 - 09804246 _____ (Malwarebytes Corp.) C:\Users\Michal\Downloads\mbar-1.07.0.1005(1).exe.part
2013-09-22 20:30 - 2013-09-22 20:31 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Michal\Desktop\mbar-1.07.0.1005.exe
2013-09-22 19:59 - 2013-09-22 19:59 - 00935175 _____ C:\Users\Michal\Downloads\RSITx64.exe
2013-09-22 19:44 - 2013-09-22 19:59 - 00000000 ____D C:\Program Files\trend micro
2013-09-22 19:44 - 2013-09-22 19:44 - 00000000 ____D C:\rsit
2013-09-22 19:31 - 2013-09-22 19:31 - 00000000 ____D C:\Users\Michal\Desktop\Původní data aplikace Firefox
2013-09-21 21:56 - 2013-09-21 21:56 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-09-21 21:18 - 2013-09-21 21:18 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-21 21:18 - 2013-09-21 21:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-21 20:43 - 2013-09-21 20:43 - 00167697 _____ C:\Users\Michal\Desktop\Protokoly událostí testů - Výchozí skenování.html
2013-09-21 20:30 - 2013-09-21 20:30 - 00003988 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-09-21 20:30 - 2013-09-21 20:30 - 00003198 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-09-21 19:54 - 2013-09-21 19:54 - 00000000 _____ C:\Windows\invcol.tmp
2013-09-21 19:22 - 2013-09-21 19:22 - 00000000 ____D C:\Users\Michal\Documents\Dell WebCam Central
2013-09-21 18:09 - 2013-09-22 18:44 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-09-21 18:09 - 2013-09-21 20:30 - 00000000 ____D C:\ProgramData\PCDr
2013-09-21 18:09 - 2013-09-21 18:09 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Dell
2013-09-21 18:09 - 2013-09-21 18:09 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2013-09-21 18:09 - 2013-09-21 18:09 - 00000000 ____D C:\Program Files\Dell Support Center
2013-09-21 18:08 - 2013-09-21 18:09 - 00000000 ____D C:\Program Files\My Dell
2013-09-21 18:07 - 2013-09-21 18:07 - 00000000 ____D C:\Users\Michal\AppData\Roaming\PCDr
2013-09-21 17:44 - 2013-09-21 17:45 - 00000000 ____D C:\Users\Hanka\Documents\Dell WebCam Central
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\ProgramData\Creative
2013-09-19 18:56 - 2013-09-19 18:56 - 00000000 ____D C:\ProgramData\Oracle
2013-09-19 18:55 - 2013-09-19 18:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-19 18:55 - 2013-09-19 18:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-19 18:55 - 2013-09-19 18:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-19 18:55 - 2013-09-19 18:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-14 20:28 - 2013-09-14 20:28 - 05396992 _____ C:\Users\Michal\Desktop\2013-09-14_at_17-13_-_Mare__,_Otakar_-_Ne__por,_Vladim__r.avi
2013-09-14 20:28 - 2013-09-14 20:28 - 05384192 _____ C:\Users\Michal\Desktop\2013-09-14_at_17-12_-_Mare__,_Otakar_-_Ne__por,_Vladim__r.avi
2013-09-11 18:42 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 18:42 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 18:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 18:42 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 18:42 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 18:42 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 18:42 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 18:42 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 18:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 18:42 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 18:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 18:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 18:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 18:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 18:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 18:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 18:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 18:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 18:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 18:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 18:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 18:27 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 18:27 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 18:27 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 18:27 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 18:27 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 18:27 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 18:27 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 18:27 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 18:27 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 18:27 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 18:27 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 18:27 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 18:27 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 18:27 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 18:27 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 18:27 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 18:27 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 18:27 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 18:27 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 18:27 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 18:27 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 18:27 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 18:27 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 18:26 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 18:26 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 18:26 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 18:26 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-07 19:59 - 2013-09-07 19:59 - 00000000 ____D C:\Users\Hanka\Desktop\zoo
2013-08-30 14:12 - 2013-08-30 14:12 - 00000000 ____D C:\Users\Michal\Desktop\Contact X export
2013-08-30 02:01 - 2013-08-30 02:01 - 00020664 _____ C:\Users\Michal\Desktop\kontakty_outlook.vcf
2013-08-30 01:57 - 2013-08-30 01:57 - 00000000 ____D C:\Users\Michal\AppData\Roaming\MAPILab Ltd
2013-08-30 01:46 - 2013-08-30 01:47 - 00046080 _____ C:\Users\Michal\Desktop\kontakty_záloha_v1.xls
2013-08-30 01:46 - 2013-08-30 01:46 - 00000000 _____ C:\Users\Michal\Desktop\kontakty_záloha
2013-08-29 22:24 - 2013-08-30 01:47 - 00038424 _____ C:\Users\Michal\AppData\Roaming\Microsoft Excel.ADR
2013-08-29 22:24 - 2013-08-29 22:24 - 00042496 _____ C:\Users\Michal\Desktop\kontakty_záloha.xls
2013-08-27 13:11 - 2013-08-27 13:11 - 00293656 _____ C:\Windows\Minidump\082713-16161-01.dmp

