Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

BV: Autorun-R

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Hanule91
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 29 srp 2014 06:33

BV: Autorun-R

#1 Příspěvek od Hanule91 »

Dobrý den,
mohli byste mi poradit jak to dostat pryč? Je to BV:AutorunE.

Tady je log z ComboFixu:

ComboFix 14-08-28.01 - Hanule 29.08.2014 7:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4001.1493 [GMT 2:00]
Spuštěný z: c:\users\Hanule\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-28 do 2014-08-29 )))))))))))))))))))))))))))))))
.
.
2014-08-29 05:23 . 2014-08-29 05:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-28 12:40 . 2014-08-28 12:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71B0F397-6430-4B5B-B4D4-06C6FFC8E996}\offreg.dll
2014-08-28 12:20 . 2014-08-28 12:20 -------- d-----w- c:\users\Hanule\AppData\Roaming\eCyber
2014-08-28 12:19 . 2014-08-08 06:24 45248 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-08-28 12:19 . 2014-08-28 12:19 -------- d-----w- c:\windows\system32\log
2014-08-28 12:18 . 2014-08-29 03:58 -------- d-----w- c:\users\Hanule\AppData\Roaming\iSafe
2014-08-28 04:43 . 2014-08-28 04:43 -------- d-----w- c:\users\Hanule\AppData\Local\Skype
2014-08-28 04:43 . 2014-08-28 05:11 -------- d-----w- c:\users\Hanule\AppData\Roaming\Skype
2014-08-28 04:42 . 2014-08-28 04:42 -------- d-----r- c:\program files (x86)\Skype
2014-08-28 04:42 . 2014-08-28 04:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-28 04:42 . 2014-08-28 04:43 -------- d-----w- c:\programdata\Skype
2014-08-26 08:05 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71B0F397-6430-4B5B-B4D4-06C6FFC8E996}\mpengine.dll
2014-08-25 18:08 . 2014-08-25 18:08 -------- d-----w- c:\users\Hanule\AppData\Roaming\vlc
2014-08-25 18:07 . 2014-08-25 18:07 -------- d-----w- c:\program files (x86)\VideoLAN
2014-08-25 10:06 . 2014-08-25 10:06 -------- d-sh--w- c:\users\Hanule\AppData\Local\EmieUserList
2014-08-25 10:06 . 2014-08-25 10:06 -------- d-sh--w- c:\users\Hanule\AppData\Local\EmieSiteList
2014-08-18 07:52 . 2014-08-18 15:36 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-08-16 14:24 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-16 14:24 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-16 14:24 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-16 14:24 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-16 14:24 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-16 14:24 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-16 14:23 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 14:23 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-14 04:06 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-14 04:06 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-14 04:06 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-14 04:06 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-14 04:06 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-14 04:02 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 04:02 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-14 04:02 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 04:02 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-12 14:56 . 2014-08-12 14:56 -------- d-----w- c:\program files (x86)\Microsoft Works
2014-08-12 14:54 . 2014-08-12 14:54 -------- d-----w- c:\windows\PCHEALTH
2014-08-12 14:51 . 2014-08-12 14:51 -------- d-----w- c:\program files\Microsoft Office
2014-08-12 14:51 . 2014-08-12 14:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2014-08-12 14:50 . 2014-08-12 14:50 -------- d-----w- c:\users\Hanule\AppData\Local\Microsoft Help
2014-08-12 14:50 . 2014-08-12 14:59 -------- d-----w- c:\programdata\Microsoft Help
2014-08-12 14:49 . 2014-08-12 14:49 -------- d-----r- C:\MSOCache
2014-08-03 19:04 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-03 19:04 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-03 19:04 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-03 19:04 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-03 19:03 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-03 19:03 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-03 19:03 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-03 19:03 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-03 19:03 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-03 19:03 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-03 19:03 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-03 19:03 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-03 19:03 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-03 19:03 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-03 10:51 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-08-02 16:39 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2014-08-02 16:39 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2014-08-02 16:39 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-08-02 16:39 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-08-02 16:39 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-08-02 16:39 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-08-02 16:39 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-08-02 16:39 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-08-02 16:39 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-08-02 16:39 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-08-02 16:39 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-08-02 16:39 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-08-01 15:58 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-08-01 15:58 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-08-01 15:58 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-01 15:58 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-08-01 15:57 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-08-01 15:44 . 2014-08-01 15:44 -------- d-----w- c:\windows\Migration
2014-08-01 10:29 . 2014-08-01 10:29 -------- d-----w- c:\users\Hanule\voip
2014-07-30 05:52 . 2014-07-30 05:52 -------- d-----w- c:\users\Hanule\AppData\Roaming\Search Protection
2014-07-30 05:52 . 2014-07-30 05:52 -------- d-----w- c:\programdata\YTD Video Downloader
2014-07-30 05:52 . 2014-07-30 05:52 -------- d-----w- c:\program files (x86)\GreenTree Applications
2014-07-30 05:47 . 2014-07-30 05:47 -------- d-----w- C:\UpdateChromeLinksLogs
2014-07-30 05:47 . 2014-07-30 05:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-07-30 05:47 . 2014-07-30 05:47 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-07-30 05:47 . 2014-07-30 05:47 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-07-30 05:29 . 2014-07-30 05:29 -------- d-----w- c:\users\Hanule\aTubeCatcher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-05 07:20 . 2014-07-16 18:43 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-24 04:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-07-24 04:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-07-23 09:09 . 2014-07-23 09:05 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-23 09:05 . 2014-07-23 09:05 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-07-23 09:05 . 2014-07-23 09:05 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-23 09:05 . 2014-07-23 09:05 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-23 09:05 . 2014-07-23 09:05 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-23 09:05 . 2014-07-23 09:05 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-23 09:05 . 2014-07-23 09:05 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-23 09:05 . 2014-07-23 09:05 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-23 09:05 . 2014-07-23 09:05 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-23 09:05 . 2014-07-23 09:05 43152 ----a-w- c:\windows\avastSS.scr
2014-07-18 08:51 . 2014-07-18 08:51 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-18 08:51 . 2014-07-18 08:51 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-16 18:56 . 2014-07-16 18:56 44032 ----a-w- c:\windows\system32\drivers\AmUStor.sys
2014-07-16 18:56 . 2014-07-16 18:56 10752 ----a-w- c:\windows\system32\AmUStor.dll
2014-07-16 18:52 . 2010-08-24 15:55 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2014-07-16 18:22 . 2010-10-14 22:28 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2014-07-16 18:22 . 2010-10-14 22:27 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2014-07-16 18:22 . 2011-01-27 07:05 92672 ----a-w- c:\windows\system32\igfxCoIn_v2291.dll
2014-07-16 18:22 . 2011-02-10 11:49 167960 ----a-w- c:\windows\system32\igfxtray.exe
2014-07-16 18:22 . 2011-02-10 11:48 509976 ----a-w- c:\windows\system32\igfxsrvc.exe
2014-07-16 18:22 . 2011-02-10 11:48 418328 ----a-w- c:\windows\system32\igfxpers.exe
2014-07-16 18:22 . 2011-02-10 11:48 239128 ----a-w- c:\windows\system32\igfxext.exe
2014-07-16 18:22 . 2011-01-27 06:55 960940 ----a-w- c:\windows\system32\igkrng600.bin
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2014-07-16 18:22 . 2011-01-27 06:25 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2014-07-16 18:22 . 2011-01-27 06:25 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2014-07-16 18:22 . 2011-01-27 06:25 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2014-07-16 18:22 . 2011-01-27 06:25 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2014-07-16 18:22 . 2011-01-27 06:25 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2014-07-16 18:22 . 2011-01-27 06:25 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2014-07-16 18:22 . 2011-01-27 06:25 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2014-07-16 18:22 . 2011-01-27 06:24 335872 ----a-w- c:\windows\system32\igfxpph.dll
2014-07-16 18:22 . 2011-01-27 06:24 28672 ----a-w- c:\windows\system32\igfxexps.dll
2014-07-16 18:22 . 2011-01-27 06:24 380928 ----a-w- c:\windows\system32\igfxTMM.dll
2014-07-16 18:22 . 2011-01-27 06:24 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-07-16 18:22 . 2011-01-27 06:23 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2014-07-16 18:22 . 2011-01-27 06:23 385024 ----a-w- c:\windows\system32\igfxdev.dll
2014-07-16 18:22 . 2011-01-27 06:22 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2014-07-16 18:22 . 2011-01-27 06:22 9014784 ----a-w- c:\windows\system32\igfxress.dll
2014-07-16 18:22 . 2011-01-27 06:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2014-07-16 18:22 . 2011-01-27 06:18 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2014-07-16 18:22 . 2011-01-27 06:17 288768 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2014-07-16 18:22 . 2011-01-27 06:11 95744 ----a-w- c:\windows\system32\iglhcp64.dll
2014-07-16 18:22 . 2011-01-27 06:11 86528 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2014-07-16 18:22 . 2011-01-27 06:11 368640 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2014-07-16 18:22 . 2011-01-27 06:11 364032 ----a-w- c:\windows\system32\iglhsip64.dll
2014-07-16 18:22 . 2011-01-27 06:25 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2014-07-16 18:22 . 2011-01-27 06:57 7470080 ----a-w- c:\windows\system32\igdumd64.dll
2014-07-16 18:22 . 2011-01-27 06:57 12273408 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2014-07-16 18:22 . 2011-01-27 06:55 213332 ----a-w- c:\windows\system32\igfcg600m.bin
2014-07-16 18:22 . 2011-01-27 06:51 5689344 ----a-w- c:\windows\SysWow64\igdumd32.dll
2014-07-16 18:22 . 2011-01-27 06:48 575488 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2014-07-16 18:22 . 2011-01-27 06:47 7386112 ----a-w- c:\windows\system32\igd10umd64.dll
2014-07-16 18:22 . 2011-01-27 06:11 142848 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2014-07-16 18:22 . 2011-01-27 06:11 122368 ----a-w- c:\windows\system32\igfxcmrt64.dll
2014-07-16 18:22 . 2011-02-10 11:48 391704 ----a-w- c:\windows\system32\hkcmd.exe
2014-07-16 18:22 . 2011-02-10 11:48 4368920 ----a-w- c:\windows\system32\GfxUI.exe
2014-07-16 18:22 . 2011-01-27 06:55 145804 ----a-w- c:\windows\system32\igcompkrng600.bin
2014-07-16 18:22 . 2011-01-27 06:44 6068224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2014-07-16 18:22 . 2011-01-27 06:38 19591680 ----a-w- c:\windows\system32\ig4icd64.dll
2014-07-16 18:22 . 2011-01-27 06:30 14292992 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2014-07-16 18:22 . 2011-01-27 06:23 109056 ----a-w- c:\windows\system32\hccutils.dll
2014-07-16 18:22 . 2011-01-27 06:23 144896 ----a-w- c:\windows\system32\gfxSrvc.dll
2014-07-16 18:22 . 2011-01-27 06:11 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2014-07-16 18:22 . 2011-02-10 11:48 179736 ----a-w- c:\windows\system32\difx64.exe
2014-06-18 02:18 . 2014-07-25 06:52 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-25 06:52 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-25 06:51 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-25 06:51 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-25 06:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-25 06:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-25 06:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"icq"="c:\users\Hanule\AppData\Roaming\ICQM\icq.exe" [2014-07-22 34983944]
"SearchProtection"="c:\users\Hanule\AppData\Roaming\Search Protection\SearchProtection.EXE" [2014-08-22 1109352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-03 2694040]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-03 4085896]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
S3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - iSafeKrnlKit
*Deregistered* - iSafeKrnlR3
*Deregistered* - iSafeNetFilter
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-27 14:18 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.94\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18 08:51]
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-23 09:06]
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-23 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-06-25 14:51 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-06-25 14:51 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-06-25 14:51 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-23 09:05 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-07-16 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-07-16 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-07-16 418328]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2014-07-16 324096]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"SC-Print A Msgsrv"="c:\program files\SC-Print A\Msgsrv.exe" [2010-12-13 66560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://qip.ru/?utm_source=qip2012&utm_medium=cpc&utm_campaign=qip2012_start
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{62FE8E15-A8B1-4818-B6E7-A783AA3DB6EC}: NameServer = 169.254.1.1
FF - ProfilePath - c:\users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\7qgwyjgz.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-08-29 07:26:09
ComboFix-quarantined-files.txt 2014-08-29 05:26
.
Před spuštěním: Volných bajtů: 577 208 688 640
Po spuštění: Volných bajtů: 577 929 138 176
.
- - End Of File - - 3C95578A07A0C5AFB6099395B7BF6526
A36C5E4F47E84449FF07ED3517B43A31



