Dneska jsem asi v něčem stáhnul keylogger, protože se nemůžu přihlásit na 3 různé účty, na každém je jiné heslo.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2014-07-26 19:16:40
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 41 GB (36%) free of 114 GB
Total RAM: 8120 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:45, on 26.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.213\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.100\deploy\LolClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Michal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://the-west.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [PATHPILOT] D:\Kat MP3 Recorder\Kat MP3 Recorder.exe
O4 - HKLM\..\Run: [amd_dc_opt] D:\2K Games\BioShock\amd_dc_opt.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Michal\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series.lnk = ?
O4 - Global Startup: iSCTsysTray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10138 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe" updateandrun lol_launcher LoLLauncher.exe
LoLLauncher.exe
"C:/Riot Games/League of Legends/RADS/projects/lol_air_client/releases/0.0.1.100/deploy/LolClient.exe" -runtime .\ -nodebug META-INF\AIR\application.xml .\ -- 8393
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3168.0.843977148\519013306" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,16 --gpu-vendor-id=0x1002 --gpu-device-id=0x6798 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.101.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_41/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="3168.2.1070124108\804213696" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_41/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="3168.5.503879753\1889742669" /prefetch:673131151
"D:\WinRAR\WinRAR.exe" "C:\Users\Michal\Desktop\Downloads\tdsskiller.zip"
taskeng.exe {1BE1BBEA-E2CB-46D8-97AC-C087F7433CED}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_41/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="3168.17.849645598\283989800" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe20_ Global\UsGthrCtrlFltPipeMssGthrPipe20 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Michal\Desktop\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-06-27 7191768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Akamai NetSession Interface"=C:\Users\Michal\AppData\Local\Akamai\netsession_win.exe [2014-04-17 4672920]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-04-26 292848]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-06-04 676608]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-05-17 134616]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY []
"Wondershare Helper Compact.exe"=C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2014-04-01 2007392]
""= []
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864]
"PATHPILOT"=D:\Kat MP3 Recorder\Kat MP3 Recorder.exe []
"amd_dc_opt"=D:\2K Games\BioShock\amd_dc_opt.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
iSCTsysTray.lnk - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series.lnk - C:\Windows\system32\RunDll32.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2014-07-26 19:16:40 ----D---- C:\rsit
2014-07-26 19:16:40 ----D---- C:\Program Files\trend micro
2014-07-26 19:12:25 ----A---- C:\TDSSKiller.3.0.0.16_26.07.2014_19.12.25_log.txt
2014-07-26 15:31:03 ----D---- C:\Users\Michal\AppData\Roaming\dclogs
2014-07-16 20:42:54 ----D---- C:\Users\Michal\AppData\Roaming\Leadertech
2014-07-16 14:44:43 ----D---- C:\ProgramData\Riot Games
2014-07-10 07:31:21 ----A---- C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-09 18:39:47 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-07-09 18:39:47 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-07-09 18:39:47 ----A---- C:\Windows\system32\win32k.sys
2014-07-09 18:39:47 ----A---- C:\Windows\system32\qedit.dll
2014-07-09 18:39:47 ----A---- C:\Windows\system32\osk.exe
2014-07-09 18:39:47 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-09 18:39:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-07-09 18:39:46 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-09 18:39:46 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-09 18:39:46 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-07-09 18:39:46 ----A---- C:\Windows\system32\wdigest.dll
2014-07-09 18:39:46 ----A---- C:\Windows\system32\TSpkg.dll
2014-07-09 18:39:46 ----A---- C:\Windows\system32\schannel.dll
2014-07-09 18:39:46 ----A---- C:\Windows\system32\ncrypt.dll
2014-07-09 18:39:46 ----A---- C:\Windows\system32\msv1_0.dll
2014-07-09 18:39:46 ----A---- C:\Windows\system32\kerberos.dll
2014-07-09 18:39:45 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-07-09 18:39:45 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-09 18:39:45 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-07-09 18:39:45 ----A---- C:\Windows\system32\credssp.dll
2014-07-09 18:39:44 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-09 18:39:44 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-09 18:39:44 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-09 18:39:44 ----A---- C:\Windows\system32\iernonce.dll
2014-07-09 18:39:43 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-07-09 18:39:43 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-07-09 18:39:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-09 18:39:43 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-09 18:39:43 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-07-09 18:39:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-07-09 18:39:43 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-07-09 18:39:43 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-09 18:39:43 ----A---- C:\Windows\system32\urlmon.dll
2014-07-09 18:39:43 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 18:39:43 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-07-09 18:39:43 ----A---- C:\Windows\system32\iedkcs32.dll
2014-07-09 18:39:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-09 18:39:42 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-07-09 18:39:42 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-07-09 18:39:42 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-09 18:39:42 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-09 18:39:42 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-09 18:39:42 ----A---- C:\Windows\system32\iesetup.dll
2014-07-09 18:39:42 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 18:39:42 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-07-09 18:39:42 ----A---- C:\Windows\system32\ie4uinit.exe
2014-07-09 18:39:42 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-09 18:39:41 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-07-09 18:39:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-07-09 18:39:41 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-07-09 18:39:41 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-09 18:39:41 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-09 18:39:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-07-09 18:39:41 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-09 18:39:41 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-09 18:39:41 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-09 18:39:41 ----A---- C:\Windows\system32\iertutil.dll