==================== One Month Modified Files and Folders =======

2013-09-24 18:32 - 2013-09-24 18:32 - 00000000 ____D C:\FRST
2013-09-24 18:31 - 2013-09-24 18:31 - 01955802 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2013-09-24 18:31 - 2011-11-04 00:22 - 01311757 _____ C:\Windows\WindowsUpdate.log
2013-09-24 18:28 - 2012-07-10 13:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-24 18:27 - 2013-01-21 12:58 - 00050520 _____ C:\Windows\setupact.log
2013-09-24 18:27 - 2011-11-03 18:16 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-24 18:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 23:05 - 2009-07-14 06:45 - 00025040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 23:05 - 2009-07-14 06:45 - 00025040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 21:18 - 2013-09-23 21:18 - 00022197 _____ C:\ComboFix.txt
2013-09-23 21:18 - 2013-09-23 21:04 - 00000000 ____D C:\ComboFix
2013-09-23 21:18 - 2013-09-22 22:07 - 00000000 ____D C:\Qoobox
2013-09-23 21:12 - 2013-09-23 21:12 - 00000000 _____ C:\Windows\SysWOW64\out.txt
2013-09-23 21:12 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-23 21:11 - 2013-03-18 21:35 - 00057332 _____ C:\Windows\PFRO.log
2013-09-23 20:40 - 2013-09-22 21:58 - 05129279 ____R (Swearware) C:\Users\Michal\Desktop\ComboFix.exe
2013-09-23 17:38 - 2013-09-22 21:46 - 00000000 ____D C:\AdwCleaner
2013-09-23 17:37 - 2013-09-23 17:36 - 01042066 _____ C:\Users\Michal\Desktop\adwcleaner.exe
2013-09-23 01:20 - 2013-09-23 01:20 - 00292144 _____ C:\Windows\Minidump\092313-13540-01.dmp
2013-09-23 01:20 - 2012-06-10 19:12 - 00000000 ____D C:\Windows\Minidump
2013-09-22 22:19 - 2013-09-22 22:07 - 00000000 ____D C:\Windows\erdnt
2013-09-22 22:15 - 2009-07-14 04:34 - 80740352 _____ C:\Windows\system32\config\software.bak
2013-09-22 22:15 - 2009-07-14 04:34 - 18350080 _____ C:\Windows\system32\config\system.bak
2013-09-22 22:15 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-09-22 22:15 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-09-22 22:15 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-09-22 22:02 - 2013-09-22 22:02 - 00002368 _____ C:\Users\Michal\Desktop\Rkill.txt
2013-09-22 22:02 - 2013-09-22 22:02 - 00000000 ____D C:\Users\Michal\Desktop\rkill
2013-09-22 21:58 - 2013-09-22 21:58 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Michal\Desktop\rkill.com
2013-09-22 20:48 - 2013-09-22 20:48 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-22 20:48 - 2013-09-22 20:48 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Malwarebytes
2013-09-22 20:48 - 2013-09-22 20:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-22 20:46 - 2013-09-22 20:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-22 20:46 - 2013-09-22 20:33 - 00000000 ____D C:\Users\Michal\Desktop\mbar
2013-09-22 20:37 - 2013-09-22 20:36 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michal\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-22 20:34 - 2013-09-22 20:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-22 20:33 - 2013-09-22 20:32 - 09804246 _____ (Malwarebytes Corp.) C:\Users\Michal\Downloads\mbar-1.07.0.1005(1).exe.part
2013-09-22 20:31 - 2013-09-22 20:30 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Michal\Desktop\mbar-1.07.0.1005.exe
2013-09-22 20:04 - 2011-11-09 20:29 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-22 19:59 - 2013-09-22 19:59 - 00935175 _____ C:\Users\Michal\Downloads\RSITx64.exe
2013-09-22 19:59 - 2013-09-22 19:44 - 00000000 ____D C:\Program Files\trend micro
2013-09-22 19:44 - 2013-09-22 19:44 - 00000000 ____D C:\rsit
2013-09-22 19:31 - 2013-09-22 19:31 - 00000000 ____D C:\Users\Michal\Desktop\Původní data aplikace Firefox
2013-09-22 18:44 - 2013-09-21 18:09 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-09-22 18:41 - 2011-11-10 22:26 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Skype
2013-09-22 00:19 - 2013-03-18 19:07 - 00000000 ____D C:\Users\Michal\AppData\Local\Deployment
2013-09-21 21:56 - 2013-09-21 21:56 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-09-21 21:56 - 2011-11-04 00:43 - 00000000 ____D C:\Program Files (x86)\Dell
2013-09-21 21:18 - 2013-09-21 21:18 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-21 21:18 - 2013-09-21 21:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-21 21:18 - 2011-11-10 22:22 - 00000000 ____D C:\ProgramData\Skype
2013-09-21 20:43 - 2013-09-21 20:43 - 00167697 _____ C:\Users\Michal\Desktop\Protokoly událostí testů - Výchozí skenování.html
2013-09-21 20:30 - 2013-09-21 20:30 - 00003988 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-09-21 20:30 - 2013-09-21 20:30 - 00003198 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-09-21 20:30 - 2013-09-21 18:09 - 00000000 ____D C:\ProgramData\PCDr
2013-09-21 20:30 - 2013-04-26 22:48 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-21 19:54 - 2013-09-21 19:54 - 00000000 _____ C:\Windows\invcol.tmp
2013-09-21 19:52 - 2010-11-21 11:27 - 00667498 _____ C:\Windows\system32\perfh005.dat
2013-09-21 19:52 - 2010-11-21 11:27 - 00140660 _____ C:\Windows\system32\perfc005.dat
2013-09-21 19:52 - 2009-07-14 07:13 - 01580048 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 19:39 - 2011-11-09 19:47 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Creative