Děkuju za radu
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BV: Autorun-R

#2 Příspěvek od vyosek »

Zdravim :)

Zdravim :)

:arrow: Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

:arrow: Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

:arrow: Nebezpeci CFka
  • Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
  • Maze stopy po haveti, takze v logu z RSIT neni nic videt
  • Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
  • CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
  • CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Hanule91
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 29 srp 2014 06:33

Re: BV: Autorun-R

#3 Příspěvek od Hanule91 »

Dobrý den,
já bohužel ne, ale radil, mi s tím kamarád a když už jsme nevěděli jak to dostat pryč, tak našel návod na combofix a odkaz na toto forum.

Je možné mi poradit takto?

Zkoušel jsem vir odstranit pomocí softwaru YAC a Avast, bohužel ani jednou se nepovedlo. Po testu po restartu se PC tváří jako čisté, ale při naběhnutí systému AVAST opět hlásí problém. Nerada bych PC přeintalovávala a ve starších diskuzích jsem našla, že takovýto problém má více lidí.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BV: Autorun-R

#4 Příspěvek od vyosek »

:arrow: YAC odinstalujte - je zcela neucinny

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Hanule91
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 29 srp 2014 06:33

Re: BV: Autorun-R

#5 Příspěvek od Hanule91 »

Provedla jsem co jste poradil, tady je log. Bohužel BV:Autorun, co našel avast tam stále je.

# AdwCleaner v3.308 - Report created 29/08/2014 at 14:10:30
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hanule - ASUS
# Running from : C:\Users\Hanule\Downloads\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Hanule\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Hanule\AppData\Roaming\iSafe
Folder Deleted : C:\Users\Hanule\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Hanule\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtection]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKLM\SOFTWARE\iSafe
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\7qgwyjgz.default\prefs.js ]


-\\ Google Chrome v37.0.2062.94

[ File : C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

*************************

AdwCleaner[R0].txt - [2614 octets] - [29/08/2014 14:07:00]
AdwCleaner[S0].txt - [2363 octets] - [29/08/2014 14:10:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2423 octets] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BV: Autorun-R

#6 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
c:\users\Hanule\AppData\Roaming\Search Protection

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"=-
"SearchProtection"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"GrooveMonitor"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Hanule91
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 29 srp 2014 06:33

Re: BV: Autorun-R

#7 Příspěvek od Hanule91 »

Omlouvám se, za pomalou odpověď. Udělala jsem co bylo napsáno výše. Tady je výstupní log z ComboFixu.

