Prosím o pomoc s odvirováním. PC se mi zdál pomalý a včera spadnul, teď jsem pustila AVAST a jede strašně pomalu a ukazuje vir snad v každém souboru, co zatím prošel (zatím cca 700 souborů při 0% hotového scanu -nevím co je to za vir, zatím to nedoběhlo a pokud to stopnu, neumím to v tom najít). PS bylo přitom minulý měsíc kompletně obnoveno (do továrního stavu - mělo více problémů). Přikládám log z RSIT. Moc děkuji, Pavla
Logfile of random's system information tool 1.08 (written by random/random)
Run by Acer at 2014-04-15 09:35:31
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 221 GB (76%) free of 292 GB
Total RAM: 3765 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:35:46, on 15.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Acer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\a1b1de12-5d7b-428e-93b7-67e5acfbcbc1.exe /check
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [PoivY] "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1509574589-1064071742-3463816385-1003\..\Run: [PoivY] "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized (User 'Martin a Pája')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9356 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 34764176
\??\C:\Windows\system32\conhost.exe "992609036754807059-13978795881641056191-534136441-4804463902043758794-900797460
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"
"C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1232
"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android
"C:\Program Files (x86)\BlueStacks\HD-Network.exe"
\??\C:\Windows\system32\conhost.exe "139866261344750322-38282500-549245254166672528776779273-1657295009-1743151880
"C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe"
\??\C:\Windows\system32\conhost.exe "2040029516-464714201-1251686181-1711955134-757278664-1584550406-19502452751636084082
"C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe"
\??\C:\Windows\system32\conhost.exe "-1291136533-10048675941261223480524376563932748042-15759936781985690911331001661
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\sppsvc.exe
"C:\Users\Martin a Pája\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-04-04 724512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-04 597816]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-02-22 168944]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-02-22 394224]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-02-22 418800]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10 20922016]
"PoivY"=C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe [2014-02-12 19849008]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-04 3854640]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2014-03-13 819984]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"=C:\Program Files\AVAST Software\Avast\setup\emupdate\a1b1de12-5d7b-428e-93b7-67e5acfbcbc1.exe [2014-03-28 181136]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-02-19 390144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2014-04-15 09:35:32 ----D---- C:\Program Files\trend micro
2014-04-15 09:35:31 ----D---- C:\rsit
2014-04-15 08:22:34 ----A---- C:\Windows\system32\mshtml.dll
2014-04-15 08:22:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-04-15 08:22:25 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-15 08:22:25 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-15 08:22:25 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-15 08:22:25 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-15 08:22:24 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-15 08:22:21 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-15 08:22:19 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-15 08:22:18 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-15 08:22:17 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-15 08:22:17 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-15 08:22:17 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-15 08:22:17 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-15 08:22:17 ----A---- C:\Windows\system32\wow64.dll
2014-04-15 08:22:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-15 08:22:16 ----A---- C:\Windows\system32\wow64win.dll
2014-04-15 08:22:16 ----A---- C:\Windows\system32\kernel32.dll
2014-04-15 08:22:15 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-13 10:22:13 ----D---- C:\ProgramData\McAfee
2014-04-10 19:33:32 ----D---- C:\ProgramData\Intel
2014-04-10 19:28:16 ----A---- C:\Windows\system32\igfxtray.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\igfxsrvc.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\igfxpers.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\igfxext.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\hkcmd.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\GfxUI.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\difx64.exe
2014-04-10 19:28:10 ----A---- C:\Windows\system32\igfxCoIn_v2993.dll
2014-04-10 19:28:09 ----A---- C:\Windows\SYSWOW64\iglhsip32.dll
2014-04-10 19:28:09 ----A---- C:\Windows\SYSWOW64\iglhcp32.dll
2014-04-10 19:28:09 ----A---- C:\Windows\system32\iglhsip64.dll
2014-04-10 19:28:09 ----A---- C:\Windows\system32\iglhcp64.dll
2014-04-10 19:28:09 ----A---- C:\Windows\system32\igfxTMM.dll
2014-04-10 19:28:08 ----A---- C:\Windows\SYSWOW64\igfxexps32.dll
2014-04-10 19:28:08 ----A---- C:\Windows\SYSWOW64\igfxdv32.dll
2014-04-10 19:28:08 ----A---- C:\Windows\SYSWOW64\igfxcmrt32.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxpph.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxexps.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxdo.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxdev.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxcmrt64.dll
2014-04-10 19:28:07 ----A---- C:\Windows\SYSWOW64\igfxcmjit32.dll
2014-04-10 19:28:07 ----A---- C:\Windows\system32\igfxcmjit64.dll
2014-04-10 19:28:07 ----A---- C:\Windows\system32\igdumd64.dll
2014-04-10 19:28:06 ----A---- C:\Windows\SYSWOW64\igd10umd32.dll
2014-04-10 19:28:06 ----A---- C:\Windows\system32\drivers\igdkmd64.sys
2014-04-10 19:28:05 ----A---- C:\Windows\system32\ig4icd64.dll
2014-04-10 19:28:05 ----A---- C:\Windows\system32\IccLibDll_x64.dll
2014-04-10 19:28:05 ----A---- C:\Windows\system32\GfxUI.exe.config
2014-04-10 19:28:05 ----A---- C:\Windows\system32\gfxSrvc.dll
2014-04-10 19:28:05 ----A---- C:\Windows\system32\drivers\IntcDAud.sys
2014-04-10 19:28:04 ----A---- C:\Windows\system32\IntcDAuC.dll
2014-04-10 19:17:29 ----D---- C:\ProgramData\BlueStacks
2014-04-10 19:17:29 ----D---- C:\Program Files (x86)\BlueStacks
2014-04-10 19:16:44 ----D---- C:\ProgramData\BlueStacksSetup
2014-03-30 17:39:08 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-03-30 17:39:08 ----A---- C:\Windows\system32\mstscax.dll
2014-03-27 13:12:38 ----D---- C:\FOTOKNIHY
2014-03-27 12:39:30 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-27 12:39:25 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-27 12:39:25 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-27 12:39:25 ----A---- C:\Windows\system32\tsgqec.dll
2014-03-27 12:39:25 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-03-27 12:39:24 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-03-27 12:39:24 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-03-27 12:39:24 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-03-27 12:39:24 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-03-27 12:39:24 ----A---- C:\Windows\system32\wksprtPS.dll
2014-03-27 12:39:24 ----A---- C:\Windows\system32\wksprt.exe
2014-03-27 12:39:24 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-03-27 12:39:24 ----A---- C:\Windows\system32\mstsc.exe
2014-03-27 12:39:24 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-03-27 12:39:23 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-03-27 12:39:23 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-03-27 12:38:04 ----D---- C:\Program Files\Microsoft Silverlight
2014-03-27 12:38:04 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-03-27 12:37:03 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-03-27 12:37:00 ----A---- C:\Windows\system32\drivers\TsUsbGD.sys
2014-03-27 12:37:00 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2014-03-27 12:36:58 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2014-03-27 12:36:57 ----A---- C:\Windows\system32\rdpudd.dll
2014-03-27 12:36:57 ----A---- C:\Windows\system32\rdpendp_winip.dll
2014-03-27 12:36:57 ----A---- C:\Windows\system32\rdpcorets.dll
2014-03-27 12:33:45 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2014-03-27 12:33:45 ----A---- C:\Windows\system32\qdvd.dll
2014-03-27 12:33:43 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-03-27 12:33:43 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-03-22 22:09:46 ----D---- C:\foto-knihy
2014-03-19 22:46:51 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 months======
2014-04-15 09:35:45 ----D---- C:\Windows\Temp
2014-04-15 09:35:32 ----RD---- C:\Program Files
2014-04-15 08:45:23 ----D---- C:\Windows\system32\config
2014-04-15 08:40:46 ----SHD---- C:\System Volume Information
2014-04-15 08:33:55 ----RD---- C:\Program Files (x86)
2014-04-15 08:33:55 ----HD---- C:\ProgramData
2014-04-15 08:31:32 ----D---- C:\Windows\Prefetch
2014-04-15 08:30:20 ----D---- C:\Windows\winsxs
2014-04-15 08:30:10 ----A---- C:\Windows\SYSWOW64\log.txt
2014-04-15 08:28:35 ----D---- C:\Windows\SysWOW64
2014-04-15 08:28:35 ----D---- C:\Windows\System32
2014-04-15 08:28:34 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-15 08:28:34 ----D---- C:\Windows\system32\DriverStore
2014-04-15 08:28:34 ----D---- C:\Windows\system32\drivers
2014-04-15 08:28:34 ----D---- C:\Windows\system32\cs-CZ
