Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vypnutá Firewall

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
denystar
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 25 črc 2016 13:30

Vypnutá Firewall

#1 Příspěvek od denystar »

Dobrý den, měl jsem problém s nemožností zapnutí Firewall, nešla ani aktualizovat. Zde na fóru jsem našel téma se stejným problémem, kde po použítí programu ComboFix problém odezněl, udělal jsem tedy to samé. Problém to vyřešilo, brána Firewall je funkční. Chci se zeptat, je v současné chvíli dle logu ještě nějaký problém? Nevyznám se v tom, tak ho přikládám. Předem děkuji za pomoc.

ComboFix 16-07-25.01 - Admin 25.07.2016 14:05:19.1.2 - x64
Microsoft Windows 7 Professional
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 9.0.318.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 9.0.318.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Admin\AppData\Roaming\BCWorker.exe
c:\users\Admin\Desktop\Adware Removal Tool by TSA.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\cttele32.dll.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-06-25 do 2016-07-25 )))))))))))))))))))))))))))))))
.
.
2016-07-25 10:39 . 2016-07-25 10:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3453CFB9-B1F1-4949-8744-D15FF6A5A768}\offreg.2936.dll
2016-07-24 17:00 . 2016-07-24 17:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-07-23 16:52 . 2016-07-24 11:17 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-23 16:51 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-07-23 16:51 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-07-23 16:51 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-07-23 16:51 . 2016-07-23 16:51 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-07-23 16:51 . 2016-07-23 16:51 -------- d-----w- c:\programdata\Malwarebytes
2016-07-23 16:45 . 2016-07-23 16:45 -------- d-----w- c:\program files (x86)\Trend Micro
2016-07-23 15:30 . 2016-07-23 15:30 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-18 16:12 . 2016-07-18 17:05 -------- d-----w- c:\users\Admin\AppData\Local\Google
2016-07-18 16:10 . 2016-07-18 16:11 -------- d-----w- c:\program files (x86)\Google
2016-07-12 10:07 . 2016-06-21 22:04 12007136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3453CFB9-B1F1-4949-8744-D15FF6A5A768}\mpengine.dll
2016-07-08 17:25 . 2016-07-08 17:25 -------- d-----w- c:\program files (x86)\Common Files\lightning group shared files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-25 10:06 . 2016-04-17 22:41 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2016-07-14 19:53 . 2012-03-29 16:33 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-14 19:53 . 2011-10-03 17:41 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-21 10:13 . 2011-10-03 14:49 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-06-15 22:52 . 2011-10-03 16:20 142482544 ----a-w- c:\windows\system32\MRT.exe
2016-06-06 16:58 . 2016-06-15 20:07 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-06-06 16:50 . 2016-06-15 20:07 1204224 ----a-w- c:\windows\system32\aeinv.dll
2016-06-03 13:05 . 2016-06-15 20:07 1413120 ----a-w- c:\windows\system32\appraiser.dll
2016-05-27 13:06 . 2016-06-15 20:07 569856 ----a-w- c:\windows\system32\generaltel.dll
2016-05-27 13:06 . 2016-06-15 20:07 544256 ----a-w- c:\windows\system32\devinv.dll
2016-05-27 13:06 . 2016-06-15 20:07 276480 ----a-w- c:\windows\system32\invagent.dll
2016-05-27 13:06 . 2016-06-15 20:07 265216 ----a-w- c:\windows\system32\centel.dll
2016-05-23 23:37 . 2016-06-15 20:06 394960 ----a-w- c:\windows\system32\iedkcs32.dll
2016-05-22 13:06 . 2016-06-15 20:07 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-05-21 17:28 . 2016-06-15 20:06 25802752 ----a-w- c:\windows\system32\mshtml.dll
2016-05-20 22:27 . 2016-06-15 20:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-05-20 22:27 . 2016-06-15 20:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-05-20 22:14 . 2016-06-15 20:06 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-05-20 22:10 . 2016-06-15 20:06 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-05-20 22:09 . 2016-06-15 20:07 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-05-20 22:09 . 2016-06-15 20:06 417792 ----a-w- c:\windows\system32\html.iec