ComboFix 14-08-31.01 - Hanule 31.08.2014 12:21:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4001.2392 [GMT 2:00]
Spuštěný z: c:\users\Hanule\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Hanule\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-28 do 2014-08-31 )))))))))))))))))))))))))))))))
.
.
2014-08-31 10:28 . 2014-08-31 10:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-29 12:06 . 2014-08-29 16:51 -------- d-----w- C:\AdwCleaner
2014-08-28 12:19 . 2014-08-29 12:10 -------- d-----w- c:\windows\system32\log
2014-08-28 04:43 . 2014-08-28 04:43 -------- d-----w- c:\users\Hanule\AppData\Local\Skype
2014-08-28 04:43 . 2014-08-28 05:11 -------- d-----w- c:\users\Hanule\AppData\Roaming\Skype
2014-08-28 04:42 . 2014-08-28 04:42 -------- d-----r- c:\program files (x86)\Skype
2014-08-28 04:42 . 2014-08-28 04:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-28 04:42 . 2014-08-28 04:43 -------- d-----w- c:\programdata\Skype
2014-08-26 08:05 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71B0F397-6430-4B5B-B4D4-06C6FFC8E996}\mpengine.dll
2014-08-25 18:08 . 2014-08-25 18:08 -------- d-----w- c:\users\Hanule\AppData\Roaming\vlc
2014-08-25 18:07 . 2014-08-25 18:07 -------- d-----w- c:\program files (x86)\VideoLAN
2014-08-25 10:06 . 2014-08-25 10:06 -------- d-sh--w- c:\users\Hanule\AppData\Local\EmieUserList
2014-08-25 10:06 . 2014-08-25 10:06 -------- d-sh--w- c:\users\Hanule\AppData\Local\EmieSiteList
2014-08-18 07:52 . 2014-08-18 15:36 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-08-16 14:24 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-16 14:24 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-16 14:24 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-16 14:24 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-16 14:24 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-16 14:24 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-16 14:23 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 14:23 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-14 04:06 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-14 04:06 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-14 04:06 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-14 04:06 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-14 04:06 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-14 04:02 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 04:02 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-14 04:02 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 04:02 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-12 14:56 . 2014-08-12 14:56 -------- d-----w- c:\program files (x86)\Microsoft Works
2014-08-12 14:54 . 2014-08-12 14:54 -------- d-----w- c:\windows\PCHEALTH
2014-08-12 14:51 . 2014-08-12 14:51 -------- d-----w- c:\program files\Microsoft Office
2014-08-12 14:51 . 2014-08-12 14:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2014-08-12 14:50 . 2014-08-12 14:50 -------- d-----w- c:\users\Hanule\AppData\Local\Microsoft Help
2014-08-12 14:50 . 2014-08-12 14:59 -------- d-----w- c:\programdata\Microsoft Help
2014-08-12 14:49 . 2014-08-12 14:49 -------- d-----r- C:\MSOCache
2014-08-03 19:04 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-03 19:04 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-03 19:04 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-03 19:04 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-03 19:03 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-03 19:03 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-03 19:03 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-03 19:03 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-03 19:03 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-03 19:03 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-03 19:03 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-03 19:03 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-03 19:03 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-03 19:03 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-03 10:51 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-08-02 16:39 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2014-08-02 16:39 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2014-08-02 16:39 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-08-02 16:39 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-08-02 16:39 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-08-02 16:39 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-08-02 16:39 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-08-02 16:39 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-08-02 16:39 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-08-02 16:39 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-08-02 16:39 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-08-02 16:39 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-08-01 15:58 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-08-01 15:58 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-08-01 15:58 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-01 15:58 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-08-01 15:57 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-08-01 15:44 . 2014-08-01 15:44 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-05 07:20 . 2014-07-16 18:43 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-30 05:47 . 2014-07-30 05:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-07-30 05:47 . 2014-07-30 05:47 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-07-30 05:47 . 2014-07-30 05:47 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-07-24 04:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-07-24 04:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-07-23 09:09 . 2014-07-23 09:05 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-23 09:05 . 2014-07-23 09:05 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-07-23 09:05 . 2014-07-23 09:05 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-23 09:05 . 2014-07-23 09:05 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-23 09:05 . 2014-07-23 09:05 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-23 09:05 . 2014-07-23 09:05 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-23 09:05 . 2014-07-23 09:05 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-23 09:05 . 2014-07-23 09:05 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-23 09:05 . 2014-07-23 09:05 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-23 09:05 . 2014-07-23 09:05 43152 ----a-w- c:\windows\avastSS.scr
2014-07-18 08:51 . 2014-07-18 08:51 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-18 08:51 . 2014-07-18 08:51 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-16 18:56 . 2014-07-16 18:56 44032 ----a-w- c:\windows\system32\drivers\AmUStor.sys
2014-07-16 18:56 . 2014-07-16 18:56 10752 ----a-w- c:\windows\system32\AmUStor.dll
2014-07-16 18:52 . 2010-08-24 15:55 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2014-07-16 18:22 . 2010-10-14 22:28 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2014-07-16 18:22 . 2010-10-14 22:27 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2014-07-16 18:22 . 2011-01-27 07:05 92672 ----a-w- c:\windows\system32\igfxCoIn_v2291.dll
2014-07-16 18:22 . 2011-02-10 11:49 167960 ----a-w- c:\windows\system32\igfxtray.exe
2014-07-16 18:22 . 2011-02-10 11:48 509976 ----a-w- c:\windows\system32\igfxsrvc.exe
2014-07-16 18:22 . 2011-02-10 11:48 418328 ----a-w- c:\windows\system32\igfxpers.exe
2014-07-16 18:22 . 2011-02-10 11:48 239128 ----a-w- c:\windows\system32\igfxext.exe
2014-07-16 18:22 . 2011-01-27 06:55 960940 ----a-w- c:\windows\system32\igkrng600.bin
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2014-07-16 18:22 . 2011-01-27 06:25 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2014-07-16 18:22 . 2011-01-27 06:25 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2014-07-16 18:22 . 2011-01-27 06:25 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2014-07-16 18:22 . 2011-01-27 06:25 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2014-07-16 18:22 . 2011-01-27 06:25 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2014-07-16 18:22 . 2011-01-27 06:25 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2014-07-16 18:22 . 2011-01-27 06:25 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2014-07-16 18:22 . 2011-01-27 06:24 335872 ----a-w- c:\windows\system32\igfxpph.dll
2014-07-16 18:22 . 2011-01-27 06:24 28672 ----a-w- c:\windows\system32\igfxexps.dll
2014-07-16 18:22 . 2011-01-27 06:24 380928 ----a-w- c:\windows\system32\igfxTMM.dll
2014-07-16 18:22 . 2011-01-27 06:24 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-07-16 18:22 . 2011-01-27 06:23 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2014-07-16 18:22 . 2011-01-27 06:23 385024 ----a-w- c:\windows\system32\igfxdev.dll
2014-07-16 18:22 . 2011-01-27 06:22 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2014-07-16 18:22 . 2011-01-27 06:22 9014784 ----a-w- c:\windows\system32\igfxress.dll
2014-07-16 18:22 . 2011-01-27 06:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2014-07-16 18:22 . 2011-01-27 06:18 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2014-07-16 18:22 . 2011-01-27 06:17 288768 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2014-07-16 18:22 . 2011-01-27 06:11 95744 ----a-w- c:\windows\system32\iglhcp64.dll
2014-07-16 18:22 . 2011-01-27 06:11 86528 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2014-07-16 18:22 . 2011-01-27 06:11 368640 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2014-07-16 18:22 . 2011-01-27 06:11 364032 ----a-w- c:\windows\system32\iglhsip64.dll
2014-07-16 18:22 . 2011-01-27 06:25 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2014-07-16 18:22 . 2011-01-27 06:57 7470080 ----a-w- c:\windows\system32\igdumd64.dll
2014-07-16 18:22 . 2011-01-27 06:57 12273408 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2014-07-16 18:22 . 2011-01-27 06:55 213332 ----a-w- c:\windows\system32\igfcg600m.bin
2014-07-16 18:22 . 2011-01-27 06:51 5689344 ----a-w- c:\windows\SysWow64\igdumd32.dll
2014-07-16 18:22 . 2011-01-27 06:48 575488 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2014-07-16 18:22 . 2011-01-27 06:47 7386112 ----a-w- c:\windows\system32\igd10umd64.dll
2014-07-16 18:22 . 2011-01-27 06:11 142848 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2014-07-16 18:22 . 2011-01-27 06:11 122368 ----a-w- c:\windows\system32\igfxcmrt64.dll
2014-07-16 18:22 . 2011-02-10 11:48 391704 ----a-w- c:\windows\system32\hkcmd.exe
2014-07-16 18:22 . 2011-02-10 11:48 4368920 ----a-w- c:\windows\system32\GfxUI.exe
2014-07-16 18:22 . 2011-01-27 06:55 145804 ----a-w- c:\windows\system32\igcompkrng600.bin
2014-07-16 18:22 . 2011-01-27 06:44 6068224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2014-07-16 18:22 . 2011-01-27 06:38 19591680 ----a-w- c:\windows\system32\ig4icd64.dll
2014-07-16 18:22 . 2011-01-27 06:30 14292992 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2014-07-16 18:22 . 2011-01-27 06:23 109056 ----a-w- c:\windows\system32\hccutils.dll
2014-07-16 18:22 . 2011-01-27 06:23 144896 ----a-w- c:\windows\system32\gfxSrvc.dll
2014-07-16 18:22 . 2011-01-27 06:11 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2014-07-16 18:22 . 2011-02-10 11:48 179736 ----a-w- c:\windows\system32\difx64.exe
2014-06-18 02:18 . 2014-07-25 06:52 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-25 06:52 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-25 06:51 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-25 06:51 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-25 06:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-25 06:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-25 06:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-03 2694040]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-03 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:4c9d5938 /wow /dir:C:\Program
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
S3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-27 14:18 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.94\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18 08:51]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-23 09:06]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-23 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-06-25 14:51 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-06-25 14:51 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-06-25 14:51 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-23 09:05 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-07-16 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-07-16 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-07-16 418328]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2014-07-16 324096]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"SC-Print A Msgsrv"="c:\program files\SC-Print A\Msgsrv.exe" [2010-12-13 66560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 84.16.121.1 84.16.96.2
TCP: Interfaces\{62FE8E15-A8B1-4818-B6E7-A783AA3DB6EC}: NameServer = 169.254.1.1
FF - ProfilePath - c:\users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\7qgwyjgz.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2014-08-31 12:36:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-31 10:36
ComboFix2.txt 2014-08-29 05:26
.
Před spuštěním: Volných bajtů: 579 304 943 616
Po spuštění: Volných bajtů: 578 950 701 056
.
- - End Of File - - 66584BF84C54335F3C75DFBBE5E70967
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BV: Autorun-R

