Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Chybná bitová kopie - SOS !!!

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Martina.Br.
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 13 led 2015 20:13

Chybná bitová kopie - SOS !!!

#1 Příspěvek od Martina.Br. »

Ahoj! prosím o pomoc.. objevilo se mi okno:

dllhost.exe chybná bitová kopie
c:/windows/system32/FlashPlayerCPLApp.cpl

Ještě doplňující info - nejde mi nic... otvírat soubory, internet, fotky.. pokaždý tohle okno (Office ale třeba jdou..). Jedná se o notebook, už delší dobu hrozně pomalej...
A jsem uplnej pc negramot... :-)

log RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2015-01-13 20:09:07
Microsoft Windows 7 Home Premium
System drive C: has 73 GB (31%) free of 238 GB
Total RAM: 3958 MB (57% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job - C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job - C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\OptimizerProUpdaterLogonTask.job - C:\ProgramData\OptimizerPro\ix_updater.exe /schedule /profilepath "C:\ProgramData\OptimizerPro\profile.ini"
C:\Windows\tasks\OptimizerProUpdaterRefreshTask.job - C:\ProgramData\OptimizerPro\ix_updater.exe /profilepath "C:\ProgramData\OptimizerPro\profile.ini"
C:\Windows\tasks\RegistryBooster.job - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\tasks\Security Center Update - 3425793768.job - C:\Users\admin\AppData\Roaming\Kubuadm\gefopo.exe
C:\Windows\tasks\Security Center Update - 3741571091.job - C:\Users\admin\AppData\Roaming\Kyyhuz\tityidy.exe
C:\Windows\tasks\Security Center Update - 3998176165.job - C:\Users\admin\AppData\Roaming\Ixyqqa\mupuq.exe
C:\Windows\tasks\Security Center Update - 514026233.job - C:\Users\admin\AppData\Roaming\Ykqopise\igiqep.exe
C:\Windows\tasks\Security Center Update - 591574539.job - C:\Users\admin\AppData\Roaming\Ilunir\qyyvpae.exe
C:\Windows\tasks\Security Center Update - 607701921.job - C:\Users\admin\AppData\Roaming\Momawei\enqugu.exe
C:\Windows\tasks\WxDFastUpdaterLogonTask.job - C:\ProgramData\WxDFastUpdater\ix_updater.exe /schedule /profilepath "C:\ProgramData\WxDFastUpdater\profile.ini"
C:\Windows\tasks\WxDFastUpdaterRefreshTask.job - C:\ProgramData\WxDFastUpdater\ix_updater.exe /profilepath "C:\ProgramData\WxDFastUpdater\profile.ini"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-12-05 382720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-04-12 45568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-19 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{990A8747-93BF-4EF7-B72E-94A6884B98C2}]
STATISTICA Browser Helper - C:\Program Files\StatSoft\STATISTICA 12\Support\StaBHO.dll [2013-04-01 232448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-19 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}]
SmileysWeLoveToolbar - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
DVDVideoSoft Toolbar - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll []
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]
{CF0F43AB-9C23-4D7B-8040-201B82844854} - SmileysWeLove - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-08 98304]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-21 2454840]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2010-12-05 274608]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"ROC_ROC_JULY_P1"=C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe / /PROMPT /CMPID=ROC_JULY_P1 []
"Family Tree Builder Update"=C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
"ApnTBMon"=C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2014-11-24 2039192]
"CrashReportNotifyer"=C:\Users\admin\AppData\Local\Temp\temp1268733068.exe [2015-01-13 1403392]
"TimeChecker"=C:\Program Files (x86)\Microsoft Office\Office12\launch.exe [2006-10-26 1403392]
"VideoVerifyer"=C:\Program Files (x86)\Java\jre6\bin\jucheck.exe [2010-03-11 1403392]
"FolderVerifyer"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\wisptis.exe [2015-01-04 1403392]
"NetworkChecker"=C:\Program Files (x86)\Java\jre7\bin\convert.exe [2015-01-04 1403392]
"MediaNotifyer"=C:\Windows\unpack.exe [2011-04-27 1403392]
"VideoSaver"=C:\Program Files (x86)\Java\jre6\bin\lucoms.exe [2010-03-11 1403392]
"FolderUpdater"=C:\Program Files (x86)\Java\jre7\bin\hkcr.exe [2015-01-04 1403392]
"MediaVerifyer"=C:\Windows\iexplore.exe [2011-04-27 1403392]
"ConnectionChecker"=C:\Program Files (x86)\Java\jre7\bin\jucheck.exe [2015-01-04 1403392]
"FolderChecker"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\hkcr.exe [2015-01-04 1403392]
"ConnectionSaver"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\winlogon.exe [2015-01-04 1403392]
"NetworkNotifyer"=C:\Windows\hkcr.exe [2011-04-27 1403392]
"NetworkInformer"=C:\Windows\wisptis.exe [2011-04-27 1403392]
"x86kernel2"=c:\42686079\svchost.exe [2015-01-06 78505]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"14207"=C:\PROGRA~3\LOCALS~1\Temp\msiwkmui.com [2009-07-14 151552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"=C:\Users\admin\AppData\Roaming\QipGuard\QipGuard.exe [2010-04-12 181760]
"RegistryBooster"=C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe delay 20000 []
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"Facebook Update"=C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20 138096]
"Pokki"=C:\Users\admin\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [2015-01-01 10232648]
"UpdateChecker"=C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe [2013-08-25 7168]
"Ipgz"=rundll32 C:\Users\admin\AppData\Roaming\da-DK4.dll,Vogd []
"ifvnmor"=rundll32 C:\Users\admin\AppData\Local\ifvnmor.dll,ifvnmor []
"Svc2dll"=C:\Users\admin\AppData\Local\svcxdcl32.exe [2014-12-27 137728]
""=C:\Users\admin\AppData\Local\gpSYIHaammVRyNy.exe []
"bimouri"=rundll32 C:\Users\admin\AppData\Local\bimouri.dll,bimouri []
"JuseZvucu"=regsvr32.exe C:\ProgramData\JuseZvucu\BaqoFcus.xqd []
"CrashReportNotifyer"=C:\Users\admin\AppData\Local\Temp\temp1268733068.exe [2015-01-13 1403392]
"x86kernel2"=c:\42686079\svchost.exe [2015-01-06 78505]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cmjahae]
C:\Windows\system32\config\systemprofile\AppData\Local\cmjahae.dll [2015-01-12 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cnjahae]
C:\Windows\system32\config\systemprofile\AppData\Local\cnjahae.dll [2015-01-11 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\laominx]
C:\Windows\system32\config\systemprofile\AppData\Local\laominx.dll [2015-01-04 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\laymegx]
C:\Windows\system32\config\systemprofile\AppData\Local\laymegx.dll [2015-01-06 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\megxlay]
C:\Windows\system32\config\systemprofile\AppData\Local\megxlay.dll [2015-01-07 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xmeglay]
C:\Windows\system32\config\systemprofile\AppData\Local\xmeglay.dll [2015-01-08 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=L3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.DIV3"=DivXc32.dll
"vidc.DIV4"=DivXc32f.dll
"msacm.divxa32"=DivXa32.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 month======