2014-07-09 18:39:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-07-09 18:39:40 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-09 18:39:40 ----A---- C:\Windows\system32\jscript9diag.dll
2014-07-09 18:39:40 ----A---- C:\Windows\system32\jscript9.dll
2014-07-09 18:39:40 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-09 18:39:40 ----A---- C:\Windows\system32\ieui.dll
2014-07-09 18:39:40 ----A---- C:\Windows\system32\ieframe.dll
2014-07-09 18:39:40 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-09 18:39:39 ----A---- C:\Windows\system32\wininet.dll
2014-07-09 18:39:39 ----A---- C:\Windows\system32\vbscript.dll
2014-07-09 18:39:39 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 18:39:39 ----A---- C:\Windows\system32\msrating.dll
2014-07-09 18:39:39 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-07-09 18:39:39 ----A---- C:\Windows\system32\mshtml.dll
2014-07-09 18:39:39 ----A---- C:\Windows\system32\ieapfltr.dll
2014-07-09 18:39:02 ----A---- C:\Windows\system32\lsasrv.dll
2014-07-09 18:39:01 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-07-09 18:39:01 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-07-08 21:29:31 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-07-02 17:04:31 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2014-07-02 16:55:13 ----D---- C:\Users\Michal\AppData\Roaming\AVG
2014-07-02 16:55:05 ----D---- C:\ProgramData\AVG
2014-07-02 16:55:03 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 16:54:32 ----D---- C:\Users\Michal\AppData\Roaming\OpenCandy
2014-07-02 16:53:20 ----D---- C:\Windows\Freecorder
2014-07-02 16:49:36 ----A---- C:\Windows\SYSWOW64\NCTAudioVisualization2.dll
2014-07-02 16:49:36 ----A---- C:\Windows\SYSWOW64\NCTAudioRecord2.dll
2014-07-02 16:49:36 ----A---- C:\Windows\SYSWOW64\NCTAudioFile2.dll
2014-07-02 16:49:36 ----A---- C:\Windows\SYSWOW64\msvcr70.dll
2014-06-30 16:20:02 ----A---- C:\Windows\SYSWOW64\MSVCR71.DLL
2014-06-30 16:20:02 ----A---- C:\Windows\SYSWOW64\MSVCP71.DLL
2014-06-30 16:20:02 ----A---- C:\Windows\SYSWOW64\MFC71U.DLL
2014-06-30 16:20:02 ----A---- C:\Windows\SYSWOW64\MFC71.DLL
2014-06-30 16:20:02 ----A---- C:\Windows\SYSWOW64\ATL71.DLL
2014-06-29 18:35:22 ----D---- C:\Program Files (x86)\Quake Live
2014-06-27 12:25:02 ----D---- C:\Users\Michal\AppData\Roaming\vlc
======List of files/folders modified in the last 1 month======
2014-07-26 19:16:42 ----D---- C:\Windows\Temp
2014-07-26 19:16:40 ----RD---- C:\Program Files
2014-07-26 19:12:32 ----D---- C:\Windows\system32\drivers
2014-07-26 19:08:37 ----D---- C:\Windows
2014-07-26 16:26:38 ----D---- C:\Windows\system32\config
2014-07-26 16:19:29 ----D---- C:\Windows\System32
2014-07-26 16:19:29 ----D---- C:\Windows\inf
2014-07-26 16:19:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-26 14:32:44 ----D---- C:\Users\Michal\AppData\Roaming\TS3Client
2014-07-25 05:34:56 ----D---- C:\Program Files\Microsoft Silverlight
2014-07-25 05:34:56 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 22:49:23 ----SHD---- C:\Windows\Installer
2014-07-24 22:48:46 ----SHD---- C:\System Volume Information
2014-07-18 20:34:57 ----RSD---- C:\Windows\assembly
2014-07-18 20:32:28 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2014-07-18 19:01:33 ----D---- C:\Windows\rescache
2014-07-16 20:43:04 ----D---- C:\Windows\SysWOW64
2014-07-16 20:41:36 ----D---- C:\Windows\system32\catroot2
2014-07-16 20:41:36 ----D---- C:\Windows\Logs
2014-07-16 20:40:51 ----D---- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
2014-07-16 14:44:43 ----HD---- C:\ProgramData
2014-07-10 07:31:24 ----D---- C:\Windows\winsxs
2014-07-10 07:30:55 ----D---- C:\Windows\SYSWOW64\Dism
2014-07-10 07:30:55 ----D---- C:\Windows\system32\Dism
2014-07-10 07:30:55 ----D---- C:\Program Files\Windows Journal
2014-07-10 07:30:54 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-10 07:30:54 ----D---- C:\Windows\system32\en-US
2014-07-10 07:30:54 ----D---- C:\Windows\system32\cs-CZ
2014-07-10 07:30:54 ----D---- C:\Windows\ehome
2014-07-10 07:30:54 ----D---- C:\Program Files\Internet Explorer
2014-07-10 07:30:54 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-09 23:29:04 ----D---- C:\Windows\system32\MRT
2014-07-09 23:28:25 ----D---- C:\Windows\debug
2014-07-09 23:28:25 ----A---- C:\Windows\system32\MRT.exe
2014-07-09 23:28:10 ----D---- C:\ProgramData\Microsoft Help
2014-07-09 19:39:11 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-07-09 18:38:59 ----D---- C:\Windows\system32\catroot
2014-07-08 20:13:00 ----D---- C:\Windows\system32\NDF
2014-07-08 20:09:50 ----RD---- C:\Program Files (x86)
2014-07-07 15:55:37 ----D---- C:\Users\Michal\AppData\Roaming\HpUpdate
2014-07-02 20:09:38 ----D---- C:\Users\Michal\AppData\Roaming\Audacity
2014-07-02 19:21:37 ----D---- C:\Program Files (x86)\Common Files
2014-07-02 17:21:21 ----D---- C:\ProgramData\MFAData
2014-07-02 17:08:25 ----D---- C:\Program Files (x86)\AVG
2014-07-02 17:06:04 ----D---- C:\Windows\system32\Tasks
2014-07-02 17:06:00 ----D---- C:\Program Files (x86)\Adobe
2014-07-02 17:04:31 ----D---- C:\ProgramData\Adobe
2014-07-02 17:04:25 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-04-26 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 51280]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-11 283064]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-06-05 11833856]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-06-04 608768]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-04-24 96768]
R3 ikbevent;Intel Upper keyboard Class Filter Driver; C:\Windows\system32\DRIVERS\ikbevent.sys [2013-02-13 21048]
R3 imsevent;Intel Upper Mouse Class Filter Driver; C:\Windows\system32\DRIVERS\imsevent.sys [2013-02-13 21048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-07-02 3472600]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD64.sys [2013-02-13 46568]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2013-04-26 368112]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2013-04-26 786416]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-05-17 64624]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-04-10 849992]
R3 TRIXX;TRIXX; \??\C:\Users\Michal\AppData\Local\Temp\TRIXX.sys []
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001); C:\Windows\system32\drivers\WPRO_41_2001.sys [2014-07-26 34752]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2014-04-09 21712]
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver64.sys []
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-06-05 241152]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-02-13 731648]
R2 ISCTAgent;Intel(R) Smart Connect Technology Agent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2013-02-13 180200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-05-17 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-05-17 366552]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-02 4972864]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-01-05 1432400]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-02-13 820184]
S3 intelsba;Intel(R) Small Business Advantage; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2013-03-13 48832]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-01 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nejspíše Keylogger, prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119543
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejspíše Keylogger, prosím o kontrolu
Zdravím!