2013-09-21 19:29 - 2011-11-20 13:08 - 00010752 _____ C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-21 19:22 - 2013-09-21 19:22 - 00000000 ____D C:\Users\Michal\Documents\Dell WebCam Central
2013-09-21 18:09 - 2013-09-21 18:09 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Dell
2013-09-21 18:09 - 2013-09-21 18:09 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2013-09-21 18:09 - 2013-09-21 18:09 - 00000000 ____D C:\Program Files\Dell Support Center
2013-09-21 18:09 - 2013-09-21 18:08 - 00000000 ____D C:\Program Files\My Dell
2013-09-21 18:07 - 2013-09-21 18:07 - 00000000 ____D C:\Users\Michal\AppData\Roaming\PCDr
2013-09-21 17:49 - 2011-11-11 01:24 - 00000000 ____D C:\Users\Hanka\AppData\Roaming\Skype
2013-09-21 17:45 - 2013-09-21 17:44 - 00000000 ____D C:\Users\Hanka\Documents\Dell WebCam Central
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\ProgramData\Creative
2013-09-21 17:06 - 2011-12-04 15:24 - 00000000 ____D C:\Users\Michal\AppData\Local\PokerStars
2013-09-19 18:56 - 2013-09-19 18:56 - 00000000 ____D C:\ProgramData\Oracle
2013-09-19 18:55 - 2013-09-19 18:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-19 18:55 - 2013-09-19 18:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-19 18:55 - 2013-09-19 18:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-19 18:55 - 2013-09-19 18:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-19 18:55 - 2012-06-24 15:30 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-19 18:55 - 2011-11-04 00:36 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-19 18:55 - 2011-11-04 00:36 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-18 22:23 - 2013-05-31 20:22 - 00001912 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2013-09-14 22:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 20:28 - 2013-09-14 20:28 - 05396992 _____ C:\Users\Michal\Desktop\2013-09-14_at_17-13_-_Mare__,_Otakar_-_Ne__por,_Vladim__r.avi
2013-09-14 20:28 - 2013-09-14 20:28 - 05384192 _____ C:\Users\Michal\Desktop\2013-09-14_at_17-12_-_Mare__,_Otakar_-_Ne__por,_Vladim__r.avi
2013-09-12 19:28 - 2011-11-09 19:47 - 00000000 ___RD C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 19:28 - 2011-11-09 19:46 - 00000000 ___RD C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 19:18 - 2011-11-10 09:57 - 00000000 ___RD C:\Users\Hanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 19:18 - 2011-11-10 09:57 - 00000000 ___RD C:\Users\Hanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 19:16 - 2009-07-14 06:45 - 00395512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 19:01 - 2013-06-01 11:07 - 00000000 ____D C:\Users\Michal\Documents\DDPB
2013-09-11 18:42 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-09-11 18:41 - 2013-07-11 22:35 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 18:37 - 2011-11-11 01:01 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 18:23 - 2012-04-04 17:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 18:23 - 2011-11-04 00:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 11:15 - 2011-11-04 00:56 - 00000000 ____D C:\ProgramData\Sonic
2013-09-07 19:59 - 2013-09-07 19:59 - 00000000 ____D C:\Users\Hanka\Desktop\zoo
2013-09-07 19:59 - 2013-01-28 21:54 - 00000000 ____D C:\Users\Hanka\Desktop\anet
2013-09-07 19:59 - 2012-05-29 09:09 - 00000000 ____D C:\Users\Hanka\Desktop\Emily
2013-08-30 14:54 - 2013-05-31 20:30 - 00000000 ____D C:\Users\Michal\Documents\Zigi
2013-08-30 14:12 - 2013-08-30 14:12 - 00000000 ____D C:\Users\Michal\Desktop\Contact X export
2013-08-30 09:48 - 2013-03-20 18:26 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-03-20 18:26 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2012-02-26 21:54 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2011-11-09 20:29 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2011-11-09 20:29 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2011-11-09 20:29 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2011-11-09 20:29 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2011-11-09 20:29 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2011-11-09 20:29 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2011-11-09 20:29 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 02:01 - 2013-08-30 02:01 - 00020664 _____ C:\Users\Michal\Desktop\kontakty_outlook.vcf
2013-08-30 01:57 - 2013-08-30 01:57 - 00000000 ____D C:\Users\Michal\AppData\Roaming\MAPILab Ltd
2013-08-30 01:56 - 2011-11-04 00:46 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-30 01:47 - 2013-08-30 01:46 - 00046080 _____ C:\Users\Michal\Desktop\kontakty_záloha_v1.xls
2013-08-30 01:47 - 2013-08-29 22:24 - 00038424 _____ C:\Users\Michal\AppData\Roaming\Microsoft Excel.ADR
2013-08-30 01:46 - 2013-08-30 01:46 - 00000000 _____ C:\Users\Michal\Desktop\kontakty_záloha
2013-08-29 22:42 - 2011-11-17 17:55 - 00000000 ____D C:\Users\Michal\AppData\Local\Research In Motion
2013-08-29 22:24 - 2013-08-29 22:24 - 00042496 _____ C:\Users\Michal\Desktop\kontakty_záloha.xls
2013-08-27 13:11 - 2013-08-27 13:11 - 00293656 _____ C:\Windows\Minidump\082713-16161-01.dmp