2016-05-20 22:09 . 2016-06-15 20:06 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-05-20 22:08 . 2016-06-15 20:06 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-05-20 22:08 . 2016-06-15 20:06 2895360 ----a-w- c:\windows\system32\iertutil.dll
2016-05-20 22:02 . 2016-06-15 20:06 6051328 ----a-w- c:\windows\system32\jscript9.dll
2016-05-20 22:00 . 2016-06-15 20:06 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-05-20 21:59 . 2016-06-15 20:07 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-05-20 21:57 . 2016-06-15 20:06 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-05-20 21:57 . 2016-06-15 20:07 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-05-20 21:57 . 2016-06-15 20:07 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-05-20 21:56 . 2016-06-15 20:06 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-05-20 21:56 . 2016-06-15 20:06 615936 ----a-w- c:\windows\system32\ieui.dll
2016-05-20 21:55 . 2016-06-15 20:07 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-05-20 21:54 . 2016-06-15 20:07 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-05-20 21:54 . 2016-06-15 20:06 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-05-20 21:54 . 2016-06-15 20:06 817664 ----a-w- c:\windows\system32\jscript.dll
2016-05-20 21:54 . 2016-06-15 20:06 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-05-20 21:45 . 2016-06-15 20:06 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-05-20 21:44 . 2016-06-15 20:06 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-05-20 21:43 . 2016-06-15 20:06 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-05-20 21:41 . 2016-06-15 20:06 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-05-20 21:33 . 2016-06-15 20:07 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-05-20 21:32 . 2016-06-15 20:07 107520 ----a-w- c:\windows\system32\inseng.dll
2016-05-20 21:28 . 2016-06-15 20:06 199680 ----a-w- c:\windows\system32\msrating.dll
2016-05-20 21:27 . 2016-06-15 20:07 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-05-20 21:27 . 2016-06-15 20:06 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-05-20 21:25 . 2016-06-15 20:06 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-05-20 21:22 . 2016-06-15 20:06 152064 ----a-w- c:\windows\system32\occache.dll
2016-05-20 21:14 . 2016-06-15 20:06 4610048 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-05-20 21:11 . 2016-06-15 20:06 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-05-20 21:11 . 2016-06-15 20:06 15420928 ----a-w- c:\windows\system32\ieframe.dll
2016-05-20 21:09 . 2016-06-15 20:07 725504 ----a-w- c:\windows\system32\ie4uinit.exe
2016-05-20 21:08 . 2016-06-15 20:06 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-05-20 21:08 . 2016-06-15 20:06 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-05-20 21:07 . 2016-06-15 20:06 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-05-20 21:07 . 2016-06-15 20:06 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-05-20 21:06 . 2016-06-15 20:06 2131968 ----a-w- c:\windows\system32\inetcpl.cpl
2016-05-20 20:46 . 2016-06-15 20:06 2597888 ----a-w- c:\windows\system32\wininet.dll
2016-05-20 20:42 . 2016-06-15 20:06 2121216 ----a-w- c:\windows\SysWow64\wininet.dll
2016-05-20 20:34 . 2016-06-15 20:06 1544192 ----a-w- c:\windows\system32\urlmon.dll
2016-05-20 20:23 . 2016-06-15 20:06 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-05-18 16:10 . 2016-06-15 20:07 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-05-18 16:09 . 2016-06-15 20:07 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-05-13 22:15 . 2016-06-15 20:07 382184 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 22:09 . 2016-06-15 20:07 41472 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 22:09 . 2016-06-15 20:07 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 22:09 . 2016-06-15 20:07 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 22:09 . 2016-06-15 20:07 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-05-13 21:54 . 2016-06-15 20:07 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-05-13 21:50 . 2016-06-15 20:07 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-05-13 21:49 . 2016-06-15 20:07 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-05-13 21:49 . 2016-06-15 20:07 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-05-13 21:27 . 2016-06-15 20:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-05-12 17:20 . 2016-06-15 20:07 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 17:20 . 2016-06-15 20:07 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 17:15 . 2016-06-15 20:07 105472 ----a-w- c:\windows\system32\winipsec.dll
