VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu :)

https://forum.viry.cz:443/viewtopic.php?t=136370

Stránka 2 z 3

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 15:41
od krovak
< MD5 for: WDF01000.SYS >
[2009.07.14 02:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) MD5=441BD2D7B4F98134C3A4F9FA570FD250 -- C:\Windows\SysNative\drivers\Wdf01000.sys
[2009.07.14 02:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) MD5=441BD2D7B4F98134C3A4F9FA570FD250 -- C:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_d24809e1379d1f91\Wdf01000.sys

< MD5 for: WIN32K.SYS >
[2012.01.14 05:00:52 | 003,148,288 | ---- | M] (Microsoft Corporation) MD5=0777AD78CEF3B17D12C3A1988282952B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21898_none_1750a188ca8132fd\win32k.sys
[2012.01.14 05:06:27 | 003,145,728 | ---- | M] (Microsoft Corporation) MD5=275D3946B0EC22BA13FE299E97ABF606 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17762_none_16e172c5b150a756\win32k.sys
[2012.01.14 05:05:42 | 003,148,288 | ---- | M] (Microsoft Corporation) MD5=2A6231EDD1728E97E5C73A4C995331EF -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21127_none_15b4cbcecd231d65\win32k.sys
[2011.11.24 05:45:10 | 003,146,752 | ---- | M] (Microsoft Corporation) MD5=338E48AB7810E1B223DFECD82C44F5A3 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_176f10b8ca6aac7c\win32k.sys
[2012.10.18 19:25:58 | 003,149,824 | ---- | M] (Microsoft Corporation) MD5=34B419EDEAC6F12B34908DE3758F98C9 -- C:\Windows\SysNative\win32k.sys
[2012.10.18 19:25:58 | 003,149,824 | ---- | M] (Microsoft Corporation) MD5=34B419EDEAC6F12B34908DE3758F98C9 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17977_none_16dba817b1543c48\win32k.sys
[2012.01.14 05:02:25 | 003,143,168 | ---- | M] (Microsoft Corporation) MD5=39FF1BFDC0D5868E8D032EA349D30F51 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16948_none_1516b753b4149b92\win32k.sys
[2011.11.24 05:52:41 | 003,146,240 | ---- | M] (Microsoft Corporation) MD5=3AD5AEA8772DBEB548D0863714D7959D -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_15691a74cd5be3d5\win32k.sys
[2012.04.02 04:01:19 | 003,143,680 | ---- | M] (Microsoft Corporation) MD5=44DC57624E27B6EF3EA24F4892CB2620 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16988_none_14eb77a3b4350b56\win32k.sys
[2012.06.12 04:08:36 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=511166D3F5D7EBA36DE48C4F5E195886 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17860_none_16df7417b15271cf\win32k.sys
[2011.11.24 06:00:47 | 003,141,632 | ---- | M] (Microsoft Corporation) MD5=55CF26CF771B086A393750BD494FD6FC -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_152454dbb40b98f8\win32k.sys
[2012.10.18 19:35:40 | 003,151,872 | ---- | M] (Microsoft Corporation) MD5=5C874B021D964326A38765955E108E7F -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21347_none_159f2fc2cd334f95\win32k.sys
[2011.11.24 05:52:09 | 003,145,216 | ---- | M] (Microsoft Corporation) MD5=6E810D7C1E3881289733924CE9763B92 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_16ffe1f5b13a20d5\win32k.sys
[2012.06.12 04:02:52 | 003,147,264 | ---- | M] (Microsoft Corporation) MD5=7FF70301AB5176FC3B72BD6C9B8BF888 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17039_none_15225fabb40bcc3a\win32k.sys
[2012.03.31 03:56:14 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=88592AB8F8AE4F7264A936AEE682BBE5 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21955_none_1778e240ca63745b\win32k.sys
[2012.10.18 19:18:22 | 003,147,264 | ---- | M] (Microsoft Corporation) MD5=8ABB4C73841402A9D30A4CC0B880FCE1 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17147_none_15159111b415b2a4\win32k.sys
[2012.10.18 19:14:46 | 003,151,872 | ---- | M] (Microsoft Corporation) MD5=9FE34DE5E7E97DA1AB228F71687BDB88 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22137_none_17905cb4ca519f90\win32k.sys
[2012.06.12 04:04:59 | 003,151,360 | ---- | M] (Microsoft Corporation) MD5=A8191824CC60305DD2313D7A74F95EDD -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21231_none_15a3fc0ccd309e73\win32k.sys
[2010.11.20 10:53:33 | 003,126,272 | ---- | M] (Microsoft Corporation) MD5=A89392A32BA98468710FD7E38318934B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_17197f29b1265401\win32k.sys
[2012.03.31 04:05:06 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=B132D7E1E53C5835B13E5F23394C3202 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21179_none_1580bcc6cd49dbc8\win32k.sys
[2012.06.12 03:58:04 | 003,151,872 | ---- | M] (Microsoft Corporation) MD5=BC91C50C20709D85A2137E689DC3ED19 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22016_none_17a4fa5cca425130\win32k.sys
[2009.07.14 00:40:40 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=CBEF2EB83438ED9FC39411CC8378B0E7 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_14e86b61b437d067\win32k.sys
[2012.03.31 04:10:03 | 003,146,240 | ---- | M] (Microsoft Corporation) MD5=F4C456F9235ED440B81107E951555411 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17803_none_1723547db11f162e\win32k.sys