2014-04-15 08:28:34 ----D---- C:\Windows\AppPatch
2014-04-15 08:27:41 ----SHD---- C:\Windows\Installer
2014-04-15 08:27:39 ----D---- C:\ProgramData\Microsoft Help
2014-04-15 08:27:14 ----D---- C:\Windows\system32\MRT
2014-04-15 08:24:17 ----A---- C:\Windows\system32\MRT.exe
2014-04-15 08:21:47 ----D---- C:\Windows\system32\catroot
2014-04-15 08:21:15 ----D---- C:\Windows\system32\catroot2
2014-04-13 10:22:09 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-04-10 19:40:38 ----D---- C:\Windows\Microsoft.NET
2014-04-10 19:33:36 ----D---- C:\Windows
2014-04-10 19:31:03 ----D---- C:\Program Files (x86)\Intel
2014-04-10 19:30:58 ----D---- C:\Windows\inf
2014-04-10 19:18:34 ----RSD---- C:\Windows\assembly
2014-04-04 21:45:03 ----D---- C:\Windows\rescache
2014-04-04 20:24:13 ----D---- C:\Windows\system32\Tasks
2014-04-04 20:23:58 ----A---- C:\Windows\system32\aswBoot.exe
2014-04-03 20:56:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-27 14:37:24 ----D---- C:\Windows\SYSWOW64\wbem
2014-03-27 14:37:24 ----D---- C:\Windows\SYSWOW64\en-US
2014-03-27 14:37:24 ----D---- C:\Windows\system32\wbem
2014-03-27 14:37:24 ----D---- C:\Windows\system32\drivers\en-US
2014-03-27 14:37:23 ----D---- C:\Windows\system32\en-US
2014-03-27 14:37:23 ----D---- C:\Windows\PolicyDefinitions
2014-03-27 12:39:18 ----SD---- C:\ProgramData\Microsoft
2014-03-27 12:36:41 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-03-23 15:45:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-23 10:14:45 ----D---- C:\Windows\system32\wdi
2014-03-22 22:12:16 ----A---- C:\Windows\SYSWOW64\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
2014-03-20 00:25:33 ----RD---- C:\Users
2014-03-18 11:32:40 ----D---- C:\Windows\system32\drivers\UMDF
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-04-04 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-04-04 208928]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-04-04 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-04-04 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-04-04 423240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-04-04 79184]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-03-13 121616]
R3 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-04-04 84816]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2014-03-06 3058168]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-02-19 12312928]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2009-12-31 1783296]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-26 342056]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-26 102952]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-06-26 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-26 21544]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-04 50344]
R2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-03-13 402192]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-03-13 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-03-13 770832]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-25 952096]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13 257712]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-19 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-03-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
úplně zavirovaný ntb :-(
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: úplně zavirovaný ntb :-(
Zdravim 
Nepamatujete si, jak Avast nalez pojmenoval?
Restartujte pc a najedte do nouzoveho rezimu s praci v siti
V nouzovem rezimu udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Nepamatujete si, jak Avast nalez pojmenoval? Restartujte pc a najedte do nouzoveho rezimu s praci v siti V nouzovem rezimu udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: úplně zavirovaný ntb :-(
Z Avastu nic nevím - scan jsem ani nenechala doběhnout, bylo to opravdu šíleně pomalé. Nejsou tam žádné reporty. Mbam projedu dle návodu. Napadlo mě, jestli se nezbláznil ten Avast?
Re: úplně zavirovaný ntb :-(
Tak Mbam v tom nouzovém režimu na komplet scanu se nepodařil, počítač se vypnul, dvakrát. Zkusila jsem test hrozeb, ten prošel OK.
Re: úplně zavirovaný ntb :-(
A nasel neco?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: úplně zavirovaný ntb :-(
log se sám nezobrazil...
tohle je log z toho komplet scanu, kdy PC vypnul během scanu souborů (a níž bude z toho testu hrozeb, tam myslím nic nenašel):
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/04/16 07:55:51 +0200</date>
<log>mbam-log-2014-04-16 (07-47-40).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.04.16.03</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>trial</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Acer</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>272374</objects>
<time>490</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
--------------------
log z testu hrozeb:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/04/16 07:45:09 +0200</date>
<log>mbam-log-2014-04-16 (07-42-36).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.04.16.03</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>trial</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Acer</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>hyper</type>
<result>completed</result>
<objects>228886</objects>
<time>152</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>disabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
tohle je log z toho komplet scanu, kdy PC vypnul během scanu souborů (a níž bude z toho testu hrozeb, tam myslím nic nenašel):
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/04/16 07:55:51 +0200</date>
<log>mbam-log-2014-04-16 (07-47-40).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.04.16.03</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>trial</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Acer</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>272374</objects>
<time>490</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
--------------------
log z testu hrozeb:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/04/16 07:45:09 +0200</date>
<log>mbam-log-2014-04-16 (07-42-36).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.04.16.03</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>trial</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Acer</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>hyper</type>
<result>completed</result>
<objects>228886</objects>
<time>152</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>disabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
Re: úplně zavirovaný ntb :-(
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: úplně zavirovaný ntb :-(
tady to je:
# AdwCleaner v3.023 - Report created 16/04/2014 at 12:20:53
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Acer - ACER-PC
# Running from : C:\Users\Martin a Pája\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (cs)
[ File : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y9rwork.default\prefs.js ]
[ File : C:\Users\Martin a Pája\AppData\Roaming\Mozilla\Firefox\Profiles\1xq87yle.default\prefs.js ]
-\\ Google Chrome v34.0.1847.116
[ File : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Martin a Pája\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1180 octets] - [16/04/2014 12:19:54]
AdwCleaner[S0].txt - [1105 octets] - [16/04/2014 12:20:53]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1165 octets] ##########
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Acer [Práva správce]
Mód : Kontrola -- Datum : 04/16/2014 12:40:00
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
[Address] EAT @firefox.exe (DllMain) : wship6.dll -> HOOKED (C:\Windows\system32\napinsp.dll @ 0x6F9516E4)
[Address] EAT @firefox.exe (NSPStartup) : wship6.dll -> HOOKED (C:\Windows\system32\napinsp.dll @ 0x6F951D20)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-22A23T0 ATA Device +++++
--- User ---
[MBR] c89b842cfa66b73c0869ba40bb5a9074
[BSP] b3c562d07d7c08a406af53d0a4fa5b57 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 292143 MB
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_04162014_124000.txt >>
# AdwCleaner v3.023 - Report created 16/04/2014 at 12:20:53
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Acer - ACER-PC
# Running from : C:\Users\Martin a Pája\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (cs)
[ File : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y9rwork.default\prefs.js ]
[ File : C:\Users\Martin a Pája\AppData\Roaming\Mozilla\Firefox\Profiles\1xq87yle.default\prefs.js ]
-\\ Google Chrome v34.0.1847.116
[ File : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Martin a Pája\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1180 octets] - [16/04/2014 12:19:54]
AdwCleaner[S0].txt - [1105 octets] - [16/04/2014 12:20:53]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1165 octets] ##########
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Acer [Práva správce]
Mód : Kontrola -- Datum : 04/16/2014 12:40:00
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
[Address] EAT @firefox.exe (DllMain) : wship6.dll -> HOOKED (C:\Windows\system32\napinsp.dll @ 0x6F9516E4)
[Address] EAT @firefox.exe (NSPStartup) : wship6.dll -> HOOKED (C:\Windows\system32\napinsp.dll @ 0x6F951D20)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-22A23T0 ATA Device +++++
--- User ---
[MBR] c89b842cfa66b73c0869ba40bb5a9074
[BSP] b3c562d07d7c08a406af53d0a4fa5b57 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 292143 MB
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_04162014_124000.txt >>
Re: úplně zavirovaný ntb :-(
Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: úplně zavirovaný ntb :-(
zatím rogue killer, combo fix později...