2016-05-12 17:15 . 2016-06-15 20:07 2048 ----a-w- c:\windows\system32\tzres.dll
2016-05-12 17:15 . 2016-06-15 20:07 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-05-12 17:15 . 2016-06-15 20:07 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-05-12 17:15 . 2016-06-15 20:07 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-05-12 17:15 . 2016-06-15 20:07 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 17:14 . 2016-06-15 20:07 344064 ----a-w- c:\windows\system32\schannel.dll
2016-05-12 17:14 . 2016-06-15 20:07 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-05-12 17:14 . 2016-06-15 20:07 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-05-12 17:14 . 2016-06-15 20:07 28160 ----a-w- c:\windows\system32\secur32.dll
2016-05-12 17:14 . 2016-06-15 20:07 373760 ----a-w- c:\windows\system32\polstore.dll
2016-05-12 17:14 . 2016-06-15 20:07 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-05-12 17:14 . 2016-06-15 20:07 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-05-12 17:14 . 2016-06-15 20:07 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-05-12 17:14 . 2016-06-15 20:07 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-05-12 17:14 . 2016-06-15 20:07 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-05-12 17:14 . 2016-06-15 20:07 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-05-12 17:14 . 2016-06-15 20:07 502272 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-05-12 17:14 . 2016-06-15 20:07 794624 ----a-w- c:\windows\system32\gpsvc.dll
2016-05-12 17:14 . 2016-06-15 20:07 793088 ----a-w- c:\windows\system32\gpprefcl.dll
2016-05-12 17:14 . 2016-06-15 20:07 96256 ----a-w- c:\windows\system32\gpapi.dll
2016-05-12 17:14 . 2016-06-15 20:07 75776 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2016-05-12 17:14 . 2016-06-15 20:07 32768 ----a-w- c:\windows\system32\gpscript.dll
2016-05-12 17:14 . 2016-06-15 20:07 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 17:14 . 2016-06-15 20:07 22016 ----a-w- c:\windows\system32\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Steam"="c:\games\Steam CS\steam.exe" [2016-02-04 3014224]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE" [2015-12-11 563416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ACDService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCBNT.SYS]
@=""
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Admin\AppData\Local\Temp\GPU-Z.sys;c:\users\Admin\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:53]
.
2016-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-18 16:09]
.
2016-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-18 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-12-08 8146944]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-03-19 176952]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 10.27.87.193
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oem874o2.default-1469362576525\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-AsioReg - CTASIO.DLL
AddRemove-BandiMPEG1 - c:\program files (x86)\BandiMPEG1\uninstall.exe
.
.
"ImagePath"="c:\documents\DOKUMENTY DENY\
[PROGRAMS]\[WRITING PROGRAMS]\EASY FILE PROTECTOR\EFPA.exe"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACDService]
"ImagePath"="c:\documents\DOKUMENTY DENY\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3772700114-1450314536-3065715830-1001\Software\SecuROM\License information*]
"datasecu"=hex:91,9c,67,79,6f,11,9a,9a,ef,51,d0,2e,dd,53,37,d5,0b,01,ad,45,b0,
df,75,de,ec,0b,9d,78,cf,47,b5,cf,79,98,22,bd,8b,d3,22,a0,de,11,09,8b,38,93,\
"rkeysecu"=hex:84,06,94,9c,9c,c4,85,81,04,8b,75,2d,d2,e9,40,54
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2016-07-25 14:22:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-07-25 12:22
.
Před spuštěním: Volných bajtů: 147 878 252 544
Po spuštění: Volných bajtů: 151 644 180 480
.
- - End Of File - - 98A5006EC11E9B8B49318D010A1ACC2B
5C616939100B85E558DA92B899A0FC36
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vypnutá Firewall