Dejte log ComboFix:
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejspíše Keylogger, prosím o kontrolu
ComboFix 14-07-25.01 - Michal 26.07.2014 20:02:21.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8120.4325 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michal\AppData\Roaming\dclogs
c:\users\Michal\AppData\Roaming\dclogs\2014-07-26-7.dc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-26 do 2014-07-26 )))))))))))))))))))))))))))))))
.
.
2014-07-26 18:01 . 2014-07-26 18:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01559991-F6A7-4C61-92BF-332DA5862C5A}\offreg.dll
2014-07-26 17:16 . 2014-07-26 17:16 -------- d-----w- C:\rsit
2014-07-26 17:16 . 2014-07-26 17:16 -------- d-----w- c:\program files\trend micro
2014-07-26 08:36 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01559991-F6A7-4C61-92BF-332DA5862C5A}\mpengine.dll
2014-07-19 17:50 . 2014-07-19 17:50 -------- d-----w- c:\users\Michal\AppData\Local\FLT
2014-07-16 18:42 . 2014-07-16 18:42 -------- d-----w- c:\users\Michal\AppData\Roaming\Leadertech
2014-07-16 12:44 . 2014-07-16 12:44 -------- d-----w- c:\programdata\Riot Games
2014-07-10 05:31 . 2014-07-26 14:13 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2014-07-08 18:11 . 2014-07-16 18:43 -------- d-----w- c:\users\Michal\AppData\Local\Downloaded Installations
2014-07-02 17:21 . 2014-07-02 17:21 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-07-02 15:04 . 2014-07-02 15:04 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-07-02 15:04 . 2014-07-02 15:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-07-02 14:55 . 2014-07-02 14:55 -------- d-----w- c:\users\Michal\AppData\Roaming\AVG
2014-07-02 14:55 . 2014-07-02 14:55 -------- d-----w- c:\users\Michal\AppData\Local\AVG
2014-07-02 14:55 . 2014-07-02 14:57 -------- d-----w- c:\programdata\AVG
2014-07-02 14:55 . 2014-07-02 15:01 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 14:54 . 2014-07-02 14:54 -------- d-----w- c:\users\Michal\AppData\Roaming\OpenCandy
2014-07-02 14:53 . 2014-07-02 14:53 -------- d-----w- c:\users\Michal\AppData\Local\FLVService
2014-07-02 14:53 . 2014-07-02 14:53 -------- d-----w- c:\windows\Freecorder
2014-07-02 14:49 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2014-07-02 14:49 . 2004-08-25 11:53 311296 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2014-07-02 14:49 . 2004-05-20 11:07 335872 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2014-07-02 14:49 . 2002-01-05 13:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2014-06-30 14:20 . 2003-03-19 04:19 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL
2014-06-30 14:20 . 2003-03-19 04:12 1047552 ----a-w- c:\windows\SysWow64\MFC71U.DLL
2014-06-30 14:20 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2014-06-30 14:20 . 2003-03-19 02:05 89088 ----a-w- c:\windows\SysWow64\ATL71.DLL
2014-06-30 14:20 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\MSVCR71.DLL
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\users\Michal\AppData\Local\Launcher
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\users\Michal\AppData\Local\id Software
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\program files (x86)\Quake Live
2014-06-27 10:25 . 2014-07-26 12:37 -------- d-----w- c:\users\Michal\AppData\Roaming\vlc
2014-06-27 10:22 . 2014-06-27 10:46 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-26 14:13 . 2013-11-30 21:15 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-07-09 21:28 . 2013-11-30 21:54 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 17:39 . 2013-11-30 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 17:39 . 2013-11-30 22:00 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 07:52 . 2014-07-09 16:39 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-15 17:53 . 2014-05-15 17:53 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2014-05-09 06:14 . 2014-05-14 05:03 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 05:03 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-12 04:55 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 04:55 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2013-10-28 3675352]
"Akamai NetSession Interface"="c:\users\Michal\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-06-04 676608]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-16 134616]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-04-01 2007392]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN23K511RS05PJ;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-2-13 249320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"NtVdmSrv"=c:\windows\inf\ntvdm.vbe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TRIXX;TRIXX;c:\users\Michal\AppData\Local\Temp\TRIXX.sys;c:\users\Michal\AppData\Local\Temp\TRIXX.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 62875633
*Deregistered* - 62875633
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 18:14 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-30 17:39]
.