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Acer [Práva správce]
Mód : Odebrat -- Datum : 04/16/2014 13:08:24
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
[Address] EAT @firefox.exe (DllMain) : wship6.dll -> HOOKED (C:\Windows\system32\napinsp.dll @ 0x6F9516E4)
[Address] EAT @firefox.exe (NSPStartup) : wship6.dll -> HOOKED (C:\Windows\system32\napinsp.dll @ 0x6F951D20)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-22A23T0 ATA Device +++++
--- User ---
[MBR] c89b842cfa66b73c0869ba40bb5a9074
[BSP] b3c562d07d7c08a406af53d0a4fa5b57 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 292143 MB
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_04162014_130824.txt >>
RKreport[0]_D_04162014_130043.txt;RKreport[0]_S_04162014_124000.txt;RKreport[0]_S_04162014_130412.txt
-----------------------------------------------------
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Acer [Práva správce]
Mód : Oprava HOSTS -- Datum : 04/16/2014 13:09:31
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[0]_H_04162014_130931.txt >>
RKreport[0]_D_04162014_130043.txt;RKreport[0]_D_04162014_130824.txt;RKreport[0]_S_04162014_124000.txt
RKreport[0]_S_04162014_130412.txt
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Acer [Práva správce]
Mód : Odebrat -- Datum : 04/16/2014 13:08:24
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
[Address] EAT @firefox.exe (DllMain) : wship6.dll -> HOOKED (C:\Windows\system32\napinsp.dll @ 0x6F9516E4)
[Address] EAT @firefox.exe (NSPStartup) : wship6.dll -> HOOKED (C:\Windows\system32\napinsp.dll @ 0x6F951D20)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-22A23T0 ATA Device +++++
--- User ---
[MBR] c89b842cfa66b73c0869ba40bb5a9074
[BSP] b3c562d07d7c08a406af53d0a4fa5b57 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 292143 MB
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_04162014_130824.txt >>
RKreport[0]_D_04162014_130043.txt;RKreport[0]_S_04162014_124000.txt;RKreport[0]_S_04162014_130412.txt
-----------------------------------------------------
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Acer [Práva správce]
Mód : Oprava HOSTS -- Datum : 04/16/2014 13:09:31
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[0]_H_04162014_130931.txt >>
RKreport[0]_D_04162014_130043.txt;RKreport[0]_D_04162014_130824.txt;RKreport[0]_S_04162014_124000.txt
RKreport[0]_S_04162014_130412.txt
Re: úplně zavirovaný ntb :-(
combo fix:
ComboFix 14-04-12.01 - Acer 16.04.2014 13:18:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3765.1901 [GMT 2:00]
Spuštěný z: c:\users\Martin a Pßja\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-16 do 2014-04-16 )))))))))))))))))))))))))))))))
.
.
2014-04-16 11:25 . 2014-04-16 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-16 11:25 . 2014-04-16 11:25 -------- d-----w- c:\users\Acer\AppData\Local\temp
2014-04-16 10:46 . 2014-04-16 10:46 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5BEDFF-D7BC-4A78-B38E-B68DD6E9037C}\offreg.dll
2014-04-16 10:19 . 2014-04-16 10:21 -------- d-----w- C:\AdwCleaner
2014-04-15 21:49 . 2014-04-16 05:40 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-15 21:48 . 2014-04-15 21:49 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-15 21:48 . 2014-04-15 21:48 -------- d-----w- c:\programdata\Malwarebytes
2014-04-15 21:48 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-15 21:48 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-15 21:48 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 07:35 . 2014-04-15 07:35 -------- d-----w- c:\program files\trend micro
2014-04-15 07:35 . 2014-04-15 07:35 -------- d-----w- C:\rsit
2014-04-15 06:27 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5BEDFF-D7BC-4A78-B38E-B68DD6E9037C}\mpengine.dll
2014-04-13 08:22 . 2014-04-13 08:22 -------- d-----w- c:\programdata\McAfee
2014-04-10 17:33 . 2014-04-10 17:33 -------- d-----w- c:\programdata\Intel
2014-04-10 17:17 . 2014-04-10 17:17 -------- d-----w- c:\programdata\BlueStacks
2014-04-10 17:17 . 2014-04-10 17:17 -------- d-----w- c:\program files (x86)\BlueStacks
2014-04-10 17:16 . 2014-04-10 17:16 -------- d-----w- c:\users\Acer\AppData\Local\Bluestacks
2014-04-05 19:53 . 2014-04-05 19:53 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{B6C2DD43-7546-4E41-B25E-CEA8C49C9B9F}
2014-04-04 18:23 . 2014-04-04 18:23 43152 ----a-w- c:\windows\avastSS.scr
2014-04-02 19:43 . 2014-04-02 19:44 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{B01432EC-5496-421F-B9E2-AE65CAE7C4BC}
2014-03-31 19:22 . 2014-03-31 19:22 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{A028B7B0-F91D-46FB-A3C5-438933ADD3FE}
2014-03-30 15:39 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-30 15:39 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-03-27 15:53 . 2014-03-27 15:53 -------- d-----w- c:\users\Acer\AppData\Local\ElevatedDiagnostics
2014-03-27 11:12 . 2014-03-27 11:12 -------- d-----w- C:\FOTOKNIHY
2014-03-27 10:38 . 2014-04-01 15:04 -------- d-----w- c:\program files\Microsoft Silverlight
2014-03-27 10:38 . 2014-04-01 15:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-03-27 10:37 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-03-27 10:37 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-03-27 10:37 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-03-27 10:36 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-03-27 10:36 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-03-27 10:36 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-03-27 10:36 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-27 10:33 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-03-27 10:33 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-03-27 10:33 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-27 10:33 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-03-27 09:36 . 2014-03-27 09:36 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{DDC6723C-8BE0-4D0C-97D8-DD1976DC956C}
2014-03-26 07:53 . 2014-03-26 07:53 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{7DA9C260-9F12-4AAB-985C-CBEE6E5121E3}
2014-03-25 16:50 . 2014-03-25 16:51 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{3351B2FE-65B5-4344-823C-04B00858B223}
2014-03-24 22:15 . 2014-03-24 22:15 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{BA9246A7-D422-41AF-97B4-70291858AE29}
2014-03-23 17:35 . 2014-03-23 17:35 -------- d-----w- c:\users\Martin a Pája\AppData\Roaming\IrfanView
2014-03-23 15:00 . 2014-03-23 15:00 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{FC9D2C00-D68F-4DEA-AF21-431D20609CAF}
2014-03-22 20:09 . 2014-03-27 10:20 -------- d-----w- C:\foto-knihy
2014-03-22 20:04 . 2014-03-22 20:06 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{F5079434-A710-4611-A14E-D98561D1F547}
2014-03-22 20:04 . 2014-03-22 20:04 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{6DECDE6B-8D57-4916-AC4A-6679AEAFD423}
2014-03-18 09:33 . 2014-03-18 09:33 -------- d-----w- c:\users\Martin a Pája\AppData\Roaming\CANON INC
2014-03-18 09:20 . 2014-03-18 09:20 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{D9B18A99-9F78-423C-94D9-8449818A8A3F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-15 06:24 . 2014-03-06 19:46 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-13 08:22 . 2014-03-06 13:51 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-13 08:22 . 2014-03-06 13:51 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-04 18:23 . 2014-03-06 17:09 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-04 18:23 . 2014-03-06 17:09 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-04 18:23 . 2014-03-06 17:09 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-04 18:23 . 2014-03-06 17:09 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-04 18:23 . 2014-03-06 17:09 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-04 18:23 . 2014-03-06 17:09 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-04 18:23 . 2014-03-06 17:09 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-04 18:23 . 2014-03-06 17:09 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-22 20:12 . 2014-03-06 22:32 19727741 ----a-w- c:\windows\SysWow64\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