#2 Příspěvek od Rudy »

Zdravím!
Příště ComboFix sám nespouštějte, laik si jím snadno může poškodit systém, nebo některé aplikace. Tento konkrétní případ byl léče ComboFixsm, ovšem na pokyn rádce.

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_USERS\S-1-5-21-3772700114-1450314536-3065715830-1001\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu Combofix a pusťte. CF se spustí a vykoná příkazy ze skriptu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
denystar
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 25 črc 2016 13:30

Re: Vypnutá Firewall

#3 Příspěvek od denystar »

Tak snad se systém nebo aplikace nepoškodily :shock: . Udělal jsem, co jste řekl, PC se nerestartoval, jako předtím a toto je log.
ComboFix 16-07-25.01 - Admin 25.07.2016 18:36:57.2.2 - x64
Microsoft Windows 7 Professional
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 9.0.318.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 9.0.318.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-06-25 do 2016-07-25 )))))))))))))))))))))))))))))))
.
.
2016-07-25 16:44 . 2016-07-25 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-25 10:39 . 2016-07-25 10:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3453CFB9-B1F1-4949-8744-D15FF6A5A768}\offreg.2936.dll
2016-07-24 17:00 . 2016-07-24 17:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-07-23 16:52 . 2016-07-24 11:17 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-23 16:51 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-07-23 16:51 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-07-23 16:51 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-07-23 16:51 . 2016-07-23 16:51 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-07-23 16:51 . 2016-07-23 16:51 -------- d-----w- c:\programdata\Malwarebytes
2016-07-23 16:45 . 2016-07-23 16:45 -------- d-----w- c:\program files (x86)\Trend Micro
2016-07-23 15:30 . 2016-07-23 15:30 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-18 16:12 . 2016-07-18 17:05 -------- d-----w- c:\users\Admin\AppData\Local\Google
2016-07-18 16:10 . 2016-07-18 16:11 -------- d-----w- c:\program files (x86)\Google
2016-07-12 10:07 . 2016-06-21 22:04 12007136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3453CFB9-B1F1-4949-8744-D15FF6A5A768}\mpengine.dll
2016-07-08 17:25 . 2016-07-08 17:25 -------- d-----w- c:\program files (x86)\Common Files\lightning group shared files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-25 10:06 . 2016-04-17 22:41 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2016-07-14 19:53 . 2012-03-29 16:33 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-14 19:53 . 2011-10-03 17:41 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-21 10:13 . 2011-10-03 14:49 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-06-15 22:52 . 2011-10-03 16:20 142482544 ----a-w- c:\windows\system32\MRT.exe
2016-06-06 16:58 . 2016-06-15 20:07 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-06-06 16:50 . 2016-06-15 20:07 1204224 ----a-w- c:\windows\system32\aeinv.dll
2016-06-03 13:05 . 2016-06-15 20:07 1413120 ----a-w- c:\windows\system32\appraiser.dll
2016-05-27 13:06 . 2016-06-15 20:07 569856 ----a-w- c:\windows\system32\generaltel.dll
2016-05-27 13:06 . 2016-06-15 20:07 544256 ----a-w- c:\windows\system32\devinv.dll
2016-05-27 13:06 . 2016-06-15 20:07 276480 ----a-w- c:\windows\system32\invagent.dll
2016-05-27 13:06 . 2016-06-15 20:07 265216 ----a-w- c:\windows\system32\centel.dll
2016-05-23 23:37 . 2016-06-15 20:06 394960 ----a-w- c:\windows\system32\iedkcs32.dll
2016-05-22 13:06 . 2016-06-15 20:07 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-05-21 17:28 . 2016-06-15 20:06 25802752 ----a-w- c:\windows\system32\mshtml.dll
2016-05-20 22:27 . 2016-06-15 20:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-05-20 22:27 . 2016-06-15 20:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-05-20 22:14 . 2016-06-15 20:06 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-05-20 22:10 . 2016-06-15 20:06 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-05-20 22:09 . 2016-06-15 20:07 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-05-20 22:09 . 2016-06-15 20:06 417792 ----a-w- c:\windows\system32\html.iec
2016-05-20 22:09 . 2016-06-15 20:06 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-05-20 22:08 . 2016-06-15 20:06 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-05-20 22:08 . 2016-06-15 20:06 2895360 ----a-w- c:\windows\system32\iertutil.dll
2016-05-20 22:02 . 2016-06-15 20:06 6051328 ----a-w- c:\windows\system32\jscript9.dll