2014-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11 19:31]
.
2014-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11 19:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://the-west.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Wow6432Node-HKLM-Run-AVG_UI - c:\program files (x86)\AVG\AVG2014\avgui.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-PATHPILOT - d:\kat mp3 recorder\Kat MP3 Recorder.exe
Wow6432Node-HKLM-Run-amd_dc_opt - d:\2k games\BioShock\amd_dc_opt.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2351883964-1579132718-1644937791-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,28,81,45,f8,3c,52,e0,f7,c4,1b,f0,8a,54,b1,bf,4e,31,18,b2,a6,5d,79,
0e,25,cb,d3,9f,3f,59,b8,75,5d,92,a6,3c,e8,c4,35,06,d0,53,10,03,e2,08,ac,39,\
"??"=hex:95,f9,79,22,18,1a,58,00,4d,49,9d,f8,4e,c9,d0,86
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-07-26 20:05:33
ComboFix-quarantined-files.txt 2014-07-26 18:05
.
Před spuštěním: Volných bajtů: 47 804 903 424
Po spuštění: Volných bajtů: 47 508 529 152
.
- - End Of File - - 6D39877BB5DFEC82B0C6B939C305F0DE
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8120.4325 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michal\AppData\Roaming\dclogs
c:\users\Michal\AppData\Roaming\dclogs\2014-07-26-7.dc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-26 do 2014-07-26 )))))))))))))))))))))))))))))))
.
.
2014-07-26 18:01 . 2014-07-26 18:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01559991-F6A7-4C61-92BF-332DA5862C5A}\offreg.dll
2014-07-26 17:16 . 2014-07-26 17:16 -------- d-----w- C:\rsit
2014-07-26 17:16 . 2014-07-26 17:16 -------- d-----w- c:\program files\trend micro
2014-07-26 08:36 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01559991-F6A7-4C61-92BF-332DA5862C5A}\mpengine.dll
2014-07-19 17:50 . 2014-07-19 17:50 -------- d-----w- c:\users\Michal\AppData\Local\FLT
2014-07-16 18:42 . 2014-07-16 18:42 -------- d-----w- c:\users\Michal\AppData\Roaming\Leadertech
2014-07-16 12:44 . 2014-07-16 12:44 -------- d-----w- c:\programdata\Riot Games
2014-07-10 05:31 . 2014-07-26 14:13 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2014-07-08 18:11 . 2014-07-16 18:43 -------- d-----w- c:\users\Michal\AppData\Local\Downloaded Installations
2014-07-02 17:21 . 2014-07-02 17:21 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-07-02 15:04 . 2014-07-02 15:04 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-07-02 15:04 . 2014-07-02 15:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-07-02 14:55 . 2014-07-02 14:55 -------- d-----w- c:\users\Michal\AppData\Roaming\AVG
2014-07-02 14:55 . 2014-07-02 14:55 -------- d-----w- c:\users\Michal\AppData\Local\AVG
2014-07-02 14:55 . 2014-07-02 14:57 -------- d-----w- c:\programdata\AVG
2014-07-02 14:55 . 2014-07-02 15:01 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 14:54 . 2014-07-02 14:54 -------- d-----w- c:\users\Michal\AppData\Roaming\OpenCandy
2014-07-02 14:53 . 2014-07-02 14:53 -------- d-----w- c:\users\Michal\AppData\Local\FLVService
2014-07-02 14:53 . 2014-07-02 14:53 -------- d-----w- c:\windows\Freecorder
2014-07-02 14:49 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2014-07-02 14:49 . 2004-08-25 11:53 311296 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2014-07-02 14:49 . 2004-05-20 11:07 335872 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2014-07-02 14:49 . 2002-01-05 13:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2014-06-30 14:20 . 2003-03-19 04:19 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL
2014-06-30 14:20 . 2003-03-19 04:12 1047552 ----a-w- c:\windows\SysWow64\MFC71U.DLL
2014-06-30 14:20 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2014-06-30 14:20 . 2003-03-19 02:05 89088 ----a-w- c:\windows\SysWow64\ATL71.DLL
2014-06-30 14:20 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\MSVCR71.DLL
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\users\Michal\AppData\Local\Launcher
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\users\Michal\AppData\Local\id Software
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\program files (x86)\Quake Live
2014-06-27 10:25 . 2014-07-26 12:37 -------- d-----w- c:\users\Michal\AppData\Roaming\vlc
2014-06-27 10:22 . 2014-06-27 10:46 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-26 14:13 . 2013-11-30 21:15 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-07-09 21:28 . 2013-11-30 21:54 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 17:39 . 2013-11-30 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 17:39 . 2013-11-30 22:00 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 07:52 . 2014-07-09 16:39 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-15 17:53 . 2014-05-15 17:53 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2014-05-09 06:14 . 2014-05-14 05:03 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 05:03 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-12 04:55 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 04:55 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2013-10-28 3675352]
"Akamai NetSession Interface"="c:\users\Michal\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-06-04 676608]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-16 134616]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-04-01 2007392]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN23K511RS05PJ;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-2-13 249320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"NtVdmSrv"=c:\windows\inf\ntvdm.vbe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TRIXX;TRIXX;c:\users\Michal\AppData\Local\Temp\TRIXX.sys;c:\users\Michal\AppData\Local\Temp\TRIXX.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 62875633
*Deregistered* - 62875633
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 18:14 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-30 17:39]
.