2014-03-12 16:10 . 2014-03-12 16:10 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-08 02:06 . 2014-03-08 02:06 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-08 02:06 . 2014-03-08 02:06 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-08 02:06 . 2014-03-08 02:06 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-08 02:06 . 2014-03-08 02:06 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-08 02:06 . 2014-03-08 02:06 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-08 02:06 . 2014-03-08 02:06 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-03-08 02:06 . 2014-03-08 02:06 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-08 02:06 . 2014-03-08 02:06 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-08 02:06 . 2014-03-08 02:06 774144 ----a-w- c:\windows\system32\jscript.dll
2014-03-08 02:06 . 2014-03-08 02:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-08 02:06 . 2014-03-08 02:06 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-08 02:06 . 2014-03-08 02:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-08 02:06 . 2014-03-08 02:06 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-03-08 02:06 . 2014-03-08 02:06 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-08 02:06 . 2014-03-08 02:06 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-08 02:06 . 2014-03-08 02:06 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-03-08 02:06 . 2014-03-08 02:06 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-08 02:06 . 2014-03-08 02:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-08 02:06 . 2014-03-08 02:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-08 02:06 . 2014-03-08 02:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-08 02:06 . 2014-03-08 02:06 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-03-08 02:06 . 2014-03-08 02:06 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-08 02:06 . 2014-03-08 02:06 413696 ----a-w- c:\windows\system32\html.iec
2014-03-08 02:06 . 2014-03-08 02:06 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-08 02:06 . 2014-03-08 02:06 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-08 02:06 . 2014-03-08 02:06 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-08 02:06 . 2014-03-08 02:06 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-03-08 02:06 . 2014-03-08 02:06 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-08 02:06 . 2014-03-08 02:06 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-08 02:06 . 2014-03-08 02:06 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-08 02:06 . 2014-03-08 02:06 247808 ----a-w- c:\windows\system32\msls31.dll
2014-03-08 02:06 . 2014-03-08 02:06 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-08 02:06 . 2014-03-08 02:06 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-08 02:06 . 2014-03-08 02:06 235520 ----a-w- c:\windows\system32\url.dll
2014-03-08 02:06 . 2014-03-08 02:06 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-03-08 02:06 . 2014-03-08 02:06 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-08 02:06 . 2014-03-08 02:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-08 02:06 . 2014-03-08 02:06 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-08 02:06 . 2014-03-08 02:06 147968 ----a-w- c:\windows\system32\occache.dll
2014-03-08 02:06 . 2014-03-08 02:06 143872 ----a-w- c:\windows\system32\wextract.exe
2014-03-08 02:06 . 2014-03-08 02:06 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-08 02:06 . 2014-03-08 02:06 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-08 02:06 . 2014-03-08 02:06 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-03-08 02:06 . 2014-03-08 02:06 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-08 02:06 . 2014-03-08 02:06 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-08 02:06 . 2014-03-08 02:06 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-08 02:06 . 2014-03-08 02:06 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-08 02:06 . 2014-03-08 02:06 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-08 02:06 . 2014-03-08 02:06 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-08 02:06 . 2014-03-08 02:06 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-08 02:06 . 2014-03-08 02:06 101376 ----a-w- c:\windows\system32\inseng.dll
2014-03-06 22:42 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-06 18:22 . 2014-03-06 18:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-06 18:22 . 2014-03-06 18:22 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-06 18:22 . 2014-03-06 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-03-06 18:22 . 2014-03-06 18:22 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-03-06 18:22 . 2014-03-06 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-06 18:22 . 2014-03-06 18:22 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-03-06 18:22 . 2014-03-06 18:22 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-06 18:22 . 2014-03-06 18:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-03-06 18:22 . 2014-03-06 18:22 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-06 18:22 . 2014-03-06 18:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-03-06 18:22 . 2014-03-06 18:22 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-06 18:22 . 2014-03-06 18:22 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-03-06 18:22 . 2014-03-06 18:22 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-03-06 18:22 . 2014-03-06 18:22 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-06 18:22 . 2014-03-06 18:22 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-03-06 18:22 . 2014-03-06 18:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-06 18:22 . 2014-03-06 18:22 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
"PoivY"="c:\program files (x86)\PoivY.com\PoivY\PoivY.exe" [2014-02-12 19849008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-04 3854640]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-03-13 819984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="c:\program files\AVAST Software\Avast\setup\emupdate\a1b1de12-5d7b-428e-93b7-67e5acfbcbc1.exe" [2014-03-28 181136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 05:13 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-06 08:22]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 17:09]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 17:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-04 18:23 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 81.90.240.1 81.90.240.2
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y9rwork.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MBAMSwissArmy
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-FOTOKNIHY_FOTOKNIHY - c:\windows\system32\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-04-16 13:29:01
ComboFix-quarantined-files.txt 2014-04-16 11:29
.
Před spuštěním: Volných bajtů: 231 324 876 800
Po spuštění: Volných bajtů: 231 523 758 080
.
- - End Of File - - F01E1A6A0625BEC2D4A4EAE2C2002EB3
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-04-12.01 - Acer 16.04.2014 13:18:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3765.1901 [GMT 2:00]
Spuštěný z: c:\users\Martin a Pßja\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-16 do 2014-04-16 )))))))))))))))))))))))))))))))
.
.