2016-05-20 22:00 . 2016-06-15 20:06 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-05-20 21:59 . 2016-06-15 20:07 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-05-20 21:57 . 2016-06-15 20:06 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-05-20 21:57 . 2016-06-15 20:07 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-05-20 21:57 . 2016-06-15 20:07 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-05-20 21:56 . 2016-06-15 20:06 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-05-20 21:56 . 2016-06-15 20:06 615936 ----a-w- c:\windows\system32\ieui.dll
2016-05-20 21:55 . 2016-06-15 20:07 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-05-20 21:54 . 2016-06-15 20:07 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-05-20 21:54 . 2016-06-15 20:06 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-05-20 21:54 . 2016-06-15 20:06 817664 ----a-w- c:\windows\system32\jscript.dll
2016-05-20 21:54 . 2016-06-15 20:06 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-05-20 21:45 . 2016-06-15 20:06 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-05-20 21:44 . 2016-06-15 20:06 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-05-20 21:43 . 2016-06-15 20:06 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-05-20 21:41 . 2016-06-15 20:06 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-05-20 21:33 . 2016-06-15 20:07 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-05-20 21:32 . 2016-06-15 20:07 107520 ----a-w- c:\windows\system32\inseng.dll
2016-05-20 21:28 . 2016-06-15 20:06 199680 ----a-w- c:\windows\system32\msrating.dll
2016-05-20 21:27 . 2016-06-15 20:07 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-05-20 21:27 . 2016-06-15 20:06 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-05-20 21:25 . 2016-06-15 20:06 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-05-20 21:22 . 2016-06-15 20:06 152064 ----a-w- c:\windows\system32\occache.dll
2016-05-20 21:14 . 2016-06-15 20:06 4610048 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-05-20 21:11 . 2016-06-15 20:06 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-05-20 21:11 . 2016-06-15 20:06 15420928 ----a-w- c:\windows\system32\ieframe.dll
2016-05-20 21:09 . 2016-06-15 20:07 725504 ----a-w- c:\windows\system32\ie4uinit.exe
2016-05-20 21:08 . 2016-06-15 20:06 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-05-20 21:08 . 2016-06-15 20:06 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-05-20 21:07 . 2016-06-15 20:06 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-05-20 21:07 . 2016-06-15 20:06 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-05-20 21:06 . 2016-06-15 20:06 2131968 ----a-w- c:\windows\system32\inetcpl.cpl
2016-05-20 20:46 . 2016-06-15 20:06 2597888 ----a-w- c:\windows\system32\wininet.dll
2016-05-20 20:42 . 2016-06-15 20:06 2121216 ----a-w- c:\windows\SysWow64\wininet.dll
2016-05-20 20:34 . 2016-06-15 20:06 1544192 ----a-w- c:\windows\system32\urlmon.dll
2016-05-20 20:23 . 2016-06-15 20:06 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-05-18 16:10 . 2016-06-15 20:07 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-05-18 16:09 . 2016-06-15 20:07 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-05-13 22:15 . 2016-06-15 20:07 382184 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 22:09 . 2016-06-15 20:07 41472 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 22:09 . 2016-06-15 20:07 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 22:09 . 2016-06-15 20:07 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 22:09 . 2016-06-15 20:07 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-05-13 21:54 . 2016-06-15 20:07 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-05-13 21:50 . 2016-06-15 20:07 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-05-13 21:49 . 2016-06-15 20:07 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-05-13 21:49 . 2016-06-15 20:07 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-05-13 21:27 . 2016-06-15 20:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-05-12 17:20 . 2016-06-15 20:07 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 17:20 . 2016-06-15 20:07 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 17:15 . 2016-06-15 20:07 105472 ----a-w- c:\windows\system32\winipsec.dll
2016-05-12 17:15 . 2016-06-15 20:07 2048 ----a-w- c:\windows\system32\tzres.dll
2016-05-12 17:15 . 2016-06-15 20:07 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-05-12 17:15 . 2016-06-15 20:07 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-05-12 17:15 . 2016-06-15 20:07 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-05-12 17:15 . 2016-06-15 20:07 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 17:14 . 2016-06-15 20:07 344064 ----a-w- c:\windows\system32\schannel.dll