2014-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11 19:31]
.
2014-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11 19:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://the-west.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Wow6432Node-HKLM-Run-AVG_UI - c:\program files (x86)\AVG\AVG2014\avgui.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-PATHPILOT - d:\kat mp3 recorder\Kat MP3 Recorder.exe
Wow6432Node-HKLM-Run-amd_dc_opt - d:\2k games\BioShock\amd_dc_opt.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2351883964-1579132718-1644937791-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,28,81,45,f8,3c,52,e0,f7,c4,1b,f0,8a,54,b1,bf,4e,31,18,b2,a6,5d,79,
0e,25,cb,d3,9f,3f,59,b8,75,5d,92,a6,3c,e8,c4,35,06,d0,53,10,03,e2,08,ac,39,\
"??"=hex:95,f9,79,22,18,1a,58,00,4d,49,9d,f8,4e,c9,d0,86
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-07-26 20:05:33
ComboFix-quarantined-files.txt 2014-07-26 18:05
.
Před spuštěním: Volných bajtů: 47 804 903 424
Po spuštění: Volných bajtů: 47 508 529 152
.
- - End Of File - - 6D39877BB5DFEC82B0C6B939C305F0DE
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119543
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejspíše Keylogger, prosím o kontrolu
Otevřte poznámkový blok a zkopírujte do něj:
Nic z toho není keylogger.
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\system32\WPRO_41_2001woem.tmp
c:\windows\inf\ntvdm.vbe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\users\Michal\AppData\Local\Akamai
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-
"NtVdmSrv"=-
Driver::
62875633
Regnull::
[HKEY_USERS\S-1-5-21-2351883964-1579132718-1644937791-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Nic z toho není keylogger.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejspíše Keylogger, prosím o kontrolu
Děkuji moc
-
Rudy
- Site Admin
- Příspěvky: 119543
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejspíše Keylogger, prosím o kontrolu
Není zač, rád bych ale viděl nový log ComboFix.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejspíše Keylogger, prosím o kontrolu
Tenhle byl první
KillAll::
File::
c:\windows\system32\WPRO_41_2001woem.tmp
c:\windows\inf\ntvdm.vbe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\users\Michal\AppData\Local\Akamai
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-
"NtVdmSrv"=-
Driver::
62875633
Regnull::
[HKEY_USERS\S-1-5-21-2351883964-1579132718-1644937791-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Pak po vypnutí to jelo znova a byl tenhle
ComboFix 14-07-25.01 - Michal 26.07.2014 22:29:16.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8120.4730 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\inf\ntvdm.vbe"
"c:\windows\system32\WPRO_41_2001woem.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michal\AppData\Local\Akamai
c:\users\Michal\AppData\Local\Akamai\admintool.exe
c:\users\Michal\AppData\Local\Akamai\client.ini
c:\users\Michal\AppData\Local\Akamai\ControlPanel.exe
c:\users\Michal\AppData\Local\Akamai\CplTasks.xml
c:\users\Michal\AppData\Local\Akamai\euc_state.json
c:\users\Michal\AppData\Local\Akamai\extraroot.pem
c:\users\Michal\AppData\Local\Akamai\guid.ini
c:\users\Michal\AppData\Local\Akamai\installer.txt
c:\users\Michal\AppData\Local\Akamai\installer_no_upload_silent.exe
c:\users\Michal\AppData\Local\Akamai\Languages\csy.dll
c:\users\Michal\AppData\Local\Akamai\Languages\dan.dll
c:\users\Michal\AppData\Local\Akamai\Languages\deu.dll
c:\users\Michal\AppData\Local\Akamai\Languages\esp.dll
c:\users\Michal\AppData\Local\Akamai\Languages\fin.dll
c:\users\Michal\AppData\Local\Akamai\Languages\fra.dll
c:\users\Michal\AppData\Local\Akamai\Languages\chs.dll
c:\users\Michal\AppData\Local\Akamai\Languages\cht.dll
c:\users\Michal\AppData\Local\Akamai\Languages\ita.dll
c:\users\Michal\AppData\Local\Akamai\Languages\jpn.dll
c:\users\Michal\AppData\Local\Akamai\Languages\kor.dll
c:\users\Michal\AppData\Local\Akamai\Languages\nld.dll
c:\users\Michal\AppData\Local\Akamai\Languages\nor.dll
c:\users\Michal\AppData\Local\Akamai\Languages\plk.dll
c:\users\Michal\AppData\Local\Akamai\Languages\ptb.dll
c:\users\Michal\AppData\Local\Akamai\Languages\ptg.dll
c:\users\Michal\AppData\Local\Akamai\Languages\rus.dll
c:\users\Michal\AppData\Local\Akamai\Languages\sve.dll
c:\users\Michal\AppData\Local\Akamai\Languages\trk.dll
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140719_214137.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_054221.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_055105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_080547.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_124930.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_130816.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_212948.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_043814.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_045206.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_083643.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_112225.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_123053.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_211243.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_034226.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_034857.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_073946.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_074144.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_120150.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_130118.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_134302.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_210714.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140723_033417.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140723_034024.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140723_104423.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140723_205723.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140724_033239.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140724_033701.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140724_133251.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140724_204840.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_033500.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_035126.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_043930.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_053348.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_073822.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_080053.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_083827.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_093158.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_100247.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_104151.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_140117.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_211922.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_083237.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_141300.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_141334.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_185440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_190437.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon1.debug.log
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140719_211636.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140719_214137.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_054253.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_055104.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_080606.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_090606.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_100606.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_110607.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_120607.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_124929.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_130831.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_140831.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_150832.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_160832.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_170832.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_180832.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_190833.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_200833.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_210834.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_212947.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_043825.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_045205.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_083658.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_093659.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_103659.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_112224.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_123104.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_133104.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_143105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_153105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_163105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_173105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_183106.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_193106.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_203106.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_211242.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_034236.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_034857.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_074002.