2015-01-13 20:09:08 ----D---- C:\Program Files (x86)\trend micro
2015-01-13 20:09:07 ----D---- C:\rsit
2015-01-13 17:43:08 ----D---- C:\ProgramData\Local Settings
2015-01-11 13:03:49 ----A---- C:\Windows\SysWOW64\ixykwuot.exe
2015-01-11 13:03:47 ----D---- C:\Users\admin\AppData\Roaming\Kubuadm
2015-01-08 14:57:41 ----A---- C:\Windows\SysWOW64\weirkay.exe
2015-01-08 14:57:40 ----D---- C:\Users\admin\AppData\Roaming\Ixyqqa
2015-01-08 09:09:00 ----D---- C:\Users\admin\AppData\Roaming\Ykqopise
2015-01-08 09:09:00 ----A---- C:\Windows\SysWOW64\fautkotybi.exe
2015-01-07 08:56:24 ----D---- C:\Users\admin\AppData\Roaming\Momawei
2015-01-07 08:56:24 ----A---- C:\Windows\SysWOW64\xireab.exe
2015-01-07 08:52:09 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-01-07 08:49:19 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-01-06 17:33:29 ----D---- C:\Users\admin\AppData\Roaming\42686079
2015-01-06 08:55:47 ----D---- C:\42686079
2015-01-06 08:21:07 ----D---- C:\Windows\SysWOW64\????sers
2015-01-03 21:26:27 ----A---- C:\Users\admin\AppData\Roaming\ScanDisc.exe
2014-12-24 14:40:27 ----A---- C:\Users\admin\AppData\Roaming\svcxdcl32.exe
2014-12-23 14:44:43 ----D---- C:\Users\admin\AppData\Roaming\CrystalIdea Software
2014-12-22 23:01:51 ----A---- C:\Windows\fjEeGHhRviMexXc.exe
2014-12-19 19:02:59 ----D---- C:\ProgramData\AskPartnerNetwork
2014-12-19 19:02:59 ----D---- C:\Program Files (x86)\AskPartnerNetwork
2014-12-19 19:02:49 ----D---- C:\ProgramData\APN
2014-12-19 19:00:45 ----D---- C:\Program Files (x86)\Common Files\Java
2014-12-19 18:59:57 ----D---- C:\ProgramData\Oracle
2014-12-18 20:35:59 ----D---- C:\Users\admin\AppData\Roaming\Ilunir
2014-12-18 20:34:36 ----D---- C:\ProgramData\JuseZvucu
2014-12-16 20:12:57 ----SHD---- C:\found.000
2014-12-15 20:49:20 ----D---- C:\Users\admin\AppData\Roaming\Kyyhuz
2014-12-15 20:47:56 ----D---- C:\ProgramData\vrxkwql

======List of files/folders modified in the last 1 month======

2015-01-13 20:09:10 ----D---- C:\Windows\Temp
2015-01-13 20:09:08 ----RD---- C:\Program Files (x86)
2015-01-13 20:09:01 ----D---- C:\Windows\SysWOW64
2015-01-13 20:06:02 ----D---- C:\Windows
2015-01-13 20:04:55 ----D---- C:\Windows\inf
2015-01-13 20:04:33 ----D---- C:\Windows\Tasks
2015-01-13 19:59:16 ----D---- C:\Windows\SoftwareDistribution
2015-01-13 19:59:16 ----D---- C:\Windows\Minidump
2015-01-13 19:18:33 ----D---- C:\Users\admin\AppData\Roaming\BitTorrent
2015-01-13 19:18:32 ----D---- C:\Users\admin\AppData\Roaming\Babylon
2015-01-13 19:18:31 ----RD---- C:\Users
2015-01-13 19:18:23 ----D---- C:\Users\admin\AppData\Roaming\Mozilla
2015-01-13 19:18:04 ----D---- C:\Users\admin\AppData\Roaming\MyHeritage
2015-01-13 19:17:57 ----D---- C:\Users\admin\AppData\Roaming\Uniblue
2015-01-13 19:17:56 ----D---- C:\Users\admin\AppData\Roaming\YoudaGames
2015-01-13 19:17:48 ----D---- C:\Users\admin\AppData\Roaming\Real
2015-01-13 19:17:45 ----D---- C:\Users\admin\AppData\Roaming\Adobe
2015-01-13 19:17:41 ----D---- C:\Users\admin\AppData\Roaming\Samsung
2015-01-13 19:17:40 ----D---- C:\Users\admin\AppData\Roaming\Skype
2015-01-13 19:17:36 ----D---- C:\Users\admin\AppData\Roaming\Toshiba
2015-01-13 19:17:17 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2015-01-13 19:17:16 ----D---- C:\Users\admin\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2015-01-13 19:16:50 ----D---- C:\Windows\Prefetch
2015-01-13 19:13:17 ----D---- C:\Program Files (x86)\ChatZum Toolbar
2015-01-13 19:12:21 ----D---- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-01-13 19:12:02 ----D---- C:\PC TRANSLATOR DEMO
2015-01-13 19:11:28 ----D---- C:\Program Files (x86)\eBay
2015-01-13 17:46:45 ----D---- C:\Works
2015-01-13 17:46:33 ----HD---- C:\ProgramData
2015-01-13 17:45:58 ----D---- C:\ProgramData\wxDfast
2015-01-13 17:45:57 ----SD---- C:\ProgramData\Microsoft
2015-01-13 17:45:57 ----D---- C:\ProgramData\MyHeritage
2015-01-13 17:45:56 ----D---- C:\ProgramData\TOSHIBA
2015-01-13 17:45:56 ----D---- C:\ProgramData\Skype
2015-01-13 17:45:56 ----D---- C:\ProgramData\SiteAdvisor
2015-01-13 17:45:55 ----D---- C:\Toshiba
2015-01-13 17:45:55 ----D---- C:\ProgramData\DivX
2015-01-13 17:45:41 ----RD---- C:\Program Files (x86)\Skype
2015-01-13 17:45:41 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2015-01-13 17:45:41 ----D---- C:\Program Files (x86)\Miranda IM
2015-01-13 17:45:35 ----D---- C:\Program Files (x86)\Microsoft Works
2015-01-13 17:45:20 ----D---- C:\Program Files (x86)\MediaMonkey
2015-01-13 17:45:14 ----D---- C:\Program Files (x86)\ICQ6Toolbar
2015-01-13 17:45:04 ----D---- C:\Program Files (x86)\ATI Technologies
2015-01-13 17:44:43 ----D---- C:\Program Files (x86)\Toshiba TEMPRO
2015-01-13 17:44:40 ----SHD---- C:\$RECYCLE.BIN
2015-01-13 17:44:37 ----D---- C:\ProgramData\Partner
2015-01-13 17:37:48 ----A---- C:\Windows\SysWOW64\log.txt
2015-01-12 15:03:19 ----SHD---- C:\System Volume Information
2015-01-12 13:57:31 ----A---- C:\Users\admin\AppData\Roaming\HELP_DECRYPT.TXT.wdfljvj
2015-01-07 18:39:23 ----SHD---- C:\Config.Msi
2015-01-07 08:53:37 ----SHD---- C:\Windows\Installer
2015-01-07 08:52:10 ----RD---- C:\Program Files
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Reference Assemblies
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Realtek WLAN Driver
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Realtek
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Real
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\QIP 2010
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\QIP
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Pidgin
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Photo Story 3 for Windows
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Nero
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\MSXML 4.0
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\MSBuild
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Office
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Games
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\MarkAny
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Java
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Internet Explorer
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Intel
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Google
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Electronic Arts
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\EA GAMES
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\DivX
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Conduit
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\xing shared
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Toshiba Shared
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\System
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\SpeechEngines
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Skype
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Services
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\postureAgent
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Adobe
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Adobe
2014-12-19 19:00:12 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys []
R0 NBVol;Nero Backup Volume Filter Driver; C:\Windows\system32\DRIVERS\NBVol.sys []
R0 NBVolUp;Nero Backup Volume Upper Filter Driver; C:\Windows\system32\DRIVERS\NBVolUp.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys []
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
S1 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys [2006-07-24 5632]
S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\Windows\system32\drivers\btserial.sys [2004-11-29 23271]
S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\Windows\system32\drivers\btslbcsp.sys [2004-11-29 222876]
S3 a631uscf;a631uscf; C:\Windows\SysWOW64\drivers\a631uscf.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 225280]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2009-03-31 16392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APNMCP;Ask Update Service; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-11-24 166296]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-07-02 810144]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-28 249648]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28 107912]
S2 SecurityCenterServer3425793768;Security Center Server - 3425793768; C:\Windows\SysWOW64\ixykwuot.exe [2014-02-24 507576]
S2 SecurityCenterServer3998176165;Security Center Server - 3998176165; C:\Windows\SysWOW64\weirkay.exe [2014-01-19 509100]
S2 SecurityCenterServer514026233;Security Center Server - 514026233; C:\Windows\SysWOW64\fautkotybi.exe [2011-01-16 508951]
S2 SecurityCenterServer607701921;Security Center Server - 607701921; C:\Windows\SysWOW64\xireab.exe [2014-07-31 505504]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-07-02 42360]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28 107912]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11 194032]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Chybná bitová kopie - SOS !!!