#8 Příspěvek od vyosek »

:arrow: Avast stale neco hlasi??

:arrow: Pripadne dejte screen toho hlaseni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Hanule91
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 29 srp 2014 06:33

Re: BV: Autorun-R

#9 Příspěvek od Hanule91 »

Teď dokontroloval Avastr, a stále hlásí.

Jméno:C:\ProgramData\Microsoft\SearchData\Applications\Windows\tmp.edb
Závažnost: Vysoká
Stav: Hrozba: BV:Autorun-Ef[Wrm]
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BV: Autorun-R

#10 Příspěvek od vyosek »

Takze vytvorte znovu CFScript.txt a aplikujte jako o krok vyse.
Obsah CFScriptu

Kód: Vybrat vše

KillAll::

Collect::
C:\ProgramData\Microsoft\SearchData\Applications\Windows\tmp.edb

Firefox::
FF - ProfilePath - c:\users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\7qgwyjgz.default\
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=gree ... =501549&p=

Reboot::
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Hanule91
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 29 srp 2014 06:33

Re: BV: Autorun-R

#11 Příspěvek od Hanule91 »

Asi dělám něco špatně, protože Avast i po aplikaci druhého scriptu hlásí přítomnost.

1) Stáhla jsem
2) přetáhla na plochu
3) spustila - vytvořil se úvodní log
4) vytvořila jsem soubor CFScript a natáhla, otevřela se modrá obrazovka -> spouštění, bod obnovy, pak dokončena fáze 1-X, restart, vytvoření logu.

Avast při kontrole po restartu nic nenajde, ale po najetí systému ano.