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-22 19:18

==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: VIR

#25 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [] - [x]

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope {E4E25770-2636-42B2-B86D-496BA75FB89A} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {E4E25770-2636-42B2-B86D-496BA75FB89A} URL = 

S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
U2 SBKUPNT;

2013-09-23 21:12 - 2013-09-23 21:12 - 00000000 _____ C:\Windows\SysWOW64\out.txt

Hosts:
CMD: shutdown /r /f /t 2
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zigac
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 pro 2010 10:14

Re: VIR

#26 Příspěvek od Zigac »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2013
Ran by Michal at 2013-09-24 18:48:54 Run:1
Running from C:\Users\Michal\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [] - [x]

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope {E4E25770-2636-42B2-B86D-496BA75FB89A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {E4E25770-2636-42B2-B86D-496BA75FB89A} URL =

S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
U2 SBKUPNT;

2013-09-23 21:12 - 2013-09-23 21:12 - 00000000 _____ C:\Windows\SysWOW64\out.txt

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4E25770-2636-42B2-B86D-496BA75FB89A} => Key deleted successfully.
HKCR\CLSID\{E4E25770-2636-42B2-B86D-496BA75FB89A} => Key not found.
catchme => Service deleted successfully.
CtClsFlt => Service deleted successfully.
RimUsb => Service deleted successfully.
SBKUPNT => Service deleted successfully.
Could not move "C:\Windows\SysWOW64\out.txt" => Scheduled to move on reboot.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

"C:\Windows\SysWOW64\out.txt" => File could not move.

==== End of Fixlog ====
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: VIR

#27 Příspěvek od vyosek »

Jak se chova PC :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zigac
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 pro 2010 10:14

Re: VIR

#28 Příspěvek od Zigac »

složka "C:\Documents and Settings" je stále zamčená :(
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: VIR

#29 Příspěvek od vyosek »

Tak jeste jeden skript pro FRST, postup stejny

Kód: Vybrat vše

Start
Unlock:C:\Documents and Settings

Folder: C:\Documents and Settings
End
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zigac
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 pro 2010 10:14

Re: VIR

#30 Příspěvek od Zigac »

Jak dlouho může pracovat? Předtím to bylo hned, teď to furt píše, in progress a zelená linka běhá, ale přijde mi, že nic nedělá....
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“