#2 Příspěvek od Rudy »

Zdravím!
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Martina.Br.
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 13 led 2015 20:13

Re: Chybná bitová kopie - SOS !!!

#3 Příspěvek od Martina.Br. »

omlouvám se, že to tak trvá.. ale musim všechno dělat přes flashku..

takže:

# AdwCleaner v4.107 - Report created 13/01/2015 at 20:50:29
# Updated 07/01/2015 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium (64 bits)
# Username : admin - ADMIN-TOSH
# Running from : I:\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\wxDfast
Folder Deleted : C:\ProgramData\OptimizerPro
Folder Deleted : C:\ProgramData\WxDFastUpdater
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\ChatZum Toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files (x86)\SqueakyChocolate
Folder Deleted : C:\Users\admin\AppData\Local\Temp\apn
Folder Deleted : C:\Users\admin\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\admin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\admin\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\admin\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgfphmgkdjeeickfnjgdbgkbchijina
File Deleted : C:\chatzum_nt.exe
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\ask-search.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\Conduit.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin.gif
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin.src
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\qip-search.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\search.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\searchplugins\search-safer.xml
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0.localstorage
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage-journal
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : RegistryBooster

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocgfphmgkdjeeickfnjgdbgkbchijina
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\SmileysWeLove
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\ChatZum Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1500}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WxDFastUpdater

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16455

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v34.0.5 (x86 cs)


-\\ Google Chrome v39.0.2171.95

[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={EE7586A7-2074-4D96-AF0C-3DD9172EBE30}&mid=2f943f3bac4b4e6dbbc5ffdf97e2d424-21952f86aa3c2ae254ac3f60a4fa51fa3423fef7&lang=en&ds=pl011&pr=sa&d=2012-05-03 22:05:31&v=12.2.5.32&sap=dsp&q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=112465&tt=3012_2&babsrc=SP_ss&mntrId=0881377f00000000000070f1a1466265
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=112465&tt=3012_2&babsrc=SP_ss&mntrId=0881377f00000000000070f1a1466265

*************************

AdwCleaner[R0].txt - [18355 octets] - [13/01/2015 20:43:21]
AdwCleaner[R1].txt - [18416 octets] - [13/01/2015 20:47:45]
AdwCleaner[S0].txt - [15582 octets] - [13/01/2015 20:50:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15643 octets] ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Chybná bitová kopie - SOS !!!

#4 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Martina.Br.
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 13 led 2015 20:13

Re: Chybná bitová kopie - SOS !!!

#5 Příspěvek od Martina.Br. »

Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2015-01-13 21:28:57
Microsoft Windows 7 Home Premium
System drive C: has 74 GB (31%) free of 238 GB
Total RAM: 3958 MB (50% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job - C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job - C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\OptimizerProUpdaterLogonTask.job - C:\ProgramData\OptimizerPro\ix_updater.exe /schedule /profilepath "C:\ProgramData\OptimizerPro\profile.ini"
C:\Windows\tasks\OptimizerProUpdaterRefreshTask.job - C:\ProgramData\OptimizerPro\ix_updater.exe /profilepath "C:\ProgramData\OptimizerPro\profile.ini"
C:\Windows\tasks\Security Center Update - 3425793768.job - C:\Users\admin\AppData\Roaming\Kubuadm\gefopo.exe
C:\Windows\tasks\Security Center Update - 3741571091.job - C:\Users\admin\AppData\Roaming\Kyyhuz\tityidy.exe
C:\Windows\tasks\Security Center Update - 3998176165.job - C:\Users\admin\AppData\Roaming\Ixyqqa\mupuq.exe
C:\Windows\tasks\Security Center Update - 514026233.job - C:\Users\admin\AppData\Roaming\Ykqopise\igiqep.exe
C:\Windows\tasks\Security Center Update - 591574539.job - C:\Users\admin\AppData\Roaming\Ilunir\qyyvpae.exe
C:\Windows\tasks\Security Center Update - 607701921.job - C:\Users\admin\AppData\Roaming\Momawei\enqugu.exe
C:\Windows\tasks\WxDFastUpdaterLogonTask.job - C:\ProgramData\WxDFastUpdater\ix_updater.exe /schedule /profilepath "C:\ProgramData\WxDFastUpdater\profile.ini"
C:\Windows\tasks\WxDFastUpdaterRefreshTask.job - C:\ProgramData\WxDFastUpdater\ix_updater.exe /profilepath "C:\ProgramData\WxDFastUpdater\profile.ini"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-12-05 382720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-04-12 45568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-19 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{990A8747-93BF-4EF7-B72E-94A6884B98C2}]
STATISTICA Browser Helper - C:\Program Files\StatSoft\STATISTICA 12\Support\StaBHO.dll [2013-04-01 232448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-19 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}]
SmileysWeLoveToolbar - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
DVDVideoSoft Toolbar - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll []
{CF0F43AB-9C23-4D7B-8040-201B82844854} - SmileysWeLove - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-08 98304]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-21 2454840]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2010-12-05 274608]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"ROC_ROC_JULY_P1"=C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe / /PROMPT /CMPID=ROC_JULY_P1 []
"Family Tree Builder Update"=C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
"ApnTBMon"=C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe []
"CrashReportNotifyer"=C:\Users\admin\AppData\Local\Temp\temp1268733068.exe [2015-01-13 1403392]
"TimeChecker"=C:\Program Files (x86)\Microsoft Office\Office12\launch.exe [2006-10-26 1403392]
"VideoVerifyer"=C:\Program Files (x86)\Java\jre6\bin\jucheck.exe [2010-03-11 1403392]
"FolderVerifyer"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\wisptis.exe [2015-01-04 1403392]
"NetworkChecker"=C:\Program Files (x86)\Java\jre7\bin\convert.exe [2015-01-04 1403392]
"MediaNotifyer"=C:\Windows\unpack.exe [2011-04-27 1403392]
"VideoSaver"=C:\Program Files (x86)\Java\jre6\bin\lucoms.exe [2010-03-11 1403392]
"FolderUpdater"=C:\Program Files (x86)\Java\jre7\bin\hkcr.exe [2015-01-04 1403392]
"MediaVerifyer"=C:\Windows\iexplore.exe [2011-04-27 1403392]
"ConnectionChecker"=C:\Program Files (x86)\Java\jre7\bin\jucheck.exe [2015-01-04 1403392]
"FolderChecker"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\hkcr.exe [2015-01-04 1403392]
"ConnectionSaver"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\winlogon.exe [2015-01-04 1403392]
"NetworkNotifyer"=C:\Windows\hkcr.exe [2011-04-27 1403392]
"NetworkInformer"=C:\Windows\wisptis.exe [2011-04-27 1403392]
"x86kernel2"=c:\42686079\svchost.exe [2015-01-06 78505]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"14207"=C:\PROGRA~3\LOCALS~1\Temp\msiwkmui.com [2009-07-14 151552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"=C:\Users\admin\AppData\Roaming\QipGuard\QipGuard.exe [2010-04-12 181760]
"RegistryBooster"=C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe delay 20000 []
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"Facebook Update"=C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20 138096]
"Pokki"=C:\Users\admin\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [2015-01-01 10232648]
"UpdateChecker"=C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe []
"Ipgz"=rundll32 C:\Users\admin\AppData\Roaming\da-DK4.dll,Vogd []
"ifvnmor"=rundll32 C:\Users\admin\AppData\Local\ifvnmor.dll,ifvnmor []
"Svc2dll"=C:\Users\admin\AppData\Local\svcxdcl32.exe [2014-12-27 137728]
""=C:\Users\admin\AppData\Local\gpSYIHaammVRyNy.exe []
"bimouri"=rundll32 C:\Users\admin\AppData\Local\bimouri.dll,bimouri []
"JuseZvucu"=regsvr32.exe C:\ProgramData\JuseZvucu\BaqoFcus.xqd []
"CrashReportNotifyer"=C:\Users\admin\AppData\Local\Temp\temp1268733068.exe [2015-01-13 1403392]
"x86kernel2"=c:\42686079\svchost.exe [2015-01-06 78505]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cmjahae]
C:\Windows\system32\config\systemprofile\AppData\Local\cmjahae.dll [2015-01-12 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cnjahae]
C:\Windows\system32\config\systemprofile\AppData\Local\cnjahae.dll [2015-01-11 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\laominx]
C:\Windows\system32\config\systemprofile\AppData\Local\laominx.dll [2015-01-04 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\laymegx]
C:\Windows\system32\config\systemprofile\AppData\Local\laymegx.dll [2015-01-06 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\megxlay]
C:\Windows\system32\config\systemprofile\AppData\Local\megxlay.dll [2015-01-07 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xmeglay]
C:\Windows\system32\config\systemprofile\AppData\Local\xmeglay.dll [2015-01-08 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=L3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.DIV3"=DivXc32.dll
"vidc.DIV4"=DivXc32f.dll
"msacm.divxa32"=DivXa32.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 month======