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_074144.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_120213.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_130118.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_134317.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_144318.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_154318.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_164318.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_174318.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_184319.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_194319.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_204319.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_210713.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_033430.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_034023.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_104438.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_114438.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_124439.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_134439.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_144439.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_154439.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_164440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_174440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_184440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_194440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_204441.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_205723.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_033249.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_033700.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_133315.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_143315.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_153316.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_163316.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_173316.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_183316.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_193317.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_203317.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_204839.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_033518.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_035126.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_043939.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_053347.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_073833.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_080053.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_083837.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_093157.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_100257.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_104151.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_140127.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_150127.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_170835.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_180835.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_190835.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_200836.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_210836.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_211922.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_083246.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_093247.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_103248.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_113248.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_123248.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_133248.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_141259.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_141343.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_151344.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_161344.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_185450.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_190445.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_200446.sent
c:\users\Michal\AppData\Local\Akamai\netsession_installer.exe
c:\users\Michal\AppData\Local\Akamai\netsession_win.exe
c:\users\Michal\AppData\Local\Akamai\readme.txt
c:\users\Michal\AppData\Local\Akamai\root.pem
c:\users\Michal\AppData\Local\Akamai\rswinui.exe
c:\users\Michal\AppData\Local\Akamai\uninstall.exe
c:\users\Michal\AppData\Local\Akamai\user.dat
c:\windows\system32\WPRO_41_2001woem.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-26 do 2014-07-26 )))))))))))))))))))))))))))))))
.
.
2014-07-26 19:08 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBEE3519-AC1C-4A3D-AD90-BEF28B207B86}\mpengine.dll
2014-07-26 18:18 . 2014-07-26 18:18 -------- d-----w- c:\program files (x86)\PC Tools
2014-07-26 18:12 . 2014-07-26 18:18 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2014-07-26 18:12 . 2014-07-26 18:18 -------- d-----w- c:\programdata\PC Tools
2014-07-26 18:12 . 2014-07-26 18:12 -------- d-----w- c:\users\Michal\AppData\Roaming\TestApp
2014-07-26 17:16 . 2014-07-26 18:59 -------- d-----w- c:\program files\trend micro
2014-07-26 17:16 . 2014-07-26 17:16 -------- d-----w- C:\rsit
2014-07-19 17:50 . 2014-07-19 17:50 -------- d-----w- c:\users\Michal\AppData\Local\FLT
2014-07-16 18:42 . 2014-07-16 18:42 -------- d-----w- c:\users\Michal\AppData\Roaming\Leadertech
2014-07-16 12:44 . 2014-07-16 12:44 -------- d-----w- c:\programdata\Riot Games
2014-07-08 18:11 . 2014-07-16 18:43 -------- d-----w- c:\users\Michal\AppData\Local\Downloaded Installations
2014-07-02 17:21 . 2014-07-02 17:21 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-07-02 15:04 . 2014-07-02 15:04 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-07-02 15:04 . 2014-07-02 15:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-07-02 14:55 . 2014-07-02 14:55 -------- d-----w- c:\users\Michal\AppData\Roaming\AVG
2014-07-02 14:55 . 2014-07-02 14:55 -------- d-----w- c:\users\Michal\AppData\Local\AVG
2014-07-02 14:55 . 2014-07-02 14:57 -------- d-----w- c:\programdata\AVG
2014-07-02 14:55 . 2014-07-02 15:01 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 14:54 . 2014-07-02 14:54 -------- d-----w- c:\users\Michal\AppData\Roaming\OpenCandy
2014-07-02 14:53 . 2014-07-02 14:53 -------- d-----w- c:\users\Michal\AppData\Local\FLVService
2014-07-02 14:53 . 2014-07-02 14:53 -------- d-----w- c:\windows\Freecorder
2014-07-02 14:49 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2014-07-02 14:49 . 2004-08-25 11:53 311296 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2014-07-02 14:49 . 2004-05-20 11:07 335872 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2014-07-02 14:49 . 2002-01-05 13:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2014-06-30 14:20 . 2003-03-19 04:19 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL
2014-06-30 14:20 . 2003-03-19 04:12 1047552 ----a-w- c:\windows\SysWow64\MFC71U.DLL
2014-06-30 14:20 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2014-06-30 14:20 . 2003-03-19 02:05 89088 ----a-w- c:\windows\SysWow64\ATL71.DLL
2014-06-30 14:20 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\MSVCR71.DLL
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\users\Michal\AppData\Local\Launcher
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\users\Michal\AppData\Local\id Software
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\program files (x86)\Quake Live
2014-06-27 10:25 . 2014-07-26 18:59 -------- d-----w- c:\users\Michal\AppData\Roaming\vlc
2014-06-27 10:22 . 2014-06-27 10:46 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-26 20:34 . 2013-11-30 21:15 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-07-09 21:28 . 2013-11-30 21:54 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 17:39 . 2013-11-30 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 17:39 . 2013-11-30 22:00 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 07:52 . 2014-07-09 16:39 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-15 17:53 . 2014-05-15 17:53 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2014-05-09 06:14 . 2014-05-14 05:03 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 05:03 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-12 04:55 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 04:55 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-06-04 676608]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-16 134616]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [BU]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-04-01 2007392]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"PATHPILOT"="d:\kat mp3 recorder\Kat MP3 Recorder.exe" [BU]
"amd_dc_opt"="d:\2k games\BioShock\amd_dc_opt.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [BU]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN23K511RS05PJ;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-2-13 249320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TRIXX;TRIXX;c:\users\Michal\AppData\Local\Temp\TRIXX.sys;c:\users\Michal\AppData\Local\Temp\TRIXX.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 18:14 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-30 17:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3321139&octid ... B24D&SSPV=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
AddRemove-Akamai - c:\users\Michal\AppData\Local\Akamai\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Celkový čas: 2014-07-26 22:35:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-26 20:35
ComboFix2.txt 2014-07-26 18:05
.