2014-04-16 11:25 . 2014-04-16 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-16 11:25 . 2014-04-16 11:25 -------- d-----w- c:\users\Acer\AppData\Local\temp
2014-04-16 10:46 . 2014-04-16 10:46 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5BEDFF-D7BC-4A78-B38E-B68DD6E9037C}\offreg.dll
2014-04-16 10:19 . 2014-04-16 10:21 -------- d-----w- C:\AdwCleaner
2014-04-15 21:49 . 2014-04-16 05:40 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-15 21:48 . 2014-04-15 21:49 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-15 21:48 . 2014-04-15 21:48 -------- d-----w- c:\programdata\Malwarebytes
2014-04-15 21:48 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-15 21:48 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-15 21:48 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 07:35 . 2014-04-15 07:35 -------- d-----w- c:\program files\trend micro
2014-04-15 07:35 . 2014-04-15 07:35 -------- d-----w- C:\rsit
2014-04-15 06:27 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5BEDFF-D7BC-4A78-B38E-B68DD6E9037C}\mpengine.dll
2014-04-13 08:22 . 2014-04-13 08:22 -------- d-----w- c:\programdata\McAfee
2014-04-10 17:33 . 2014-04-10 17:33 -------- d-----w- c:\programdata\Intel
2014-04-10 17:17 . 2014-04-10 17:17 -------- d-----w- c:\programdata\BlueStacks
2014-04-10 17:17 . 2014-04-10 17:17 -------- d-----w- c:\program files (x86)\BlueStacks
2014-04-10 17:16 . 2014-04-10 17:16 -------- d-----w- c:\users\Acer\AppData\Local\Bluestacks
2014-04-05 19:53 . 2014-04-05 19:53 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{B6C2DD43-7546-4E41-B25E-CEA8C49C9B9F}
2014-04-04 18:23 . 2014-04-04 18:23 43152 ----a-w- c:\windows\avastSS.scr
2014-04-02 19:43 . 2014-04-02 19:44 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{B01432EC-5496-421F-B9E2-AE65CAE7C4BC}
2014-03-31 19:22 . 2014-03-31 19:22 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{A028B7B0-F91D-46FB-A3C5-438933ADD3FE}
2014-03-30 15:39 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-30 15:39 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-03-27 15:53 . 2014-03-27 15:53 -------- d-----w- c:\users\Acer\AppData\Local\ElevatedDiagnostics
2014-03-27 11:12 . 2014-03-27 11:12 -------- d-----w- C:\FOTOKNIHY
2014-03-27 10:38 . 2014-04-01 15:04 -------- d-----w- c:\program files\Microsoft Silverlight
2014-03-27 10:38 . 2014-04-01 15:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-03-27 10:37 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-03-27 10:37 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-03-27 10:37 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-03-27 10:36 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-03-27 10:36 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-03-27 10:36 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-03-27 10:36 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-27 10:33 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-03-27 10:33 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-03-27 10:33 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-27 10:33 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-03-27 09:36 . 2014-03-27 09:36 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{DDC6723C-8BE0-4D0C-97D8-DD1976DC956C}
2014-03-26 07:53 . 2014-03-26 07:53 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{7DA9C260-9F12-4AAB-985C-CBEE6E5121E3}
2014-03-25 16:50 . 2014-03-25 16:51 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{3351B2FE-65B5-4344-823C-04B00858B223}
2014-03-24 22:15 . 2014-03-24 22:15 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{BA9246A7-D422-41AF-97B4-70291858AE29}
2014-03-23 17:35 . 2014-03-23 17:35 -------- d-----w- c:\users\Martin a Pája\AppData\Roaming\IrfanView
2014-03-23 15:00 . 2014-03-23 15:00 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{FC9D2C00-D68F-4DEA-AF21-431D20609CAF}
2014-03-22 20:09 . 2014-03-27 10:20 -------- d-----w- C:\foto-knihy
2014-03-22 20:04 . 2014-03-22 20:06 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{F5079434-A710-4611-A14E-D98561D1F547}
2014-03-22 20:04 . 2014-03-22 20:04 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{6DECDE6B-8D57-4916-AC4A-6679AEAFD423}
2014-03-18 09:33 . 2014-03-18 09:33 -------- d-----w- c:\users\Martin a Pája\AppData\Roaming\CANON INC
2014-03-18 09:20 . 2014-03-18 09:20 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{D9B18A99-9F78-423C-94D9-8449818A8A3F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-15 06:24 . 2014-03-06 19:46 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-13 08:22 . 2014-03-06 13:51 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-13 08:22 . 2014-03-06 13:51 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-04 18:23 . 2014-03-06 17:09 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-04 18:23 . 2014-03-06 17:09 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-04 18:23 . 2014-03-06 17:09 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-04 18:23 . 2014-03-06 17:09 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-04 18:23 . 2014-03-06 17:09 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-04 18:23 . 2014-03-06 17:09 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-04 18:23 . 2014-03-06 17:09 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-04 18:23 . 2014-03-06 17:09 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-22 20:12 . 2014-03-06 22:32 19727741 ----a-w- c:\windows\SysWow64\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
2014-03-12 16:10 . 2014-03-12 16:10 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-08 02:06 . 2014-03-08 02:06 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-08 02:06 . 2014-03-08 02:06 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-08 02:06 . 2014-03-08 02:06 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-08 02:06 . 2014-03-08 02:06 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-08 02:06 . 2014-03-08 02:06 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-08 02:06 . 2014-03-08 02:06 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-03-08 02:06 . 2014-03-08 02:06 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-08 02:06 . 2014-03-08 02:06 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-08 02:06 . 2014-03-08 02:06 774144 ----a-w- c:\windows\system32\jscript.dll
2014-03-08 02:06 . 2014-03-08 02:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-08 02:06 . 2014-03-08 02:06 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-08 02:06 . 2014-03-08 02:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-08 02:06 . 2014-03-08 02:06 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-03-08 02:06 . 2014-03-08 02:06 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-08 02:06 . 2014-03-08 02:06 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-08 02:06 . 2014-03-08 02:06 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-03-08 02:06 . 2014-03-08 02:06 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-08 02:06 . 2014-03-08 02:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-08 02:06 . 2014-03-08 02:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-08 02:06 . 2014-03-08 02:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-08 02:06 . 2014-03-08 02:06 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-03-08 02:06 . 2014-03-08 02:06 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-08 02:06 . 2014-03-08 02:06 413696 ----a-w- c:\windows\system32\html.iec
2014-03-08 02:06 . 2014-03-08 02:06 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-08 02:06 . 2014-03-08 02:06 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-08 02:06 . 2014-03-08 02:06 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-08 02:06 . 2014-03-08 02:06 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-03-08 02:06 . 2014-03-08 02:06 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-08 02:06 . 2014-03-08 02:06 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-08 02:06 . 2014-03-08 02:06 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-08 02:06 . 2014-03-08 02:06 247808 ----a-w- c:\windows\system32\msls31.dll
2014-03-08 02:06 . 2014-03-08 02:06 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-08 02:06 . 2014-03-08 02:06 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-08 02:06 . 2014-03-08 02:06 235520 ----a-w- c:\windows\system32\url.dll
2014-03-08 02:06 . 2014-03-08 02:06 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-03-08 02:06 . 2014-03-08 02:06 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-08 02:06 . 2014-03-08 02:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-08 02:06 . 2014-03-08 02:06 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-08 02:06 . 2014-03-08 02:06 147968 ----a-w- c:\windows\system32\occache.dll
2014-03-08 02:06 . 2014-03-08 02:06 143872 ----a-w- c:\windows\system32\wextract.exe
2014-03-08 02:06 . 2014-03-08 02:06 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-08 02:06 . 2014-03-08 02:06 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-08 02:06 . 2014-03-08 02:06 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-03-08 02:06 . 2014-03-08 02:06 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-08 02:06 . 2014-03-08 02:06 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-08 02:06 . 2014-03-08 02:06 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-08 02:06 . 2014-03-08 02:06 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-08 02:06 . 2014-03-08 02:06 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-08 02:06 . 2014-03-08 02:06 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-08 02:06 . 2014-03-08 02:06 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-08 02:06 . 2014-03-08 02:06 101376 ----a-w- c:\windows\system32\inseng.dll
2014-03-06 22:42 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-06 18:22 . 2014-03-06 18:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-06 18:22 . 2014-03-06 18:22 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-06 18:22 . 2014-03-06 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-03-06 18:22 . 2014-03-06 18:22 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-03-06 18:22 . 2014-03-06 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-06 18:22 . 2014-03-06 18:22 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-03-06 18:22 . 2014-03-06 18:22 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-06 18:22 . 2014-03-06 18:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-03-06 18:22 . 2014-03-06 18:22 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-06 18:22 . 2014-03-06 18:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-03-06 18:22 . 2014-03-06 18:22 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-06 18:22 . 2014-03-06 18:22 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-03-06 18:22 . 2014-03-06 18:22 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-03-06 18:22 . 2014-03-06 18:22 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-06 18:22 . 2014-03-06 18:22 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-03-06 18:22 . 2014-03-06 18:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-06 18:22 . 2014-03-06 18:22 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
"PoivY"="c:\program files (x86)\PoivY.com\PoivY\PoivY.exe" [2014-02-12 19849008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-04 3854640]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-03-13 819984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="c:\program files\AVAST Software\Avast\setup\emupdate\a1b1de12-5d7b-428e-93b7-67e5acfbcbc1.exe" [2014-03-28 181136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 05:13 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-06 08:22]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 17:09]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 17:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-04 18:23 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 81.90.240.1 81.90.240.2
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y9rwork.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MBAMSwissArmy
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-FOTOKNIHY_FOTOKNIHY - c:\windows\system32\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-04-16 13:29:01
ComboFix-quarantined-files.txt 2014-04-16 11:29
.