2016-05-12 17:14 . 2016-06-15 20:07 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-05-12 17:14 . 2016-06-15 20:07 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-05-12 17:14 . 2016-06-15 20:07 28160 ----a-w- c:\windows\system32\secur32.dll
2016-05-12 17:14 . 2016-06-15 20:07 373760 ----a-w- c:\windows\system32\polstore.dll
2016-05-12 17:14 . 2016-06-15 20:07 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-05-12 17:14 . 2016-06-15 20:07 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-05-12 17:14 . 2016-06-15 20:07 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-05-12 17:14 . 2016-06-15 20:07 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-05-12 17:14 . 2016-06-15 20:07 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-05-12 17:14 . 2016-06-15 20:07 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-05-12 17:14 . 2016-06-15 20:07 502272 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-05-12 17:14 . 2016-06-15 20:07 794624 ----a-w- c:\windows\system32\gpsvc.dll
2016-05-12 17:14 . 2016-06-15 20:07 793088 ----a-w- c:\windows\system32\gpprefcl.dll
2016-05-12 17:14 . 2016-06-15 20:07 96256 ----a-w- c:\windows\system32\gpapi.dll
2016-05-12 17:14 . 2016-06-15 20:07 75776 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2016-05-12 17:14 . 2016-06-15 20:07 32768 ----a-w- c:\windows\system32\gpscript.dll
2016-05-12 17:14 . 2016-06-15 20:07 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 17:14 . 2016-06-15 20:07 22016 ----a-w- c:\windows\system32\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Steam"="c:\games\Steam CS\steam.exe" [2016-02-04 3014224]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE" [2015-12-11 563416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ACDService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCBNT.SYS]
@=""
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Admin\AppData\Local\Temp\GPU-Z.sys;c:\users\Admin\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:53]
.
2016-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-18 16:09]
.
2016-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-18 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"="CTASIO.DLL" [BU]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-12-08 8146944]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-03-19 176952]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 10.27.87.193
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oem874o2.default-1469362576525\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BandiMPEG1 - c:\program files (x86)\BandiMPEG1\uninstall.exe
.
.
"ImagePath"="c:\documents\DOKUMENTY DENY\
[PROGRAMS]\[WRITING PROGRAMS]\EASY FILE PROTECTOR\EFPA.exe"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACDService]
"ImagePath"="c:\documents\DOKUMENTY DENY\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3772700114-1450314536-3065715830-1001\Software\SecuROM\License information*]
"datasecu"=hex:91,9c,67,79,6f,11,9a,9a,ef,51,d0,2e,dd,53,37,d5,0b,01,ad,45,b0,
df,75,de,ec,0b,9d,78,cf,47,b5,cf,79,98,22,bd,8b,d3,22,a0,de,11,09,8b,38,93,\
"rkeysecu"=hex:84,06,94,9c,9c,c4,85,81,04,8b,75,2d,d2,e9,40,54
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-07-25 18:48:04
ComboFix-quarantined-files.txt 2016-07-25 16:48
ComboFix2.txt 2016-07-25 12:22
.
Před spuštěním: Volných bajtů: 156 167 454 720
Po spuštění: Volných bajtů: 156 091 957 248
.
- - End Of File - - 18DFB74B22F86F2817E19F2687A4CC62
5C616939100B85E558DA92B899A0FC36
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vypnutá Firewall

#4 Příspěvek od Rudy »

Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
denystar
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 25 črc 2016 13:30

Re: Vypnutá Firewall

#5 Příspěvek od denystar »

Nepřijde mi. Vše se zdá být OK, Firewall zapnuta.. :lol:
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vypnutá Firewall

#6 Příspěvek od Rudy »

Tak je to v pořádku, ne?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
denystar
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 25 črc 2016 13:30

Re: Vypnutá Firewall

#7 Příspěvek od denystar »

Doufejme, že ano. Moc Vám děkuji za pomoc!!! Zeptám se: neuškodí, když jednou za čas projedu počítač nějakým anti-malware programem, jako např. adwcleaner?
edit: ptám se, protože mám ještě Malwarebytes Anti-Malware a měl jsem také Adware Removal Tool by TSA, ten mi ale Combofix smazal, takže ten už rozhodně používat nebudu
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vypnutá Firewall

#8 Příspěvek od Rudy »

ADWCleaner můžete použít i jako laik. Nezaznamenal jsem dosud nic regulérního, co by smazal. Nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“