2015-01-13 20:43:00 ----D---- C:\AdwCleaner
2015-01-13 20:09:08 ----D---- C:\Program Files (x86)\trend micro
2015-01-13 20:09:07 ----D---- C:\rsit
2015-01-13 17:43:08 ----D---- C:\ProgramData\Local Settings
2015-01-11 13:03:49 ----A---- C:\Windows\SysWOW64\ixykwuot.exe
2015-01-11 13:03:47 ----D---- C:\Users\admin\AppData\Roaming\Kubuadm
2015-01-08 14:57:41 ----A---- C:\Windows\SysWOW64\weirkay.exe
2015-01-08 14:57:40 ----D---- C:\Users\admin\AppData\Roaming\Ixyqqa
2015-01-08 09:09:00 ----D---- C:\Users\admin\AppData\Roaming\Ykqopise
2015-01-08 09:09:00 ----A---- C:\Windows\SysWOW64\fautkotybi.exe
2015-01-07 08:56:24 ----D---- C:\Users\admin\AppData\Roaming\Momawei
2015-01-07 08:56:24 ----A---- C:\Windows\SysWOW64\xireab.exe
2015-01-07 08:52:09 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-01-07 08:49:19 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-01-06 17:33:29 ----D---- C:\Users\admin\AppData\Roaming\42686079
2015-01-06 08:55:47 ----D---- C:\42686079
2015-01-06 08:21:07 ----D---- C:\Windows\SysWOW64\ຐ֭ೀ֭sers
2015-01-03 21:26:27 ----A---- C:\Users\admin\AppData\Roaming\ScanDisc.exe
2014-12-24 14:40:27 ----A---- C:\Users\admin\AppData\Roaming\svcxdcl32.exe
2014-12-23 14:44:43 ----D---- C:\Users\admin\AppData\Roaming\CrystalIdea Software
2014-12-22 23:01:51 ----A---- C:\Windows\fjEeGHhRviMexXc.exe
2014-12-19 19:00:45 ----D---- C:\Program Files (x86)\Common Files\Java
2014-12-19 18:59:57 ----D---- C:\ProgramData\Oracle
2014-12-18 20:35:59 ----D---- C:\Users\admin\AppData\Roaming\Ilunir
2014-12-18 20:34:36 ----D---- C:\ProgramData\JuseZvucu
2014-12-16 20:12:57 ----SHD---- C:\found.000
2014-12-15 20:49:20 ----D---- C:\Users\admin\AppData\Roaming\Kyyhuz
2014-12-15 20:47:56 ----D---- C:\ProgramData\vrxkwql