Před spuštěním: Volných bajtů: 231 324 876 800
Po spuštění: Volných bajtů: 231 523 758 080
.
- - End Of File - - F01E1A6A0625BEC2D4A4EAE2C2002EB3
A36C5E4F47E84449FF07ED3517B43A31
Re: úplně zavirovaný ntb :-(
Zadny z programu zatim nehlasi zadnou vetsi nakazu 
Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )!
Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )! Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
Folder::
c:\programdata\McAfee
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Driver::
SkypeUpdate
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: úplně zavirovaný ntb :-(
Log combo fix níže. Mám tedy spíš přeinstalovat ten avast?
ComboFix 14-04-12.01 - Acer 16.04.2014 21:57:22.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3765.1752 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\McUICnt\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release\SecurityScan_Release000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\programdata\McAfee\MCLOGS\SecurityScanner\McUicnt\McUicnt000.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-16 do 2014-04-16 )))))))))))))))))))))))))))))))
.
.
2014-04-16 20:09 . 2014-04-16 21:54 -------- d-----w- c:\users\Acer\AppData\Local\temp
2014-04-16 10:19 . 2014-04-16 10:21 -------- d-----w- C:\AdwCleaner
2014-04-15 21:49 . 2014-04-16 21:53 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-15 21:48 . 2014-04-15 21:49 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-15 21:48 . 2014-04-15 21:48 -------- d-----w- c:\programdata\Malwarebytes
2014-04-15 21:48 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-15 21:48 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-15 21:48 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 07:35 . 2014-04-15 07:35 -------- d-----w- c:\program files\trend micro
2014-04-15 07:35 . 2014-04-15 07:35 -------- d-----w- C:\rsit
2014-04-15 06:27 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5BEDFF-D7BC-4A78-B38E-B68DD6E9037C}\mpengine.dll
2014-04-10 17:33 . 2014-04-10 17:33 -------- d-----w- c:\programdata\Intel
2014-04-10 17:17 . 2014-04-10 17:17 -------- d-----w- c:\programdata\BlueStacks
2014-04-10 17:17 . 2014-04-10 17:17 -------- d-----w- c:\program files (x86)\BlueStacks
2014-04-10 17:16 . 2014-04-10 17:16 -------- d-----w- c:\users\Acer\AppData\Local\Bluestacks
2014-04-05 19:53 . 2014-04-05 19:53 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{B6C2DD43-7546-4E41-B25E-CEA8C49C9B9F}
2014-04-04 18:23 . 2014-04-04 18:23 43152 ----a-w- c:\windows\avastSS.scr
2014-04-02 19:43 . 2014-04-02 19:44 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{B01432EC-5496-421F-B9E2-AE65CAE7C4BC}
2014-03-31 19:22 . 2014-03-31 19:22 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{A028B7B0-F91D-46FB-A3C5-438933ADD3FE}
2014-03-30 15:39 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-30 15:39 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-03-27 15:53 . 2014-03-27 15:53 -------- d-----w- c:\users\Acer\AppData\Local\ElevatedDiagnostics
2014-03-27 11:12 . 2014-03-27 11:12 -------- d-----w- C:\FOTOKNIHY
2014-03-27 10:38 . 2014-04-01 15:04 -------- d-----w- c:\program files\Microsoft Silverlight
2014-03-27 10:38 . 2014-04-01 15:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-03-27 10:37 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-03-27 10:37 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-03-27 10:37 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-03-27 10:36 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-03-27 10:36 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-03-27 10:36 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-03-27 10:36 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-27 10:33 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-03-27 10:33 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-03-27 10:33 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-27 10:33 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-03-27 09:36 . 2014-03-27 09:36 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{DDC6723C-8BE0-4D0C-97D8-DD1976DC956C}
2014-03-26 07:53 . 2014-03-26 07:53 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{7DA9C260-9F12-4AAB-985C-CBEE6E5121E3}
2014-03-25 16:50 . 2014-03-25 16:51 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{3351B2FE-65B5-4344-823C-04B00858B223}
2014-03-24 22:15 . 2014-03-24 22:15 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{BA9246A7-D422-41AF-97B4-70291858AE29}
2014-03-23 17:35 . 2014-03-23 17:35 -------- d-----w- c:\users\Martin a Pája\AppData\Roaming\IrfanView
2014-03-23 15:00 . 2014-03-23 15:00 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{FC9D2C00-D68F-4DEA-AF21-431D20609CAF}
2014-03-22 20:09 . 2014-03-27 10:20 -------- d-----w- C:\foto-knihy
2014-03-22 20:04 . 2014-03-22 20:06 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{F5079434-A710-4611-A14E-D98561D1F547}
2014-03-22 20:04 . 2014-03-22 20:04 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{6DECDE6B-8D57-4916-AC4A-6679AEAFD423}
2014-03-18 09:33 . 2014-03-18 09:33 -------- d-----w- c:\users\Martin a Pája\AppData\Roaming\CANON INC
2014-03-18 09:20 . 2014-03-18 09:20 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{D9B18A99-9F78-423C-94D9-8449818A8A3F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-15 06:24 . 2014-03-06 19:46 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-13 08:22 . 2014-03-06 13:51 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-13 08:22 . 2014-03-06 13:51 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-04 18:23 . 2014-03-06 17:09 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-04 18:23 . 2014-03-06 17:09 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-04 18:23 . 2014-03-06 17:09 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-04 18:23 . 2014-03-06 17:09 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-04 18:23 . 2014-03-06 17:09 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-04 18:23 . 2014-03-06 17:09 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-04 18:23 . 2014-03-06 17:09 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-04 18:23 . 2014-03-06 17:09 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-22 20:12 . 2014-03-06 22:32 19727741 ----a-w- c:\windows\SysWow64\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
2014-03-12 16:10 . 2014-03-12 16:10 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-08 02:06 . 2014-03-08 02:06 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-08 02:06 . 2014-03-08 02:06 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-08 02:06 . 2014-03-08 02:06 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-08 02:06 . 2014-03-08 02:06 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-08 02:06 . 2014-03-08 02:06 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-08 02:06 . 2014-03-08 02:06 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-03-08 02:06 . 2014-03-08 02:06 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-08 02:06 . 2014-03-08 02:06 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-08 02:06 . 2014-03-08 02:06 774144 ----a-w- c:\windows\system32\jscript.dll
2014-03-08 02:06 . 2014-03-08 02:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-08 02:06 . 2014-03-08 02:06 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-08 02:06 . 2014-03-08 02:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-08 02:06 . 2014-03-08 02:06 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-03-08 02:06 . 2014-03-08 02:06 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-08 02:06 . 2014-03-08 02:06 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-08 02:06 . 2014-03-08 02:06 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-03-08 02:06 . 2014-03-08 02:06 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-08 02:06 . 2014-03-08 02:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-08 02:06 . 2014-03-08 02:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-08 02:06 . 2014-03-08 02:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-08 02:06 . 2014-03-08 02:06 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-03-08 02:06 . 2014-03-08 02:06 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-08 02:06 . 2014-03-08 02:06 413696 ----a-w- c:\windows\system32\html.iec
2014-03-08 02:06 . 2014-03-08 02:06 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-08 02:06 . 2014-03-08 02:06 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-08 02:06 . 2014-03-08 02:06 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-08 02:06 . 2014-03-08 02:06 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-03-08 02:06 . 2014-03-08 02:06 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-08 02:06 . 2014-03-08 02:06 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-08 02:06 . 2014-03-08 02:06 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-08 02:06 . 2014-03-08 02:06 247808 ----a-w- c:\windows\system32\msls31.dll