Před spuštěním: Volných bajtů: 45 309 415 424
Po spuštění: Volných bajtů: 45 038 809 088
.
- - End Of File - - A87F99D80E995F049ECF10DD4BAAEA45
A36C5E4F47E84449FF07ED3517B43A31
KillAll::
File::
c:\windows\system32\WPRO_41_2001woem.tmp
c:\windows\inf\ntvdm.vbe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\users\Michal\AppData\Local\Akamai
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-
"NtVdmSrv"=-
Driver::
62875633
Regnull::
[HKEY_USERS\S-1-5-21-2351883964-1579132718-1644937791-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Pak po vypnutí to jelo znova a byl tenhle
ComboFix 14-07-25.01 - Michal 26.07.2014 22:29:16.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8120.4730 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\inf\ntvdm.vbe"
"c:\windows\system32\WPRO_41_2001woem.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michal\AppData\Local\Akamai
c:\users\Michal\AppData\Local\Akamai\admintool.exe
c:\users\Michal\AppData\Local\Akamai\client.ini
c:\users\Michal\AppData\Local\Akamai\ControlPanel.exe
c:\users\Michal\AppData\Local\Akamai\CplTasks.xml
c:\users\Michal\AppData\Local\Akamai\euc_state.json
c:\users\Michal\AppData\Local\Akamai\extraroot.pem
c:\users\Michal\AppData\Local\Akamai\guid.ini
c:\users\Michal\AppData\Local\Akamai\installer.txt
c:\users\Michal\AppData\Local\Akamai\installer_no_upload_silent.exe
c:\users\Michal\AppData\Local\Akamai\Languages\csy.dll
c:\users\Michal\AppData\Local\Akamai\Languages\dan.dll
c:\users\Michal\AppData\Local\Akamai\Languages\deu.dll
c:\users\Michal\AppData\Local\Akamai\Languages\esp.dll
c:\users\Michal\AppData\Local\Akamai\Languages\fin.dll
c:\users\Michal\AppData\Local\Akamai\Languages\fra.dll
c:\users\Michal\AppData\Local\Akamai\Languages\chs.dll
c:\users\Michal\AppData\Local\Akamai\Languages\cht.dll
c:\users\Michal\AppData\Local\Akamai\Languages\ita.dll
c:\users\Michal\AppData\Local\Akamai\Languages\jpn.dll
c:\users\Michal\AppData\Local\Akamai\Languages\kor.dll
c:\users\Michal\AppData\Local\Akamai\Languages\nld.dll
c:\users\Michal\AppData\Local\Akamai\Languages\nor.dll
c:\users\Michal\AppData\Local\Akamai\Languages\plk.dll
c:\users\Michal\AppData\Local\Akamai\Languages\ptb.dll
c:\users\Michal\AppData\Local\Akamai\Languages\ptg.dll
c:\users\Michal\AppData\Local\Akamai\Languages\rus.dll
c:\users\Michal\AppData\Local\Akamai\Languages\sve.dll
c:\users\Michal\AppData\Local\Akamai\Languages\trk.dll
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140719_214137.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_054221.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_055105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_080547.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_124930.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_130816.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140720_212948.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_043814.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_045206.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_083643.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_112225.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_123053.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140721_211243.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_034226.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_034857.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_073946.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_074144.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_120150.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_130118.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_134302.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140722_210714.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140723_033417.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140723_034024.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140723_104423.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140723_205723.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140724_033239.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140724_033701.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140724_133251.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140724_204840.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_033500.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_035126.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_043930.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_053348.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_073822.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_080053.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_083827.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_093158.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_100247.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_104151.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_140117.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140725_211922.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_083237.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_141300.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_141334.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_185440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon.debug.log.140726_190437.sent
c:\users\Michal\AppData\Local\Akamai\Logs\daemon1.debug.log
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140719_211636.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140719_214137.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_054253.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_055104.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_080606.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_090606.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_100606.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_110607.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_120607.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_124929.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_130831.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_140831.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_150832.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_160832.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_170832.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_180832.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_190833.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_200833.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_210834.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140720_212947.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_043825.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_045205.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_083658.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_093659.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_103659.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_112224.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_123104.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_133104.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_143105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_153105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_163105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_173105.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_183106.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_193106.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_203106.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140721_211242.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_034236.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_034857.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_074002.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_074144.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_120213.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_130118.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_134317.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_144318.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_154318.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_164318.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_174318.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_184319.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_194319.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_204319.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140722_210713.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_033430.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_034023.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_104438.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_114438.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_124439.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_134439.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_144439.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_154439.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_164440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_174440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_184440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_194440.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_204441.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140723_205723.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_033249.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_033700.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_133315.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_143315.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_153316.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_163316.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_173316.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_183316.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_193317.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_203317.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140724_204839.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_033518.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_035126.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_043939.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_053347.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_073833.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_080053.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_083837.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_093157.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_100257.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_104151.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_140127.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_150127.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_170835.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_180835.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_190835.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_200836.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_210836.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140725_211922.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_083246.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_093247.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_103248.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_113248.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_123248.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_133248.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_141259.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_141343.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_151344.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_161344.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_185450.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_190445.sent
c:\users\Michal\AppData\Local\Akamai\Logs\debug.log.140726_200446.sent
c:\users\Michal\AppData\Local\Akamai\netsession_installer.exe
c:\users\Michal\AppData\Local\Akamai\netsession_win.exe
c:\users\Michal\AppData\Local\Akamai\readme.txt
c:\users\Michal\AppData\Local\Akamai\root.pem
c:\users\Michal\AppData\Local\Akamai\rswinui.exe
c:\users\Michal\AppData\Local\Akamai\uninstall.exe
c:\users\Michal\AppData\Local\Akamai\user.dat
c:\windows\system32\WPRO_41_2001woem.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-26 do 2014-07-26 )))))))))))))))))))))))))))))))
.