======List of files/folders modified in the last 1 month======

2015-01-13 21:28:55 ----D---- C:\Windows\Temp
2015-01-13 21:14:11 ----D---- C:\Windows\SysWOW64
2015-01-13 20:57:33 ----D---- C:\ProgramData\ATI
2015-01-13 20:54:36 ----D---- C:\Windows
2015-01-13 20:51:26 ----D---- C:\Windows\Tasks
2015-01-13 20:51:15 ----RD---- C:\Program Files (x86)
2015-01-13 20:50:36 ----HD---- C:\ProgramData
2015-01-13 20:50:34 ----D---- C:\ProgramData\ICQ
2015-01-13 20:04:55 ----D---- C:\Windows\inf
2015-01-13 19:59:16 ----D---- C:\Windows\SoftwareDistribution
2015-01-13 19:59:16 ----D---- C:\Windows\Minidump
2015-01-13 19:18:33 ----D---- C:\Users\admin\AppData\Roaming\BitTorrent
2015-01-13 19:18:31 ----RD---- C:\Users
2015-01-13 19:18:23 ----D---- C:\Users\admin\AppData\Roaming\Mozilla
2015-01-13 19:18:04 ----D---- C:\Users\admin\AppData\Roaming\MyHeritage
2015-01-13 19:17:56 ----D---- C:\Users\admin\AppData\Roaming\YoudaGames
2015-01-13 19:17:48 ----D---- C:\Users\admin\AppData\Roaming\Real
2015-01-13 19:17:45 ----D---- C:\Users\admin\AppData\Roaming\Adobe
2015-01-13 19:17:41 ----D---- C:\Users\admin\AppData\Roaming\Samsung
2015-01-13 19:17:40 ----D---- C:\Users\admin\AppData\Roaming\Skype
2015-01-13 19:17:36 ----D---- C:\Users\admin\AppData\Roaming\Toshiba
2015-01-13 19:17:17 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2015-01-13 19:17:16 ----D---- C:\Users\admin\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2015-01-13 19:16:50 ----D---- C:\Windows\Prefetch
2015-01-13 19:12:21 ----D---- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-01-13 19:12:02 ----D---- C:\PC TRANSLATOR DEMO
2015-01-13 19:11:28 ----D---- C:\Program Files (x86)\eBay
2015-01-13 17:46:45 ----D---- C:\Works
2015-01-13 17:45:57 ----SD---- C:\ProgramData\Microsoft
2015-01-13 17:45:57 ----D---- C:\ProgramData\MyHeritage
2015-01-13 17:45:56 ----D---- C:\ProgramData\TOSHIBA
2015-01-13 17:45:56 ----D---- C:\ProgramData\Skype
2015-01-13 17:45:56 ----D---- C:\ProgramData\SiteAdvisor
2015-01-13 17:45:55 ----D---- C:\Toshiba
2015-01-13 17:45:55 ----D---- C:\ProgramData\DivX
2015-01-13 17:45:41 ----RD---- C:\Program Files (x86)\Skype
2015-01-13 17:45:41 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2015-01-13 17:45:41 ----D---- C:\Program Files (x86)\Miranda IM
2015-01-13 17:45:35 ----D---- C:\Program Files (x86)\Microsoft Works
2015-01-13 17:45:20 ----D---- C:\Program Files (x86)\MediaMonkey
2015-01-13 17:45:04 ----D---- C:\Program Files (x86)\ATI Technologies
2015-01-13 17:44:43 ----D---- C:\Program Files (x86)\Toshiba TEMPRO
2015-01-13 17:44:40 ----SHD---- C:\$RECYCLE.BIN
2015-01-13 17:37:50 ----A---- C:\Windows\SysWOW64\log.txt
2015-01-12 15:03:19 ----SHD---- C:\System Volume Information
2015-01-12 13:57:31 ----A---- C:\Users\admin\AppData\Roaming\HELP_DECRYPT.TXT.wdfljvj
2015-01-07 18:39:23 ----SHD---- C:\Config.Msi
2015-01-07 08:53:37 ----SHD---- C:\Windows\Installer
2015-01-07 08:52:10 ----RD---- C:\Program Files
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Reference Assemblies
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Realtek WLAN Driver
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Realtek
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Real
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\QIP 2010
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\QIP
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Pidgin
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Photo Story 3 for Windows
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Nero
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\MSXML 4.0
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\MSBuild
2015-01-04 15:20:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Office
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft Games
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Microsoft
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\MarkAny
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Java
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Internet Explorer
2015-01-04 15:20:02 ----D---- C:\Program Files (x86)\Intel
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Google
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Electronic Arts
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\EA GAMES
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\DivX
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\xing shared
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Toshiba Shared
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\System
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\SpeechEngines
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Skype
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Services
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\postureAgent
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files\Adobe
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Common Files
2015-01-04 15:20:01 ----D---- C:\Program Files (x86)\Adobe
2014-12-19 19:00:12 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys []
R0 NBVol;Nero Backup Volume Filter Driver; C:\Windows\system32\DRIVERS\NBVol.sys []
R0 NBVolUp;Nero Backup Volume Upper Filter Driver; C:\Windows\system32\DRIVERS\NBVolUp.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys []
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
S1 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys [2006-07-24 5632]
S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\Windows\system32\drivers\btserial.sys [2004-11-29 23271]
S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\Windows\system32\drivers\btslbcsp.sys [2004-11-29 222876]
S3 a47j14y3;a47j14y3; C:\Windows\SysWOW64\drivers\a47j14y3.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 225280]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2009-03-31 16392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-07-02 810144]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-28 249648]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28 107912]
S2 SecurityCenterServer3425793768;Security Center Server - 3425793768; C:\Windows\SysWOW64\ixykwuot.exe [2014-02-24 507576]
S2 SecurityCenterServer3998176165;Security Center Server - 3998176165; C:\Windows\SysWOW64\weirkay.exe [2014-01-19 509100]
S2 SecurityCenterServer514026233;Security Center Server - 514026233; C:\Windows\SysWOW64\fautkotybi.exe [2011-01-16 508951]
S2 SecurityCenterServer607701921;Security Center Server - 607701921; C:\Windows\SysWOW64\xireab.exe [2014-07-31 505504]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-07-02 42360]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28 107912]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11 194032]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Martina.Br.
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 13 led 2015 20:13

Re: Chybná bitová kopie - SOS !!!

#6 Příspěvek od Martina.Br. »

teď se mi na ploše objevilo: your personal files are encrypted by ctb-locker

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Chybná bitová kopie - SOS !!!

#7 Příspěvek od Rudy »

Martina.Br. píše:teď se mi na ploše objevilo: your personal files are encrypted by ctb-locker
To je dost velký průšvih, váš PC je napaden pravděpodobně Ransomware. Vaše soubory byly zakryptovány a jejich dekryptace bude asi problematická. Dejte log ComobFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Martina.Br.
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 13 led 2015 20:13

Re: Chybná bitová kopie - SOS !!!

#8 Příspěvek od Martina.Br. »

Ráda bych vypnula ty rezidentní štíty, ale když chci otevřít ESET Smart Security, tak se objeví okno: tento program je blokován zásadami skupiny. Další informace získáte od správce systému...

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Chybná bitová kopie - SOS !!!

#9 Příspěvek od Rudy »

Zkuste spustit bez vypnutí.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Martina.Br.
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 13 led 2015 20:13

Re: Chybná bitová kopie - SOS !!!

#10 Příspěvek od Martina.Br. »

po stuštění Combofix a restartování okno: při spuštění souboru C:/Users/admin/AppData/Local/ifvnmor.dll došlo k problému. Uvedený modul nebyl nalezen. Mám dát asi ok že..

Martina.Br.
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 13 led 2015 20:13

Re: Chybná bitová kopie - SOS !!!

#11 Příspěvek od Martina.Br. »

Combo log:

ComboFix 15-01-08.01 - admin 13.01.2015 22:43:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3958.2358 [GMT 1:00]
Spuštěný z: c:\users\admin\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\42686079\svchost.exe
c:\program files (x86)\Java\jre1.8.0_25\bin\hkcr.exe
c:\program files (x86)\Java\jre1.8.0_25\bin\winlogon.exe
c:\program files (x86)\Java\jre1.8.0_25\bin\wisptis.exe
c:\program files (x86)\Java\jre6\bin\jucheck.exe
c:\program files (x86)\Java\jre6\bin\lucoms.exe
c:\program files (x86)\Java\jre7\bin\convert.exe
c:\program files (x86)\Java\jre7\bin\hkcr.exe
c:\program files (x86)\Java\jre7\bin\jucheck.exe
c:\program files (x86)\Microsoft Office\Office12\launch.exe
c:\programdata\Local Settings\Temp
c:\programdata\Local Settings\Temp\msiwkmui.com
c:\users\admin\AppData\Local\bimouri.dll
c:\users\admin\AppData\Local\ifvnmor.dll
c:\users\admin\AppData\Local\svcxdcl32.exe
c:\users\admin\AppData\Roaming\42686079
c:\users\admin\AppData\Roaming\42686079\svchost.exe
c:\users\admin\AppData\Roaming\4B55835D.reg
c:\users\admin\AppData\Roaming\da-DK4.dll
c:\users\admin\AppData\Roaming\Ixyqqa
c:\users\admin\AppData\Roaming\Ixyqqa\mupuq.exe
c:\users\admin\AppData\Roaming\Kubuadm\gefopo.exe
c:\users\admin\AppData\Roaming\Momawei\enqugu.exe
c:\users\admin\AppData\Roaming\ScanDisc.exe
c:\users\admin\AppData\Roaming\svcxdcl32.exe
c:\windows\hkcr.exe
c:\windows\iexplore.exe
c:\windows\msdownld.tmp
c:\windows\system32\config\systemprofile\AppData\Local\laominx.dll
c:\windows\system32\config\systemprofile\AppData\Local\laymegx.dll
c:\windows\SysWow64\SET7AC1.tmp
c:\windows\Tasks\Security Center Update - 3425793768.job
c:\windows\Tasks\Security Center Update - 3741571091.job
c:\windows\Tasks\Security Center Update - 3998176165.job
c:\windows\Tasks\Security Center Update - 514026233.job
c:\windows\Tasks\Security Center Update - 591574539.job
c:\windows\Tasks\Security Center Update - 607701921.job
c:\windows\unpack.exe
c:\windows\wisptis.exe
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SecurityCenterServer3425793768
-------\Service_SecurityCenterServer3998176165
-------\Service_SecurityCenterServer514026233
-------\Service_SecurityCenterServer607701921
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-13 do 2015-01-13 )))))))))))))))))))))))))))))))
.
.
2015-01-13 19:43 . 2015-01-13 19:59 -------- d-----w- C:\AdwCleaner
2015-01-13 19:09 . 2015-01-13 19:09 -------- d-----w- c:\program files (x86)\trend micro
2015-01-13 19:09 . 2015-01-13 20:29 -------- d-----w- C:\rsit
2015-01-13 18:06 . 2015-01-13 18:06 -------- d-----w- c:\users\admin\AppData\Local\RKB
2015-01-13 16:43 . 2015-01-13 21:50 -------- d-----w- c:\programdata\Local Settings
2015-01-11 12:03 . 2014-02-24 00:04 507576 ----a-w- c:\windows\SysWow64\ixykwuot.exe
2015-01-11 12:03 . 2015-01-13 21:53 -------- d-----w- c:\users\admin\AppData\Roaming\Kubuadm
2015-01-08 13:57 . 2014-01-19 10:43 509100 ----a-w- c:\windows\SysWow64\weirkay.exe
2015-01-08 08:09 . 2015-01-08 08:09 -------- d-----w- c:\users\admin\AppData\Roaming\Ykqopise
2015-01-08 08:09 . 2011-01-16 18:54 508951 ----a-w- c:\windows\SysWow64\fautkotybi.exe
2015-01-07 07:56 . 2015-01-13 21:53 -------- d-----w- c:\users\admin\AppData\Roaming\Momawei
2015-01-07 07:56 . 2014-07-31 08:59 505504 ----a-w- c:\windows\SysWow64\xireab.exe
2015-01-07 07:52 . 2015-01-07 07:52 -------- d-----w- c:\program files\Microsoft Silverlight
2015-01-07 07:52 . 2015-01-07 07:52 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-01-07 07:49 . 2015-01-07 07:49 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2015-01-06 07:55 . 2015-01-13 21:50 -------- d-----w- C:\42686079
2015-01-06 07:21 . 2015-01-06 07:21 -------- d-----w-ers c:\windows\SysWow64\SERS~1
2014-12-23 13:44 . 2014-12-23 13:44 -------- d-----w- c:\users\admin\AppData\Roaming\CrystalIdea Software
2014-12-22 22:01 . 2014-12-22 22:01 499712 ----a-w- c:\windows\fjEeGHhRviMexXc.exe
2014-12-19 18:00 . 2015-01-04 14:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-19 17:59 . 2014-12-19 18:01 -------- d-----w- c:\programdata\Oracle
2014-12-18 19:35 . 2014-12-21 18:42 -------- d-----w- c:\users\admin\AppData\Roaming\Ilunir
2014-12-18 19:34 . 2014-12-18 19:34 -------- d-----w- c:\programdata\JuseZvucu
2014-12-16 19:12 . 2014-12-16 19:12 -------- d-----w- C:\found.000
2014-12-15 19:49 . 2014-12-22 11:08 -------- d-----w- c:\users\admin\AppData\Roaming\Kyyhuz
2014-12-15 19:47 . 2015-01-08 08:07 -------- d-----w- c:\programdata\vrxkwql
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-19 18:00 . 2013-06-05 11:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
2010-04-12 16:28 45568 ----a-w- c:\users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"="c:\users\admin\AppData\Roaming\QipGuard\QipGuard.exe" [2010-04-12 181760]
"JuseZvucu"="c:\programdata\JuseZvucu\BaqoFcus.xqd" [2014-12-18 262144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2010-12-05 274608]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"JuseZvucu"="c:\programdata\JuseZvucu\BaqoFcus.xqd" [2014-12-18 262144]
"laominx"="c:\windows\system32\config\systemprofile\AppData\Local\laominx.dll" [2015-01-04 51200]
"laymegx"="c:\windows\system32\config\systemprofile\AppData\Local\laymegx.dll" [2015-01-06 51200]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cmjahae]
2015-01-12 12:47 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\cmjahae.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cnjahae]
2015-01-11 12:02 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\cnjahae.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\laominx]
2015-01-04 22:36 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\laominx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\laymegx]
2015-01-06 07:54 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\laymegx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\megxlay]
2015-01-07 07:55 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\megxlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xmeglay]
2015-01-08 13:56 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\xmeglay.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-09 18:05 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 19:57]
.
2015-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 19:57]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 07:53]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 07:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2903688]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: Interfaces\{21D58735-AE15-4842-9829-CBBD2157E4C6}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{21D58735-AE15-4842-9829-CBBD2157E4C6}\351435B414E45445: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{4A58A413-B75C-4A66-9274-C26982A7D85A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{62B8830F-0C16-460D-9FBF-AC757AC06575}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files (x86)\DVDVideoSoft\tbDVDV.dll
BHO-{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} - c:\program files (x86)\Smileys We Love Toolbar for IE\adxloader.dll
BHO-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files (x86)\DVDVideoSoft\tbDVDV.dll
Toolbar-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files (x86)\DVDVideoSoft\tbDVDV.dll
Toolbar-{CF0F43AB-9C23-4D7B-8040-201B82844854} - c:\program files (x86)\Smileys We Love Toolbar for IE\adxloader.dll
Wow6432Node-HKCU-Run-RegistryBooster - c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Pokki - %LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe
Wow6432Node-HKCU-Run-UpdateChecker - c:\program files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe
Wow6432Node-HKCU-Run-Ipgz - c:\users\admin\AppData\Roaming\da-DK4.dll
Wow6432Node-HKCU-Run-ifvnmor - c:\users\admin\AppData\Local\ifvnmor.dll
Wow6432Node-HKCU-Run-Svc2dll - c:\users\admin\AppData\Local\svcxdcl32.exe
Wow6432Node-HKCU-Run-bimouri - c:\users\admin\AppData\Local\bimouri.dll
Wow6432Node-HKCU-Run-x86kernel2 - c:\42686079\svchost.exe
Wow6432Node-HKCU-Run-Kufaaf - c:\users\admin\AppData\Roaming\Kubuadm\gefopo.exe
Wow6432Node-HKCU-Run-Yhesemgy - c:\users\admin\AppData\Roaming\Ixyqqa\mupuq.exe
Wow6432Node-HKCU-Run-Kihaxyletuitwi - c:\users\admin\AppData\Roaming\Momawei\enqugu.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
Wow6432Node-HKLM-Run-Family Tree Builder Update - c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
Wow6432Node-HKLM-Run-ApnTBMon - c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Wow6432Node-HKLM-Run-CrashReportNotifyer - c:\users\admin\AppData\Local\Temp\temp1268733068.exe
Wow6432Node-HKLM-Run-TimeChecker - c:\program files (x86)\Microsoft Office\Office12\launch.exe
Wow6432Node-HKLM-Run-VideoVerifyer - c:\program files (x86)\Java\jre6\bin\jucheck.exe
Wow6432Node-HKLM-Run-FolderVerifyer - c:\program files (x86)\Java\jre1.8.0_25\bin\wisptis.exe
Wow6432Node-HKLM-Run-NetworkChecker - c:\program files (x86)\Java\jre7\bin\convert.exe
Wow6432Node-HKLM-Run-MediaNotifyer - c:\windows\unpack.exe
Wow6432Node-HKLM-Run-VideoSaver - c:\program files (x86)\Java\jre6\bin\lucoms.exe
Wow6432Node-HKLM-Run-FolderUpdater - c:\program files (x86)\Java\jre7\bin\hkcr.exe
Wow6432Node-HKLM-Run-MediaVerifyer - c:\windows\iexplore.exe
Wow6432Node-HKLM-Run-ConnectionChecker - c:\program files (x86)\Java\jre7\bin\jucheck.exe
Wow6432Node-HKLM-Run-FolderChecker - c:\program files (x86)\Java\jre1.8.0_25\bin\hkcr.exe
Wow6432Node-HKLM-Run-ConnectionSaver - c:\program files (x86)\Java\jre1.8.0_25\bin\winlogon.exe
Wow6432Node-HKLM-Run-NetworkNotifyer - c:\windows\hkcr.exe
Wow6432Node-HKLM-Run-NetworkInformer - c:\windows\wisptis.exe
Wow6432Node-HKLM-Run-x86kernel2 - c:\42686079\svchost.exe
Wow6432Node-HKLM-Run-Kufaaf - c:\users\admin\AppData\Roaming\Kubuadm\gefopo.exe
Wow6432Node-HKLM-Run-Kihaxyletuitwi - c:\users\admin\AppData\Roaming\Momawei\enqugu.exe
Wow6432Node-HKLM-Run-Yhesemgy - c:\users\admin\AppData\Roaming\Ixyqqa\mupuq.exe
Wow6432Node-HKU-Default-Run-x86kernel2 - c:\42686079\svchost.exe
Wow6432Node-HKLM-Explorer_Run-14207 - c:\progra~3\LOCALS~1\Temp\msiwkmui.com
BHO-{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} - c:\program files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TNOD UP - c:\program files (x86)\TNod User & Password Finder\TNODUP.exe
HKLM-Run-Kufaaf - c:\users\admin\AppData\Roaming\Kubuadm\gefopo.exe
HKLM-Run-Kihaxyletuitwi - c:\users\admin\AppData\Roaming\Momawei\enqugu.exe
HKLM-Run-Yhesemgy - c:\users\admin\AppData\Roaming\Ixyqqa\mupuq.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
AddRemove-DVDVideoSoft Toolbar - c:\progra~2\DVDVID~1\UNWISE.EXE
AddRemove-Family Tree Builder - c:\program files (x86)\MyHeritage\Bin\Uninstall.exe
AddRemove-OptimizerProUpdater - c:\programdata\OptimizerPro\ix_updater.exe
AddRemove-PC Translator 2007 DEMO - c:\users\admin\AppData\Local\Temp\UN32.EXE
AddRemove-SqueakyChocolate, LLC UpdateChecker - c:\program files (x86)\SqueakyChocolate\UpdateChecker\uninstall.exe
AddRemove-Vienna Miranda Pack 1.1.0 - c:\program files (x86)\Miranda IM\Uninstall.exe
AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\program files (x86)\Uniblue\RegistryBooster\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\users\admin\AppData\Roaming\Ykqopise\igiqep.exe
c:\users\admin\AppData\Roaming\Ykqopise\igiqep.exe
.
**************************************************************************
.
Celkový čas: 2015-01-13 23:00:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-13 22:00
.
Před spuštěním: Volných bajtů: 78 898 049 024
Po spuštění: Volných bajtů: 78 535 024 640
.
- - End Of File - - E096AE452066226850A305886AA6266C