Tady je log po druhé aplikaci scriptu

ComboFix 14-08-31.01 - Hanule 31.08.2014 16:29:09.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4001.2382 [GMT 2:00]
Spuštěný z: c:\users\Hanule\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Hanule\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-28 do 2014-08-31 )))))))))))))))))))))))))))))))
.
.
2014-08-31 14:34 . 2014-08-31 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-29 12:06 . 2014-08-29 16:51 -------- d-----w- C:\AdwCleaner
2014-08-28 12:19 . 2014-08-29 12:10 -------- d-----w- c:\windows\system32\log
2014-08-28 04:43 . 2014-08-28 04:43 -------- d-----w- c:\users\Hanule\AppData\Local\Skype
2014-08-28 04:43 . 2014-08-28 05:11 -------- d-----w- c:\users\Hanule\AppData\Roaming\Skype
2014-08-28 04:42 . 2014-08-28 04:42 -------- d-----r- c:\program files (x86)\Skype
2014-08-28 04:42 . 2014-08-28 04:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-28 04:42 . 2014-08-28 04:43 -------- d-----w- c:\programdata\Skype
2014-08-26 08:05 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71B0F397-6430-4B5B-B4D4-06C6FFC8E996}\mpengine.dll
2014-08-25 18:08 . 2014-08-25 18:08 -------- d-----w- c:\users\Hanule\AppData\Roaming\vlc
2014-08-25 18:07 . 2014-08-25 18:07 -------- d-----w- c:\program files (x86)\VideoLAN
2014-08-25 10:06 . 2014-08-25 10:06 -------- d-sh--w- c:\users\Hanule\AppData\Local\EmieUserList
2014-08-25 10:06 . 2014-08-25 10:06 -------- d-sh--w- c:\users\Hanule\AppData\Local\EmieSiteList
2014-08-18 07:52 . 2014-08-31 10:38 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-08-16 14:24 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-16 14:24 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-16 14:24 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-16 14:24 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-16 14:24 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-16 14:24 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-16 14:23 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 14:23 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-14 04:06 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-14 04:06 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-14 04:06 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-14 04:06 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-14 04:06 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-14 04:06 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-14 04:02 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 04:02 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-14 04:02 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 04:02 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-12 14:56 . 2014-08-12 14:56 -------- d-----w- c:\program files (x86)\Microsoft Works
2014-08-12 14:54 . 2014-08-12 14:54 -------- d-----w- c:\windows\PCHEALTH
2014-08-12 14:51 . 2014-08-12 14:51 -------- d-----w- c:\program files\Microsoft Office
2014-08-12 14:51 . 2014-08-12 14:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2014-08-12 14:50 . 2014-08-12 14:50 -------- d-----w- c:\users\Hanule\AppData\Local\Microsoft Help
2014-08-12 14:50 . 2014-08-12 14:59 -------- d-----w- c:\programdata\Microsoft Help
2014-08-12 14:49 . 2014-08-12 14:49 -------- d-----r- C:\MSOCache
2014-08-03 19:04 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-03 19:04 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-03 19:04 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-03 19:04 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-03 19:03 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-03 19:03 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-03 19:03 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-03 19:03 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-03 19:03 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-03 19:03 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-03 19:03 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-03 19:03 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-03 19:03 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-03 19:03 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-03 10:51 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-08-02 16:39 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2014-08-02 16:39 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2014-08-02 16:39 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-08-02 16:39 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-08-02 16:39 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-08-02 16:39 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-08-02 16:39 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-08-02 16:39 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-08-02 16:39 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-08-02 16:39 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-08-02 16:39 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-08-02 16:39 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-08-01 15:58 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-08-01 15:58 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-08-01 15:58 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-01 15:58 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-08-01 15:57 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-08-01 15:44 . 2014-08-01 15:44 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-05 07:20 . 2014-07-16 18:43 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-01 11:01 . 2014-08-01 11:01 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-08-01 11:01 . 2014-08-01 11:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-08-01 11:01 . 2014-08-01 11:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-08-01 11:01 . 2014-08-01 11:01 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-08-01 11:01 . 2014-08-01 11:01 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-08-01 11:01 . 2014-08-01 11:01 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-08-01 11:01 . 2014-08-01 11:01 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-08-01 11:01 . 2014-08-01 11:01 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-08-01 11:01 . 2014-08-01 11:01 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-08-01 11:01 . 2014-08-01 11:01 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-08-01 11:01 . 2014-08-01 11:01 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-08-01 11:01 . 2014-08-01 11:01 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-08-01 11:01 . 2014-08-01 11:01 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-08-01 11:01 . 2014-08-01 11:01 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-08-01 11:01 . 2014-08-01 11:01 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-08-01 11:01 . 2014-08-01 11:01 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-08-01 11:01 . 2014-08-01 11:01 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-08-01 11:01 . 2014-08-01 11:01 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-08-01 11:01 . 2014-08-01 11:01 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-08-01 11:01 . 2014-08-01 11:01 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-08-01 11:01 . 2014-08-01 11:01 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-08-01 11:01 . 2014-08-01 11:01 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-08-01 11:01 . 2014-08-01 11:01 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-08-01 11:01 . 2014-08-01 11:01 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-08-01 11:01 . 2014-08-01 11:01 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-08-01 11:01 . 2014-08-01 11:01 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-07-30 05:47 . 2014-07-30 05:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-07-30 05:47 . 2014-07-30 05:47 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-07-30 05:47 . 2014-07-30 05:47 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-07-24 04:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-07-24 04:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-07-23 09:09 . 2014-07-23 09:05 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-23 09:05 . 2014-07-23 09:05 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-07-23 09:05 . 2014-07-23 09:05 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-23 09:05 . 2014-07-23 09:05 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-23 09:05 . 2014-07-23 09:05 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-23 09:05 . 2014-07-23 09:05 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-23 09:05 . 2014-07-23 09:05 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-23 09:05 . 2014-07-23 09:05 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-23 09:05 . 2014-07-23 09:05 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-23 09:05 . 2014-07-23 09:05 43152 ----a-w- c:\windows\avastSS.scr
2014-07-18 08:51 . 2014-07-18 08:51 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-18 08:51 . 2014-07-18 08:51 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-16 18:56 . 2014-07-16 18:56 44032 ----a-w- c:\windows\system32\drivers\AmUStor.sys
2014-07-16 18:56 . 2014-07-16 18:56 10752 ----a-w- c:\windows\system32\AmUStor.dll
2014-07-16 18:52 . 2010-08-24 15:55 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2014-07-16 18:22 . 2010-10-14 22:28 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2014-07-16 18:22 . 2010-10-14 22:27 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2014-07-16 18:22 . 2011-01-27 07:05 92672 ----a-w- c:\windows\system32\igfxCoIn_v2291.dll
2014-07-16 18:22 . 2011-02-10 11:49 167960 ----a-w- c:\windows\system32\igfxtray.exe
2014-07-16 18:22 . 2011-02-10 11:48 509976 ----a-w- c:\windows\system32\igfxsrvc.exe
2014-07-16 18:22 . 2011-02-10 11:48 418328 ----a-w- c:\windows\system32\igfxpers.exe
2014-07-16 18:22 . 2011-02-10 11:48 239128 ----a-w- c:\windows\system32\igfxext.exe
2014-07-16 18:22 . 2011-01-27 06:55 960940 ----a-w- c:\windows\system32\igkrng600.bin
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2014-07-16 18:22 . 2011-01-27 06:25 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2014-07-16 18:22 . 2011-01-27 06:25 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2014-07-16 18:22 . 2011-01-27 06:25 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2014-07-16 18:22 . 2011-01-27 06:25 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2014-07-16 18:22 . 2011-01-27 06:25 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2014-07-16 18:22 . 2011-01-27 06:25 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2014-07-16 18:22 . 2011-01-27 06:25 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2014-07-16 18:22 . 2011-01-27 06:25 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2014-07-16 18:22 . 2011-01-27 06:25 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-03 2694040]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-03 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:4c9d5938 /wow /dir:C:\Program
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
S3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-27 14:18 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.94\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18 08:51]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-23 09:06]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-23 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-06-25 14:51 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-06-25 14:51 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-06-25 14:51 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-23 09:05 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-07-16 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-07-16 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-07-16 418328]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2014-07-16 324096]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"SC-Print A Msgsrv"="c:\program files\SC-Print A\Msgsrv.exe" [2010-12-13 66560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 84.16.121.1 84.16.96.2
TCP: Interfaces\{62FE8E15-A8B1-4818-B6E7-A783AA3DB6EC}: NameServer = 169.254.1.1
FF - ProfilePath - c:\users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\7qgwyjgz.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2014-08-31 16:43:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-31 14:43
ComboFix2.txt 2014-08-31 10:36
ComboFix3.txt 2014-08-29 05:26
.
Před spuštěním: Volných bajtů: 578 727 378 944
Po spuštění: Volných bajtů: 578 627 653 632
.
- - End Of File - - 32DD148B60EC2B38034888B6B0664010
A36C5E4F47E84449FF07ED3517B43A31
Přílohy
screen.jpg
screen.jpg (38.25 KiB) Zobrazeno 2706 x
Nahoru
Hanule91
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 29 srp 2014 06:33

Re: BV: Autorun-R

#12 Příspěvek od Hanule91 »

Je možné aplikovat tento postup?

http://forum.viry.cz/viewtopic.php?f=13&t=120767

Opravdu bych se ráda vyhnula formátu PC. Děkuju
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BV: Autorun-R

#13 Příspěvek od vyosek »

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Hanule91
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 29 srp 2014 06:33

Re: BV: Autorun-R

#14 Příspěvek od Hanule91 »

Zde je log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Hanule (administrator) on ASUS on 01-09-2014 09:41:55
Running from C:\Users\Hanule\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\SC-Print A\Msgsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Hanule\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2014-07-16] (Alcor Micro Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SC-Print A Msgsrv] => C:\Program Files\SC-Print A\Msgsrv.exe [66560 2010-12-13] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [43008 2011-04-08] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * aswBoot.exe /M:4c9d5938 /wow /dir:C:\Program

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {C9EC6BD9-A9F4-4083-9724-A8CFF20F4E5F} URL = https://search.yahoo.com/search?fr=chr- ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 84.16.121.1 84.16.96.2
Tcpip\..\Interfaces\{62FE8E15-A8B1-4818-B6E7-A783AA3DB6EC}: [NameServer] 169.254.1.1