2014-03-08 02:06 . 2014-03-08 02:06 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-08 02:06 . 2014-03-08 02:06 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-08 02:06 . 2014-03-08 02:06 235520 ----a-w- c:\windows\system32\url.dll
2014-03-08 02:06 . 2014-03-08 02:06 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-03-08 02:06 . 2014-03-08 02:06 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-08 02:06 . 2014-03-08 02:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-08 02:06 . 2014-03-08 02:06 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-08 02:06 . 2014-03-08 02:06 147968 ----a-w- c:\windows\system32\occache.dll
2014-03-08 02:06 . 2014-03-08 02:06 143872 ----a-w- c:\windows\system32\wextract.exe
2014-03-08 02:06 . 2014-03-08 02:06 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-08 02:06 . 2014-03-08 02:06 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-08 02:06 . 2014-03-08 02:06 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-03-08 02:06 . 2014-03-08 02:06 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-08 02:06 . 2014-03-08 02:06 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-08 02:06 . 2014-03-08 02:06 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-08 02:06 . 2014-03-08 02:06 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-08 02:06 . 2014-03-08 02:06 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-08 02:06 . 2014-03-08 02:06 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-08 02:06 . 2014-03-08 02:06 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-08 02:06 . 2014-03-08 02:06 101376 ----a-w- c:\windows\system32\inseng.dll
2014-03-06 22:42 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-06 18:22 . 2014-03-06 18:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-06 18:22 . 2014-03-06 18:22 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-06 18:22 . 2014-03-06 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-03-06 18:22 . 2014-03-06 18:22 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-03-06 18:22 . 2014-03-06 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-06 18:22 . 2014-03-06 18:22 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-03-06 18:22 . 2014-03-06 18:22 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-06 18:22 . 2014-03-06 18:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-03-06 18:22 . 2014-03-06 18:22 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-06 18:22 . 2014-03-06 18:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-03-06 18:22 . 2014-03-06 18:22 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-06 18:22 . 2014-03-06 18:22 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-03-06 18:22 . 2014-03-06 18:22 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-03-06 18:22 . 2014-03-06 18:22 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-06 18:22 . 2014-03-06 18:22 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-03-06 18:22 . 2014-03-06 18:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-06 18:22 . 2014-03-06 18:22 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PoivY"="c:\program files (x86)\PoivY.com\PoivY\PoivY.exe" [2014-02-12 19849008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-04 3854640]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-03-13 819984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 05:13 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-06 08:22]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 17:09]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 17:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-04 18:23 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 81.90.240.1 81.90.240.2
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y9rwork.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-FOTOKNIHY_FOTOKNIHY - c:\windows\system32\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\BlueStacks\HD-Service.exe
c:\program files (x86)\BlueStacks\HD-Network.exe
c:\program files (x86)\BlueStacks\HD-BlockDevice.exe
c:\program files (x86)\BlueStacks\HD-SharedFolder.exe
.
**************************************************************************
.
Celkový čas: 2014-04-16 23:57:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-16 21:57
ComboFix2.txt 2014-04-16 11:29
.
Před spuštěním: Volných bajtů: 231 464 681 472
Po spuštění: Volných bajtů: 231 176 929 280
.
- - End Of File - - 3E76D447716D57F372B36E222F8FD99B
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-04-12.01 - Acer 16.04.2014 21:57:22.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3765.1752 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\McUICnt\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release\SecurityScan_Release000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\programdata\McAfee\MCLOGS\SecurityScanner\McUicnt\McUicnt000.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-16 do 2014-04-16 )))))))))))))))))))))))))))))))
.
.
2014-04-16 20:09 . 2014-04-16 21:54 -------- d-----w- c:\users\Acer\AppData\Local\temp
2014-04-16 10:19 . 2014-04-16 10:21 -------- d-----w- C:\AdwCleaner
2014-04-15 21:49 . 2014-04-16 21:53 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-15 21:48 . 2014-04-15 21:49 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-15 21:48 . 2014-04-15 21:48 -------- d-----w- c:\programdata\Malwarebytes
2014-04-15 21:48 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-15 21:48 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-15 21:48 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 07:35 . 2014-04-15 07:35 -------- d-----w- c:\program files\trend micro
2014-04-15 07:35 . 2014-04-15 07:35 -------- d-----w- C:\rsit
2014-04-15 06:27 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5BEDFF-D7BC-4A78-B38E-B68DD6E9037C}\mpengine.dll
2014-04-10 17:33 . 2014-04-10 17:33 -------- d-----w- c:\programdata\Intel
2014-04-10 17:17 . 2014-04-10 17:17 -------- d-----w- c:\programdata\BlueStacks
2014-04-10 17:17 . 2014-04-10 17:17 -------- d-----w- c:\program files (x86)\BlueStacks
2014-04-10 17:16 . 2014-04-10 17:16 -------- d-----w- c:\users\Acer\AppData\Local\Bluestacks
2014-04-05 19:53 . 2014-04-05 19:53 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{B6C2DD43-7546-4E41-B25E-CEA8C49C9B9F}
2014-04-04 18:23 . 2014-04-04 18:23 43152 ----a-w- c:\windows\avastSS.scr
2014-04-02 19:43 . 2014-04-02 19:44 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{B01432EC-5496-421F-B9E2-AE65CAE7C4BC}
2014-03-31 19:22 . 2014-03-31 19:22 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{A028B7B0-F91D-46FB-A3C5-438933ADD3FE}
2014-03-30 15:39 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-30 15:39 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-03-27 15:53 . 2014-03-27 15:53 -------- d-----w- c:\users\Acer\AppData\Local\ElevatedDiagnostics
2014-03-27 11:12 . 2014-03-27 11:12 -------- d-----w- C:\FOTOKNIHY
2014-03-27 10:38 . 2014-04-01 15:04 -------- d-----w- c:\program files\Microsoft Silverlight
2014-03-27 10:38 . 2014-04-01 15:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-03-27 10:37 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-03-27 10:37 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-03-27 10:37 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-03-27 10:36 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-03-27 10:36 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-03-27 10:36 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-03-27 10:36 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-27 10:33 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-03-27 10:33 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-03-27 10:33 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-27 10:33 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-03-27 09:36 . 2014-03-27 09:36 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{DDC6723C-8BE0-4D0C-97D8-DD1976DC956C}
2014-03-26 07:53 . 2014-03-26 07:53 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{7DA9C260-9F12-4AAB-985C-CBEE6E5121E3}
2014-03-25 16:50 . 2014-03-25 16:51 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{3351B2FE-65B5-4344-823C-04B00858B223}
2014-03-24 22:15 . 2014-03-24 22:15 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{BA9246A7-D422-41AF-97B4-70291858AE29}
2014-03-23 17:35 . 2014-03-23 17:35 -------- d-----w- c:\users\Martin a Pája\AppData\Roaming\IrfanView
2014-03-23 15:00 . 2014-03-23 15:00 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{FC9D2C00-D68F-4DEA-AF21-431D20609CAF}
2014-03-22 20:09 . 2014-03-27 10:20 -------- d-----w- C:\foto-knihy
2014-03-22 20:04 . 2014-03-22 20:06 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{F5079434-A710-4611-A14E-D98561D1F547}
2014-03-22 20:04 . 2014-03-22 20:04 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{6DECDE6B-8D57-4916-AC4A-6679AEAFD423}
2014-03-18 09:33 . 2014-03-18 09:33 -------- d-----w- c:\users\Martin a Pája\AppData\Roaming\CANON INC