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Chybná bitová kopie - SOS !!!

#12 Příspěvek od vyosek »

Zdravim :)

:arrow: Kolega ma nejake problemy s internetem, tak zaskocim :oops:

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize
  • Kód: Vybrat vše

    KillAll::
    
    Collect::
    c:\windows\SysWow64\ixykwuot.exe
    c:\windows\SysWow64\weirkay.exe
    c:\windows\SysWow64\fautkotybi.exe
    c:\windows\SysWow64\xireab.exe
    c:\windows\fjEeGHhRviMexXc.exe
    c:\windows\system32\config\systemprofile\AppData\Local\laominx.dll
    c:\windows\System32\config\systemprofile\AppData\Local\xmeglay.dll
    c:\windows\System32\config\systemprofile\AppData\Local\megxlay.dll
    c:\windows\System32\config\systemprofile\AppData\Local\laymegx.dll
    c:\windows\System32\config\systemprofile\AppData\Local\laominx.dll
    c:\windows\System32\config\systemprofile\AppData\Local\cnjahae.dll
    c:\windows\System32\config\systemprofile\AppData\Local\cmjahae.dll
    
    Folder::
    c:\users\admin\AppData\Roaming\Kubuadm
    c:\users\admin\AppData\Roaming\Ykqopise
    c:\users\admin\AppData\Roaming\Momawei
    c:\users\admin\AppData\Roaming\Ilunir
    c:\programdata\JuseZvucu
    c:\users\admin\AppData\Roaming\Kyyhuz
    c:\programdata\vrxkwql
    c:\users\admin\AppData\Roaming\QipGuard
    
    File::
    c:\users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
    c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job
    c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job
    c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QIP Internet Guardian"=-
    "JuseZvucu"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "Adobe ARM"=-
    "DivXUpdate"=-
    "TkBellExe"=-
    "GrooveMonitor"=-
    "SunJavaUpdateSched"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"=-
    "JuseZvucu"="-
    "laominx"="-
    "laymegx"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cmjahae]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cnjahae]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\laominx]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\laymegx]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\megxlay]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xmeglay]
    
    Driver::
    SkypeUpdate
    
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    
    ClearJavaCache::
    
    Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Martina.Br.
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 13 led 2015 20:13

Re: Chybná bitová kopie - SOS !!!

#13 Příspěvek od Martina.Br. »

Okno: podrobení vzorků další analýze

Combofix potřebuje podrobit vzorky malware další analýze. Prosím ujistěte se, že jste připojeni k internetu než kliknete na ok.

Jenže já k internetu připojená nejsem... nejde se mi najednou připojit

Martina.Br.
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 13 led 2015 20:13

Re: Chybná bitová kopie - SOS !!!