FireFox:
========
FF ProfilePath: C:\Users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\7qgwyjgz.default
FF Homepage: hxxp://gmail.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\7qgwyjgz.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: YouTube to MP3 - C:\Users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\7qgwyjgz.default\Extensions\youtube2mp3@mondayx.de.xpi [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-23]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchProvider: Default -> Yahoo
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr- ... earchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?outp ... earchTerms}
CHR Profile: C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-23]
CHR Extension: (Disk Google) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-23]
CHR Extension: (YouTube) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-23]
CHR Extension: (Vyhledávání Google) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-23]
CHR Extension: (avast! Online Security) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-26]
CHR Extension: (Peněženka Google) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-26]
CHR Extension: (Gmail) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-23] (AVAST Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-23] ()
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [56320 2011-04-08] (Fresco Logic)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [288792 2008-07-01] (silex technology, Inc.)
S1 tmdibcvy; C:\Windows\system32\drivers\tmdibcvy.sys [55104 2014-09-01] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 09:41 - 2014-09-01 09:42 - 00016601 _____ () C:\Users\Hanule\Desktop\FRST.txt
2014-09-01 09:41 - 2014-09-01 09:42 - 00000000 ____D () C:\FRST
2014-09-01 09:39 - 2014-09-01 09:39 - 00112640 _____ (forum.viry.cz) C:\Users\Hanule\Desktop\FRSTLauncher.exe
2014-09-01 09:38 - 2014-09-01 09:38 - 02104832 _____ (Farbar) C:\Users\Hanule\Desktop\FRST64.exe
2014-09-01 09:36 - 2014-09-01 09:36 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tmdibcvy.sys
2014-09-01 09:15 - 2014-09-01 09:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hanule\Downloads\tdsskiller.exe
2014-08-31 20:49 - 2014-08-31 20:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-31 20:49 - 2014-08-31 20:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-31 17:34 - 2014-08-31 17:34 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-31 17:34 - 2014-08-31 17:34 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-08-31 17:34 - 2014-08-31 17:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-31 17:34 - 2014-08-31 17:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-31 17:33 - 2014-08-31 17:33 - 13850816 _____ (Microsoft Corporation) C:\Users\Hanule\Downloads\mseinstall.exe
2014-08-31 17:32 - 2014-08-31 17:32 - 00000000 ___SD () C:\ComboFix
2014-08-31 16:45 - 2014-08-31 16:45 - 00028891 _____ () C:\Users\Hanule\Desktop\vystup.txt
2014-08-31 12:08 - 2014-08-31 12:08 - 05576326 ____R (Swearware) C:\Users\Hanule\Desktop\ComboFix.exe
2014-08-29 14:15 - 2014-08-29 14:15 - 00002503 _____ () C:\Users\Hanule\Desktop\AdwCleaner[S0].txt
2014-08-29 14:06 - 2014-08-29 18:51 - 00000000 ____D () C:\AdwCleaner
2014-08-29 13:45 - 2014-08-29 13:45 - 00572775 _____ () C:\Users\Hanule\Desktop\Svěráky pro vertikální soustruhy.pptx
2014-08-29 10:23 - 2014-08-29 10:23 - 01364531 _____ () C:\Users\Hanule\Desktop\adwcleaner_3.308.exe
2014-08-29 08:20 - 2014-08-29 08:20 - 00001038 _____ () C:\Users\Hanule\Desktop\PSPad Editor.lnk
2014-08-29 07:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-29 07:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-29 07:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-29 07:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-29 07:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-29 07:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-29 07:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-29 07:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-29 07:14 - 2014-08-31 17:32 - 00000000 ____D () C:\Qoobox
2014-08-29 07:14 - 2014-08-31 12:28 - 00000000 ____D () C:\Windows\erdnt
2014-08-28 14:19 - 2014-08-29 14:10 - 00000000 ____D () C:\Windows\system32\log
2014-08-28 14:17 - 2014-08-28 14:18 - 12925224 _____ (Elex do Brasil Participações Ltda) C:\Users\Hanule\Downloads\yet_another_cleaner_sk.exe
2014-08-28 07:21 - 2014-08-28 07:21 - 00025550 _____ () C:\Users\Hanule\Downloads\mail_merge-3.8.0-tb+sm.xpi
2014-08-28 07:19 - 2014-08-28 11:45 - 00002791 _____ () C:\Users\Hanule\Desktop\adres.csv
2014-08-28 06:43 - 2014-08-28 07:11 - 00000000 ____D () C:\Users\Hanule\AppData\Roaming\Skype
2014-08-28 06:43 - 2014-08-28 06:43 - 00000000 ____D () C:\Users\Hanule\AppData\Local\Skype
2014-08-28 06:42 - 2014-08-28 06:43 - 00000000 ____D () C:\ProgramData\Skype
2014-08-28 06:42 - 2014-08-28 06:42 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-28 06:42 - 2014-08-28 06:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-28 06:42 - 2014-08-28 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-28 06:40 - 2014-08-28 06:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Hanule\Downloads\SkypeSetup.exe
2014-08-28 06:24 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 06:24 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 06:24 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 11:35 - 2014-08-27 13:39 - 00015190 _____ () C:\Users\Hanule\Desktop\seznam_fy_2808.xlsx
2014-08-27 06:34 - 2014-08-27 06:35 - 00000000 ____D () C:\Users\Hanule\Downloads\pro katalog
2014-08-26 17:33 - 2014-08-31 16:25 - 00000000 ____D () C:\Users\Hanule\Desktop\Timková_srpen 2014
2014-08-25 20:08 - 2014-08-25 20:08 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 20:08 - 2014-08-25 20:08 - 00000000 ____D () C:\Users\Hanule\AppData\Roaming\vlc
2014-08-25 20:08 - 2014-08-25 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 20:07 - 2014-08-25 20:07 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 17:07 - 2014-08-25 17:08 - 31206605 _____ () C:\Users\Hanule\Downloads\vlc-setup.exe
2014-08-25 17:06 - 2014-08-25 17:06 - 24735966 _____ () C:\Users\Hanule\Downloads\vlc-2.1.5-win32.exe.part
2014-08-25 15:40 - 2014-08-25 16:35 - 495369652 _____ () C:\Users\Hanule\Downloads\Frozen-CZ-tit-iTunes-ready-FullHD.mp4
2014-08-25 12:06 - 2014-08-25 12:06 - 00000000 __SHD () C:\Users\Hanule\AppData\Local\EmieUserList
2014-08-25 12:06 - 2014-08-25 12:06 - 00000000 __SHD () C:\Users\Hanule\AppData\Local\EmieSiteList
2014-08-23 06:30 - 2014-08-23 06:31 - 62719361 _____ () C:\Users\Hanule\Downloads\vnoučata s prarodiči.zip
2014-08-21 11:56 - 2014-08-21 13:34 - 00000000 ____D () C:\Users\Hanule\Desktop\SCREEN
2014-08-20 15:57 - 2014-08-25 16:47 - 00000000 ____D () C:\Users\Hanule\Downloads\zasilka-AI5VZV25AT28P6XI
2014-08-20 15:53 - 2014-08-20 15:56 - 377428240 _____ () C:\Users\Hanule\Downloads\zasilka-AI5VZV25AT28P6XI.zip
2014-08-20 10:31 - 2014-08-20 10:32 - 00000000 ____D () C:\Users\Hanule\Desktop\HUDBA
2014-08-19 20:14 - 2014-08-20 20:41 - 11414688 _____ () C:\Users\Hanule\Desktop\emauzy3.psd
2014-08-19 15:55 - 2014-08-19 15:55 - 00000000 ____D () C:\Users\Hanule\Downloads\fwdfoto(1)
2014-08-19 15:55 - 2014-08-19 15:55 - 00000000 ____D () C:\Users\Hanule\Downloads\fwdfoto
2014-08-19 14:51 - 2014-08-19 14:51 - 00458326 _____ () C:\Users\Hanule\Downloads\fwdfoto(1).zip
2014-08-19 14:50 - 2014-08-19 14:50 - 00645548 _____ () C:\Users\Hanule\Downloads\fwdfoto.zip
2014-08-19 13:06 - 2014-08-19 15:26 - 1229010944 _____ () C:\Users\Hanule\Downloads\Slecna-Drsnak---CZ-dvdrip.avi
2014-08-19 10:07 - 2014-08-29 08:37 - 00002446 _____ () C:\Users\Hanule\Desktop\Osvědčení o jakosti a kompletnosti – zástupce.lnk
2014-08-19 08:21 - 2014-08-19 08:21 - 00000000 ____D () C:\Users\Hanule\Desktop\KATALOGY
2014-08-18 09:52 - 2014-08-31 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-16 16:24 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 16:24 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 16:24 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 16:24 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 16:24 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 16:24 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 16:23 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 16:23 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 10:34 - 2014-08-21 12:05 - 00000000 ____D () C:\Users\Hanule\Desktop\EMAUZY
2014-08-14 06:06 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 06:06 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 06:06 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 06:06 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 06:06 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 06:06 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 06:06 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 06:06 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 06:06 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 06:06 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 06:06 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 06:06 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 06:06 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 06:06 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 06:05 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 06:05 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 06:05 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 06:05 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 06:05 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 06:05 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 06:05 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 06:05 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 06:05 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 06:05 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 06:05 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 06:05 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 06:05 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 06:05 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 06:05 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 06:05 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 06:05 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 06:05 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 06:05 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 06:05 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 06:05 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 06:05 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 06:05 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 06:05 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 06:05 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 06:05 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 06:05 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 06:05 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 06:05 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 06:05 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 06:05 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 06:05 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 06:05 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 06:05 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 06:05 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 06:05 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 06:05 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 06:05 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 06:05 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 06:05 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 06:05 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 06:05 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 06:05 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 06:05 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 06:05 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 06:05 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 06:05 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 06:05 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 06:05 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 06:05 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 06:05 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 06:05 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 06:05 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 06:05 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 06:05 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 06:05 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 06:05 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 06:05 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 06:05 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 06:05 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 06:05 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 06:05 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 06:05 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 06:05 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 06:05 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 06:05 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 06:02 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 06:02 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 06:02 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 06:02 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 16:59 - 2014-08-12 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-12 16:56 - 2014-08-31 20:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-08-12 16:55 - 2014-08-12 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-08-12 16:54 - 2014-08-12 16:54 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-08-12 16:50 - 2014-08-31 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-12 16:50 - 2014-08-12 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-12 16:50 - 2014-08-12 16:50 - 00000000 ____D () C:\Users\Hanule\AppData\Local\Microsoft Help
2014-08-12 16:49 - 2014-08-12 16:49 - 00000000 ___RD () C:\MSOCache
2014-08-10 19:11 - 2014-08-19 19:30 - 00000000 ____D () C:\Users\Hanule\Desktop\Itálie 2014