.
2014-07-26 19:08 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBEE3519-AC1C-4A3D-AD90-BEF28B207B86}\mpengine.dll
2014-07-26 18:18 . 2014-07-26 18:18 -------- d-----w- c:\program files (x86)\PC Tools
2014-07-26 18:12 . 2014-07-26 18:18 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2014-07-26 18:12 . 2014-07-26 18:18 -------- d-----w- c:\programdata\PC Tools
2014-07-26 18:12 . 2014-07-26 18:12 -------- d-----w- c:\users\Michal\AppData\Roaming\TestApp
2014-07-26 17:16 . 2014-07-26 18:59 -------- d-----w- c:\program files\trend micro
2014-07-26 17:16 . 2014-07-26 17:16 -------- d-----w- C:\rsit
2014-07-19 17:50 . 2014-07-19 17:50 -------- d-----w- c:\users\Michal\AppData\Local\FLT
2014-07-16 18:42 . 2014-07-16 18:42 -------- d-----w- c:\users\Michal\AppData\Roaming\Leadertech
2014-07-16 12:44 . 2014-07-16 12:44 -------- d-----w- c:\programdata\Riot Games
2014-07-08 18:11 . 2014-07-16 18:43 -------- d-----w- c:\users\Michal\AppData\Local\Downloaded Installations
2014-07-02 17:21 . 2014-07-02 17:21 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-07-02 15:04 . 2014-07-02 15:04 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-07-02 15:04 . 2014-07-02 15:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-07-02 14:55 . 2014-07-02 14:55 -------- d-----w- c:\users\Michal\AppData\Roaming\AVG
2014-07-02 14:55 . 2014-07-02 14:55 -------- d-----w- c:\users\Michal\AppData\Local\AVG
2014-07-02 14:55 . 2014-07-02 14:57 -------- d-----w- c:\programdata\AVG
2014-07-02 14:55 . 2014-07-02 15:01 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-02 14:54 . 2014-07-02 14:54 -------- d-----w- c:\users\Michal\AppData\Roaming\OpenCandy
2014-07-02 14:53 . 2014-07-02 14:53 -------- d-----w- c:\users\Michal\AppData\Local\FLVService
2014-07-02 14:53 . 2014-07-02 14:53 -------- d-----w- c:\windows\Freecorder
2014-07-02 14:49 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2014-07-02 14:49 . 2004-08-25 11:53 311296 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2014-07-02 14:49 . 2004-05-20 11:07 335872 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2014-07-02 14:49 . 2002-01-05 13:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2014-06-30 14:20 . 2003-03-19 04:19 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL
2014-06-30 14:20 . 2003-03-19 04:12 1047552 ----a-w- c:\windows\SysWow64\MFC71U.DLL
2014-06-30 14:20 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2014-06-30 14:20 . 2003-03-19 02:05 89088 ----a-w- c:\windows\SysWow64\ATL71.DLL
2014-06-30 14:20 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\MSVCR71.DLL
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\users\Michal\AppData\Local\Launcher
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\users\Michal\AppData\Local\id Software
2014-06-29 16:35 . 2014-06-29 16:35 -------- d-----w- c:\program files (x86)\Quake Live
2014-06-27 10:25 . 2014-07-26 18:59 -------- d-----w- c:\users\Michal\AppData\Roaming\vlc
2014-06-27 10:22 . 2014-06-27 10:46 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-26 20:34 . 2013-11-30 21:15 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-07-09 21:28 . 2013-11-30 21:54 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 17:39 . 2013-11-30 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 17:39 . 2013-11-30 22:00 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 07:52 . 2014-07-09 16:39 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-15 17:53 . 2014-05-15 17:53 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2014-05-09 06:14 . 2014-05-14 05:03 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 05:03 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-12 04:55 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 04:55 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-06-04 676608]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-16 134616]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [BU]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-04-01 2007392]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"PATHPILOT"="d:\kat mp3 recorder\Kat MP3 Recorder.exe" [BU]
"amd_dc_opt"="d:\2k games\BioShock\amd_dc_opt.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [BU]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN23K511RS05PJ;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-2-13 249320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TRIXX;TRIXX;c:\users\Michal\AppData\Local\Temp\TRIXX.sys;c:\users\Michal\AppData\Local\Temp\TRIXX.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 18:14 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-30 17:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3321139&octid ... B24D&SSPV=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
AddRemove-Akamai - c:\users\Michal\AppData\Local\Akamai\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Celkový čas: 2014-07-26 22:35:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-26 20:35
ComboFix2.txt 2014-07-26 18:05
.
Před spuštěním: Volných bajtů: 45 309 415 424
Po spuštění: Volných bajtů: 45 038 809 088
.
- - End Of File - - A87F99D80E995F049ECF10DD4BAAEA45
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119543
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejspíše Keylogger, prosím o kontrolu
Smazáno, log je již OK. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?