#14 Příspěvek od Martina.Br. »

ComboFix 15-01-08.01 - admin 13.01.2015 23:41:15.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3958.2485 [GMT 1:00]
Spuštěný z: c:\users\admin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\admin\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll"
"c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk"
"c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\JuseZvucu
c:\programdata\JuseZvucu\BaqoFcus.xqd
c:\programdata\vrxkwql
c:\programdata\vrxkwql\how_decrypt.gif
c:\programdata\vrxkwql\how_decrypt.html
c:\programdata\vrxkwql\skkmj.gui
c:\programdata\vrxkwql\utxkn.cmp
c:\programdata\vrxkwql\xyfqtfj.kkd
c:\users\admin\AppData\Roaming\Ilunir
c:\users\admin\AppData\Roaming\Kubuadm
c:\users\admin\AppData\Roaming\Kyyhuz
c:\users\admin\AppData\Roaming\Momawei
c:\users\admin\AppData\Roaming\QipGuard
c:\users\admin\AppData\Roaming\QipGuard\chrome.dll
c:\users\admin\AppData\Roaming\QipGuard\QipGuard.exe
c:\users\admin\AppData\Roaming\QipGuard\sqlite3.dll
c:\users\admin\AppData\Roaming\Ykqopise
c:\windows\system32\config\systemprofile\AppData\Local\laominx.dll
c:\windows\system32\config\systemprofile\AppData\Local\laymegx.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-13 do 2015-01-13 )))))))))))))))))))))))))))))))
.
.
2015-01-13 22:47 . 2015-01-13 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-13 22:47 . 2015-01-13 22:49 -------- d-----w- c:\programdata\JuseZvucu
2015-01-13 19:43 . 2015-01-13 19:59 -------- d-----w- C:\AdwCleaner
2015-01-13 19:09 . 2015-01-13 19:09 -------- d-----w- c:\program files (x86)\trend micro
2015-01-13 19:09 . 2015-01-13 20:29 -------- d-----w- C:\rsit
2015-01-13 18:06 . 2015-01-13 18:06 -------- d-----w- c:\users\admin\AppData\Local\RKB
2015-01-13 16:43 . 2015-01-13 21:50 -------- d-----w- c:\programdata\Local Settings
2015-01-11 12:03 . 2014-02-24 00:04 507576 ------w- c:\windows\SysWow64\ixykwuot.exe
2015-01-08 13:57 . 2014-01-19 10:43 509100 ------w- c:\windows\SysWow64\weirkay.exe
2015-01-08 08:09 . 2011-01-16 18:54 508951 ------w- c:\windows\SysWow64\fautkotybi.exe
2015-01-07 07:56 . 2014-07-31 08:59 505504 ------w- c:\windows\SysWow64\xireab.exe
2015-01-07 07:52 . 2015-01-07 07:52 -------- d-----w- c:\program files\Microsoft Silverlight
2015-01-07 07:52 . 2015-01-07 07:52 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-01-07 07:49 . 2015-01-07 07:49 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2015-01-06 07:55 . 2015-01-13 21:50 -------- d-----w- C:\42686079
2015-01-06 07:21 . 2015-01-06 07:21 -------- d-----w-ers c:\windows\SysWow64\SERS~1
2014-12-23 13:44 . 2014-12-23 13:44 -------- d-----w- c:\users\admin\AppData\Roaming\CrystalIdea Software
2014-12-22 22:01 . 2014-12-22 22:01 499712 ------w- c:\windows\fjEeGHhRviMexXc.exe
2014-12-19 18:00 . 2015-01-04 14:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-19 17:59 . 2014-12-19 18:01 -------- d-----w- c:\programdata\Oracle
2014-12-16 19:12 . 2014-12-16 19:12 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-19 18:00 . 2013-06-05 11:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
2010-04-12 16:28 45568 ----a-w- c:\users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}]
c:\program files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
c:\program files (x86)\DVDVideoSoft\tbDVDV.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVDV.dll" [BU]
"{CF0F43AB-9C23-4D7B-8040-201B82844854}"= "c:\program files (x86)\Smileys We Love Toolbar for IE\adxloader.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{cf0f43ab-9c23-4d7b-8040-201b82844854}]
[HKEY_CLASSES_ROOT\SmileysWeLoveToolbar.SWLIEToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"laominx"="c:\windows\system32\config\systemprofile\AppData\Local\laominx.dll" [2015-01-04 51200]
"laymegx"="c:\windows\system32\config\systemprofile\AppData\Local\laymegx.dll" [2015-01-06 51200]
"x86kernel2"="c:\42686079\svchost.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"14207"="c:\progra~3\LOCALS~1\Temp\msiwkmui.com" [BU]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cmjahae]
2015-01-12 12:47 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\cmjahae.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cnjahae]
2015-01-11 12:02 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\cnjahae.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\laominx]
2015-01-04 22:36 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\laominx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\laymegx]
2015-01-06 07:54 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\laymegx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\megxlay]
2015-01-07 07:55 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\megxlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xmeglay]
2015-01-08 13:56 51200 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\xmeglay.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-09 18:05 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 19:57]
.
2015-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 19:57]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 07:53]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 07:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2903688]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Kufaaf"="c:\users\admin\AppData\Roaming\Kubuadm\gefopo.exe" [BU]
"Kihaxyletuitwi"="c:\users\admin\AppData\Roaming\Momawei\enqugu.exe" [BU]
"Yhesemgy"="c:\users\admin\AppData\Roaming\Ixyqqa\mupuq.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: Interfaces\{21D58735-AE15-4842-9829-CBBD2157E4C6}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{21D58735-AE15-4842-9829-CBBD2157E4C6}\351435B414E45445: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{4A58A413-B75C-4A66-9274-C26982A7D85A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{62B8830F-0C16-460D-9FBF-AC757AC06575}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-Ahenytofat - c:\users\admin\AppData\Roaming\Ykqopise\igiqep.exe
Wow6432Node-HKU-Default-Run-JuseZvucu - c:\programdata\JuseZvucu\BaqoFcus.xqd
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
AddRemove-DVDVideoSoft Toolbar - c:\progra~2\DVDVID~1\UNWISE.EXE
AddRemove-Family Tree Builder - c:\program files (x86)\MyHeritage\Bin\Uninstall.exe
AddRemove-OptimizerProUpdater - c:\programdata\OptimizerPro\ix_updater.exe
AddRemove-PC Translator 2007 DEMO - c:\users\admin\AppData\Local\Temp\UN32.EXE
AddRemove-SqueakyChocolate, LLC UpdateChecker - c:\program files (x86)\SqueakyChocolate\UpdateChecker\uninstall.exe
AddRemove-Vienna Miranda Pack 1.1.0 - c:\program files (x86)\Miranda IM\Uninstall.exe
AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\program files (x86)\Uniblue\RegistryBooster\unins000.exe
AddRemove-QipGuard - c:\users\admin\AppData\Roaming\QipGuard\QipGuard.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2015-01-13 23:56:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-13 22:56
ComboFix2.txt 2015-01-13 22:00
.
Před spuštěním: Volných bajtů: 78 608 449 536
Po spuštění: Volných bajtů: 78 194 323 456
.
- - End Of File - - F7B404D485DEF17B067E549A0271FBEC

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Chybná bitová kopie - SOS !!!

#15 Příspěvek od vyosek »

:arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbar
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Odpovědět