2014-08-03 21:04 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 21:04 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 21:04 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 21:04 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 21:03 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 21:03 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 21:03 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 21:03 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 21:03 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 21:03 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 21:03 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 21:03 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 21:03 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 21:03 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-03 12:51 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-08-03 12:46 - 2014-08-03 12:46 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-03 12:46 - 2014-08-03 12:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-03 12:46 - 2014-08-03 12:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-03 12:46 - 2014-08-03 12:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-03 12:46 - 2014-08-03 12:46 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-03 12:46 - 2014-08-03 12:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-03 12:46 - 2014-08-03 12:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-02 18:39 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-08-02 18:39 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-08-02 18:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-02 18:39 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-02 18:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-08-02 18:39 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-08-02 18:39 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-08-02 18:39 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-08-02 18:39 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-08-02 18:39 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-08-02 18:39 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-08-02 18:39 - 2011-02-25 07:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 09:42 - 2014-09-01 09:41 - 00016601 _____ () C:\Users\Hanule\Desktop\FRST.txt
2014-09-01 09:42 - 2014-09-01 09:41 - 00000000 ____D () C:\FRST
2014-09-01 09:39 - 2014-09-01 09:39 - 00112640 _____ (forum.viry.cz) C:\Users\Hanule\Desktop\FRSTLauncher.exe
2014-09-01 09:38 - 2014-09-01 09:38 - 02104832 _____ (Farbar) C:\Users\Hanule\Desktop\FRST64.exe
2014-09-01 09:36 - 2014-09-01 09:36 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tmdibcvy.sys
2014-09-01 09:31 - 2014-07-18 10:51 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 09:17 - 2014-07-23 11:06 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 09:16 - 2014-09-01 09:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hanule\Downloads\tdsskiller.exe
2014-09-01 08:25 - 2014-07-16 19:50 - 01057666 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 08:25 - 2009-07-14 06:45 - 00024048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 08:25 - 2009-07-14 06:45 - 00024048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 08:17 - 2014-07-23 11:06 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 08:17 - 2014-07-17 22:06 - 00115688 _____ () C:\Users\Hanule\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-01 08:17 - 2009-07-14 06:45 - 00440328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 08:15 - 2014-07-16 20:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-01 08:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 08:15 - 2009-07-14 06:51 - 00027598 _____ () C:\Windows\setupact.log
2014-08-31 20:55 - 2014-08-12 16:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-31 20:51 - 2014-08-12 16:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-08-31 20:49 - 2014-08-31 20:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-31 20:49 - 2014-08-31 20:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-31 20:49 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-08-31 20:20 - 2014-07-23 11:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-31 17:34 - 2014-08-31 17:34 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-31 17:34 - 2014-08-31 17:34 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-08-31 17:34 - 2014-08-31 17:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-31 17:34 - 2014-08-31 17:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-31 17:33 - 2014-08-31 17:33 - 13850816 _____ (Microsoft Corporation) C:\Users\Hanule\Downloads\mseinstall.exe
2014-08-31 17:32 - 2014-08-31 17:32 - 00000000 ___SD () C:\ComboFix
2014-08-31 17:32 - 2014-08-29 07:14 - 00000000 ____D () C:\Qoobox
2014-08-31 16:45 - 2014-08-31 16:45 - 00028891 _____ () C:\Users\Hanule\Desktop\vystup.txt
2014-08-31 16:38 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-31 16:35 - 2014-07-18 14:43 - 00156422 _____ () C:\Windows\PFRO.log
2014-08-31 16:25 - 2014-08-26 17:33 - 00000000 ____D () C:\Users\Hanule\Desktop\Timková_srpen 2014
2014-08-31 12:38 - 2014-08-18 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-31 12:28 - 2014-08-29 07:14 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 12:12 - 2014-07-17 21:21 - 00000000 ____D () C:\Users\Hanule\AppData\Local\Adobe
2014-08-31 12:08 - 2014-08-31 12:08 - 05576326 ____R (Swearware) C:\Users\Hanule\Desktop\ComboFix.exe
2014-08-29 18:51 - 2014-08-29 14:06 - 00000000 ____D () C:\AdwCleaner
2014-08-29 18:26 - 2014-07-30 16:08 - 00000000 ____D () C:\Users\Hanule\Desktop\Formulka
2014-08-29 14:15 - 2014-08-29 14:15 - 00002503 _____ () C:\Users\Hanule\Desktop\AdwCleaner[S0].txt
2014-08-29 14:10 - 2014-08-28 14:19 - 00000000 ____D () C:\Windows\system32\log
2014-08-29 13:45 - 2014-08-29 13:45 - 00572775 _____ () C:\Users\Hanule\Desktop\Svěráky pro vertikální soustruhy.pptx
2014-08-29 13:41 - 2014-07-16 19:59 - 00000000 ____D () C:\Users\Hanule
2014-08-29 13:28 - 2014-07-18 08:29 - 00000000 ____D () C:\Users\Hanule\AppData\Local\CrashDumps
2014-08-29 11:47 - 2009-07-14 17:18 - 00669116 _____ () C:\Windows\system32\perfh005.dat
2014-08-29 11:47 - 2009-07-14 17:18 - 00141744 _____ () C:\Windows\system32\perfc005.dat
2014-08-29 11:47 - 2009-07-14 07:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-29 10:23 - 2014-08-29 10:23 - 01364531 _____ () C:\Users\Hanule\Desktop\adwcleaner_3.308.exe
2014-08-29 08:37 - 2014-08-19 10:07 - 00002446 _____ () C:\Users\Hanule\Desktop\Osvědčení o jakosti a kompletnosti – zástupce.lnk
2014-08-29 08:37 - 2014-07-23 11:09 - 00002010 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-29 08:37 - 2014-07-18 07:49 - 00002436 _____ () C:\Users\Public\Desktop\Ekonomický systém POHODA 2014 (síťový klient) Komplet.lnk
2014-08-29 08:20 - 2014-08-29 08:20 - 00001038 _____ () C:\Users\Hanule\Desktop\PSPad Editor.lnk
2014-08-29 07:26 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-29 05:59 - 2014-07-29 21:52 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-08-28 14:18 - 2014-08-28 14:17 - 12925224 _____ (Elex do Brasil Participações Ltda) C:\Users\Hanule\Downloads\yet_another_cleaner_sk.exe
2014-08-28 11:45 - 2014-08-28 07:19 - 00002791 _____ () C:\Users\Hanule\Desktop\adres.csv
2014-08-28 07:21 - 2014-08-28 07:21 - 00025550 _____ () C:\Users\Hanule\Downloads\mail_merge-3.8.0-tb+sm.xpi
2014-08-28 07:11 - 2014-08-28 06:43 - 00000000 ____D () C:\Users\Hanule\AppData\Roaming\Skype
2014-08-28 06:43 - 2014-08-28 06:43 - 00000000 ____D () C:\Users\Hanule\AppData\Local\Skype
2014-08-28 06:43 - 2014-08-28 06:42 - 00000000 ____D () C:\ProgramData\Skype
2014-08-28 06:42 - 2014-08-28 06:42 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-28 06:42 - 2014-08-28 06:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-28 06:42 - 2014-08-28 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-28 06:40 - 2014-08-28 06:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Hanule\Downloads\SkypeSetup.exe
2014-08-28 06:27 - 2014-07-21 12:30 - 00000000 ____D () C:\Users\Hanule\AppData\Local\GHISLER
2014-08-27 13:39 - 2014-08-27 11:35 - 00015190 _____ () C:\Users\Hanule\Desktop\seznam_fy_2808.xlsx
2014-08-27 06:35 - 2014-08-27 06:34 - 00000000 ____D () C:\Users\Hanule\Downloads\pro katalog
2014-08-25 20:08 - 2014-08-25 20:08 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 20:08 - 2014-08-25 20:08 - 00000000 ____D () C:\Users\Hanule\AppData\Roaming\vlc
2014-08-25 20:08 - 2014-08-25 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-25 20:07 - 2014-08-25 20:07 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-25 17:08 - 2014-08-25 17:07 - 31206605 _____ () C:\Users\Hanule\Downloads\vlc-setup.exe
2014-08-25 17:06 - 2014-08-25 17:06 - 24735966 _____ () C:\Users\Hanule\Downloads\vlc-2.1.5-win32.exe.part
2014-08-25 16:47 - 2014-08-20 15:57 - 00000000 ____D () C:\Users\Hanule\Downloads\zasilka-AI5VZV25AT28P6XI
2014-08-25 16:35 - 2014-08-25 15:40 - 495369652 _____ () C:\Users\Hanule\Downloads\Frozen-CZ-tit-iTunes-ready-FullHD.mp4
2014-08-25 12:06 - 2014-08-25 12:06 - 00000000 __SHD () C:\Users\Hanule\AppData\Local\EmieUserList
2014-08-25 12:06 - 2014-08-25 12:06 - 00000000 __SHD () C:\Users\Hanule\AppData\Local\EmieSiteList
2014-08-23 06:31 - 2014-08-23 06:30 - 62719361 _____ () C:\Users\Hanule\Downloads\vnoučata s prarodiči.zip
2014-08-23 04:07 - 2014-08-28 06:24 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 06:24 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 06:24 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 11:34 - 2014-07-21 11:14 - 00001480 _____ () C:\Users\Hanule\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2014-08-21 13:34 - 2014-08-21 11:56 - 00000000 ____D () C:\Users\Hanule\Desktop\SCREEN
2014-08-21 12:05 - 2014-08-15 10:34 - 00000000 ____D () C:\Users\Hanule\Desktop\EMAUZY
2014-08-21 10:41 - 2014-07-24 08:33 - 00000000 ____D () C:\Users\Hanule\AppData\Roaming\XnView
2014-08-21 06:57 - 2014-07-16 21:30 - 00000000 ____D () C:\Users\Hanule\Documents\Bluetooth Folder
2014-08-20 20:41 - 2014-08-19 20:14 - 11414688 _____ () C:\Users\Hanule\Desktop\emauzy3.psd
2014-08-20 15:56 - 2014-08-20 15:53 - 377428240 _____ () C:\Users\Hanule\Downloads\zasilka-AI5VZV25AT28P6XI.zip
2014-08-20 10:32 - 2014-08-20 10:31 - 00000000 ____D () C:\Users\Hanule\Desktop\HUDBA
2014-08-19 19:30 - 2014-08-10 19:11 - 00000000 ____D () C:\Users\Hanule\Desktop\Itálie 2014
2014-08-19 15:55 - 2014-08-19 15:55 - 00000000 ____D () C:\Users\Hanule\Downloads\fwdfoto(1)
2014-08-19 15:55 - 2014-08-19 15:55 - 00000000 ____D () C:\Users\Hanule\Downloads\fwdfoto
2014-08-19 15:26 - 2014-08-19 13:06 - 1229010944 _____ () C:\Users\Hanule\Downloads\Slecna-Drsnak---CZ-dvdrip.avi
2014-08-19 14:51 - 2014-08-19 14:51 - 00458326 _____ () C:\Users\Hanule\Downloads\fwdfoto(1).zip
2014-08-19 14:50 - 2014-08-19 14:50 - 00645548 _____ () C:\Users\Hanule\Downloads\fwdfoto.zip
2014-08-19 13:09 - 2014-07-17 21:16 - 00000000 ____D () C:\Users\Hanule\AppData\Local\Thunderbird
2014-08-19 08:21 - 2014-08-19 08:21 - 00000000 ____D () C:\Users\Hanule\Desktop\KATALOGY
2014-08-18 20:57 - 2014-07-16 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-18 09:02 - 2014-07-24 08:33 - 00001793 _____ () C:\Users\Hanule\Desktop\XnView.lnk
2014-08-18 09:02 - 2014-07-24 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2014-08-18 09:02 - 2014-07-24 08:33 - 00000000 ____D () C:\Program Files (x86)\XnView
2014-08-17 11:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 16:22 - 2014-07-20 09:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 07:27 - 2014-07-17 22:06 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-08-12 16:59 - 2014-08-12 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-12 16:56 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-08-12 16:55 - 2014-08-12 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-08-12 16:55 - 2014-08-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-12 16:55 - 2009-07-14 17:36 - 00000000 ____D () C:\Windows\ShellNew
2014-08-12 16:54 - 2014-08-12 16:54 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-12 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-08-12 16:50 - 2014-08-12 16:50 - 00000000 ____D () C:\Users\Hanule\AppData\Local\Microsoft Help
2014-08-12 16:49 - 2014-08-12 16:49 - 00000000 ___RD () C:\MSOCache
2014-08-07 04:06 - 2014-08-14 06:02 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 06:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 18:06 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-03 20:56 - 2014-07-16 20:00 - 00001397 _____ () C:\Users\Hanule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-03 12:51 - 2014-08-01 12:57 - 00018282 _____ () C:\Windows\IE11_main.log
2014-08-03 12:46 - 2014-08-03 12:46 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-03 12:46 - 2014-08-03 12:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-03 12:46 - 2014-08-03 12:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-03 12:46 - 2014-08-03 12:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-03 12:46 - 2014-08-03 12:46 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-03 12:46 - 2014-08-03 12:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-03 12:46 - 2014-08-03 12:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-03 12:46 - 2014-08-03 12:46 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-03 12:46 - 2014-08-03 12:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-03 12:37 - 2014-07-16 20:43 - 01560204 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-02 09:55 - 2009-07-14 17:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-02 09:55 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-08-02 09:55 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-08-02 09:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-08-02 09:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-08-02 09:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-02 09:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-08-02 09:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-08-02 09:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows\system32\Drivers\tmdibcvy.sys:changelist