2014-03-18 09:20 . 2014-03-18 09:20 -------- d-----w- c:\users\Martin a Pája\AppData\Local\{D9B18A99-9F78-423C-94D9-8449818A8A3F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-15 06:24 . 2014-03-06 19:46 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-13 08:22 . 2014-03-06 13:51 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-13 08:22 . 2014-03-06 13:51 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-04 18:23 . 2014-03-06 17:09 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-04 18:23 . 2014-03-06 17:09 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-04 18:23 . 2014-03-06 17:09 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-04 18:23 . 2014-03-06 17:09 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-04 18:23 . 2014-03-06 17:09 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-04 18:23 . 2014-03-06 17:09 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-04 18:23 . 2014-03-06 17:09 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-04 18:23 . 2014-03-06 17:09 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-22 20:12 . 2014-03-06 22:32 19727741 ----a-w- c:\windows\SysWow64\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
2014-03-12 16:10 . 2014-03-12 16:10 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-08 02:06 . 2014-03-08 02:06 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-08 02:06 . 2014-03-08 02:06 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-08 02:06 . 2014-03-08 02:06 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-08 02:06 . 2014-03-08 02:06 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-08 02:06 . 2014-03-08 02:06 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-08 02:06 . 2014-03-08 02:06 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-03-08 02:06 . 2014-03-08 02:06 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-08 02:06 . 2014-03-08 02:06 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-08 02:06 . 2014-03-08 02:06 774144 ----a-w- c:\windows\system32\jscript.dll
2014-03-08 02:06 . 2014-03-08 02:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-08 02:06 . 2014-03-08 02:06 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-08 02:06 . 2014-03-08 02:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-08 02:06 . 2014-03-08 02:06 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-03-08 02:06 . 2014-03-08 02:06 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-08 02:06 . 2014-03-08 02:06 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-08 02:06 . 2014-03-08 02:06 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-03-08 02:06 . 2014-03-08 02:06 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-08 02:06 . 2014-03-08 02:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-08 02:06 . 2014-03-08 02:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-08 02:06 . 2014-03-08 02:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-08 02:06 . 2014-03-08 02:06 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-03-08 02:06 . 2014-03-08 02:06 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-08 02:06 . 2014-03-08 02:06 413696 ----a-w- c:\windows\system32\html.iec
2014-03-08 02:06 . 2014-03-08 02:06 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-08 02:06 . 2014-03-08 02:06 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-08 02:06 . 2014-03-08 02:06 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-08 02:06 . 2014-03-08 02:06 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-03-08 02:06 . 2014-03-08 02:06 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-08 02:06 . 2014-03-08 02:06 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-08 02:06 . 2014-03-08 02:06 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-08 02:06 . 2014-03-08 02:06 247808 ----a-w- c:\windows\system32\msls31.dll
2014-03-08 02:06 . 2014-03-08 02:06 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-08 02:06 . 2014-03-08 02:06 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-08 02:06 . 2014-03-08 02:06 235520 ----a-w- c:\windows\system32\url.dll
2014-03-08 02:06 . 2014-03-08 02:06 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-03-08 02:06 . 2014-03-08 02:06 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-08 02:06 . 2014-03-08 02:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-08 02:06 . 2014-03-08 02:06 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-08 02:06 . 2014-03-08 02:06 147968 ----a-w- c:\windows\system32\occache.dll
2014-03-08 02:06 . 2014-03-08 02:06 143872 ----a-w- c:\windows\system32\wextract.exe
2014-03-08 02:06 . 2014-03-08 02:06 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-08 02:06 . 2014-03-08 02:06 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-08 02:06 . 2014-03-08 02:06 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-03-08 02:06 . 2014-03-08 02:06 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-08 02:06 . 2014-03-08 02:06 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-08 02:06 . 2014-03-08 02:06 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-08 02:06 . 2014-03-08 02:06 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-08 02:06 . 2014-03-08 02:06 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-08 02:06 . 2014-03-08 02:06 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-08 02:06 . 2014-03-08 02:06 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-08 02:06 . 2014-03-08 02:06 101376 ----a-w- c:\windows\system32\inseng.dll
2014-03-06 22:42 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-06 18:22 . 2014-03-06 18:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-06 18:22 . 2014-03-06 18:22 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-06 18:22 . 2014-03-06 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-03-06 18:22 . 2014-03-06 18:22 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-03-06 18:22 . 2014-03-06 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-06 18:22 . 2014-03-06 18:22 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-03-06 18:22 . 2014-03-06 18:22 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-06 18:22 . 2014-03-06 18:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-06 18:22 . 2014-03-06 18:22 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-03-06 18:22 . 2014-03-06 18:22 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-06 18:22 . 2014-03-06 18:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-03-06 18:22 . 2014-03-06 18:22 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-06 18:22 . 2014-03-06 18:22 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-03-06 18:22 . 2014-03-06 18:22 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-03-06 18:22 . 2014-03-06 18:22 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-06 18:22 . 2014-03-06 18:22 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-03-06 18:22 . 2014-03-06 18:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-06 18:22 . 2014-03-06 18:22 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PoivY"="c:\program files (x86)\PoivY.com\PoivY\PoivY.exe" [2014-02-12 19849008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-04 3854640]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-03-13 819984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 05:13 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-06 08:22]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 17:09]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 17:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-04 18:23 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 81.90.240.1 81.90.240.2
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y9rwork.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-FOTOKNIHY_FOTOKNIHY - c:\windows\system32\FOTOKNIHY_FOTOKNIHY_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\BlueStacks\HD-Service.exe
c:\program files (x86)\BlueStacks\HD-Network.exe
c:\program files (x86)\BlueStacks\HD-BlockDevice.exe
c:\program files (x86)\BlueStacks\HD-SharedFolder.exe
.
**************************************************************************
.
Celkový čas: 2014-04-16 23:57:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-16 21:57
ComboFix2.txt 2014-04-16 11:29
.
Před spuštěním: Volných bajtů: 231 464 681 472
Po spuštění: Volných bajtů: 231 176 929 280
.
- - End Of File - - 3E76D447716D57F372B36E222F8FD99B
A36C5E4F47E84449FF07ED3517B43A31
Re: úplně zavirovaný ntb :-(
Zkuste spustit rychly test Avastu. Potrebuju vedet, co se mu nelibi a overit to. Az overime tu havet, muzem to vycistit od brzd a dalsich zbytecnostiPavla V. píše:Mám tedy spíš přeinstalovat ten avast?
Jo a vypnete trvale Windows Defender. Bezi uplne zbytecne a akorat zere pamet.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: úplně zavirovaný ntb :-(
Tak rychlý test avastu je ok.
Ale zobrazily se tam záznamy starých testů, které tam předtím nebyly! I ten nedokončený s viry.
Tak v obrázku přikládám začátek reportu. Těch souborů je tam cca 800, než jsem to vypla.
Ale zobrazily se tam záznamy starých testů, které tam předtím nebyly! I ten nedokončený s viry.
Tak v obrázku přikládám začátek reportu. Těch souborů je tam cca 800, než jsem to vypla.
- Přílohy
-
- avast.jpg (40.82 KiB) Zobrazeno 2183 x
Přispějete na provoz fóra?