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Hanule\Desktop" je 1465 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.rar
(8.34 KiB) Staženo 84 x
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BV: Autorun-R

#15 Příspěvek od vyosek »

:arrow: Odinstalujte Microsoft Security Client, jinak bude kolidovat s Avastem

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

SearchScopes: HKCU - {C9EC6BD9-A9F4-4083-9724-A8CFF20F4E5F} URL = https://search.yahoo.com/search?fr=chr- ... =501549&p={searchTerms}

FF SearchPlugin: C:\Users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\7qgwyjgz.default\searchplugins\yahoo_ff.xml

CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchProvider: Default -> Yahoo
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr- ... =501549&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?outp ... n&command={searchTerms}

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

2014-09-01 09:39 - 2014-09-01 09:39 - 00112640 _____ (forum.viry.cz) C:\Users\Hanule\Desktop\FRSTLauncher.exe
2014-09-01 09:36 - 2014-09-01 09:36 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tmdibcvy.sys
2014-09-01 09:15 - 2014-09-01 09:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hanule\Downloads\tdsskiller.exe
2014-08-31 16:45 - 2014-08-31 16:45 - 00028891 _____ () C:\Users\Hanule\Desktop\vystup.txt
2014-08-29 14:15 - 2014-08-29 14:15 - 00002503 _____ () C:\Users\Hanule\Desktop\AdwCleaner[S0].txt
2014-08-29 14:06 - 2014-08-29 18:51 - 00000000 ____D () C:\AdwCleaner
2014-08-28 14:17 - 2014-08-28 14:18 - 12925224 _____ (Elex do Brasil Participações Ltda) C:\Users\Hanule\Downloads\yet_another_cleaner_sk.exe
C:\Windows\system32\Drivers\tmdibcvy.sys

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Windows\system32\Drivers\tmdibcvy.sys:changelist

Hosts:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“