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINSRV.DLL >
[2011.07.16 06:26:18 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=0CB6EBF4B461A6043353C570BD72A1E1 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_128f0019b5f25b8f\winsrv.dll
[2012.08.20 20:06:40 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=0E83424D4CEC0665A3A916AD6B261E53 -- C:\Windows\SoftwareDistribution\Download\8bc6d879943fb1718924ceb00f627453\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21306_none_13548c10cee23265\winsrv.dll
[2012.08.20 19:27:20 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=111AFE35DD2D423EE8E176CA7B2BBDC7 -- C:\Windows\SoftwareDistribution\Download\8bc6d879943fb1718924ceb00f627453\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22091_none_14d49672cc561df0\winsrv.dll
[2009.07.14 02:41:56 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=457B44AB6D502E55F64A867D4F35C76C -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll
[2011.06.24 06:26:55 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=6D408ABD60A995A2DAB4BAAE38BCA04F -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_12f25ea6cf2be9d0\winsrv.dll
[2012.08.18 16:42:31 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=79CDA06F75AD5373DD447F57575C4400 -- C:\Windows\SoftwareDistribution\Download\8bc6d879943fb1718924ceb00f627453\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17107_none_12cbeda9b5c3aecb\winsrv.dll
[2011.06.24 06:27:05 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=C13D05A015346DED3D722BE285814495 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll
[2010.11.20 14:27:28 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=E0406AEF04B088D1C49FC78D0546F689 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2011.06.24 06:34:53 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=EB6A48CC998E1090E44E8E7F1009A640 -- C:\Windows\SysNative\winsrv.dll
[2011.06.24 06:34:53 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=EB6A48CC998E1090E44E8E7F1009A640 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll
[2012.08.20 19:48:43 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=F46BBAAC1C4980F4D0DD463F190A42D3 -- C:\Windows\SoftwareDistribution\Download\8bc6d879943fb1718924ceb00f627453\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17932_none_148d033db306b9bc\winsrv.dll

< MD5 for: WS2_32.DLL >
[2010.11.20 14:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010.11.20 14:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< MD5 for: WSCRIPT.EXE >
[2009.07.14 02:39:57 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=8886E0697B0A93C521F99099EF643450 -- C:\Windows\SysNative\wscript.exe
[2009.07.14 02:39:57 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=8886E0697B0A93C521F99099EF643450 -- C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_a45d44bd1a0af822\wscript.exe
[2009.07.14 02:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=D1AB72DB2BEDD2F255D35DA3DA0D4B16 -- C:\Windows\SysWOW64\wscript.exe
[2009.07.14 02:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=D1AB72DB2BEDD2F255D35DA3DA0D4B16 -- C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\wscript.exe

< >

< %systemroot%\system32\logevent.dll /md5 >

< %systemroot%\system32\sceclt.dll /md5 >

< %systemroot%\system32\ntelogon.dll /md5 >

< %systemroot%\system32\consrv.dll /md5 >

< >

< %systemroot%\system32\logevent.dll /md5 /64 >

< %systemroot%\system32\sceclt.dll /md5 /64 >

< %systemroot%\system32\ntelogon.dll /md5 /64 >

< %systemroot%\system32\consrv.dll /md5 /64 >

< >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014.02.20 02:03:06 | 000,859,464 | ---- | M] (Google Inc.) MD5=6E6656C6618C4B0B000267D9AF9EF743 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %systemroot%\system32\Spool\prtprocs\*.* /s >
[2009.07.14 02:41:12 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\x64\jnwppr.dll
[2011.06.22 06:48:28 | 000,036,864 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\system32\Spool\prtprocs\x64\ssp7mpc.dll
[2010.11.20 14:27:28 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\x64\winprint.dll
[2009.07.14 16:17:26 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\Spool\prtprocs\x64\cs-CZ\LXKPTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /10 >

< %systemroot%\system32\drivers\*.sys /X >
[2009.06.10 22:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009.06.10 22:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /10 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\system32\config\*.sav >

< >

< c:\$Recycle.Bin|L,N,U,@;true;true;true /FN >

< c:\Windows\Installer|L,N,U,@;true;true;true /FN >

< >

< %systemroot%\Tasks\*.job >
[2014.02.23 14:11:32 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.02.23 14:52:00 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\*.* /U /s >
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[33 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp files -> C:\Windows\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[2 C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[3 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[2 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %systemroot%\*. /rp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >

< %ALLUSERSPROFILE%\Data Aplikácií\*.* >

< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %APPDATA%\*. >
[2012.12.01 19:03:28 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\.gephi
[2012.12.02 09:31:04 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Adobe
[2012.09.13 20:53:43 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Ahead
[2013.07.23 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Ancestry
[2012.12.04 18:18:56 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Autodesk
[2013.07.21 21:22:46 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\avidemux
[2013.07.26 14:51:29 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Bitmeter2
[2014.02.01 12:14:51 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\BitSpirit
[2013.06.09 05:45:27 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Blender Foundation
[2013.08.09 09:24:00 | 000,000,000 | R--D | M] -- C:\Users\caesar\AppData\Roaming\Brother
[2013.01.20 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\BSplayer PRO
[2012.09.13 20:10:14 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Canneverbe Limited
[2013.06.10 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.12.01 22:11:16 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.12.18 18:50:42 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Corel
[2012.02.27 19:05:50 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\DAEMON Tools
[2014.02.18 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\DAEMON Tools Lite
[2014.02.18 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\DAEMON Tools Pro
[2012.06.26 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\DassaultSystemes
[2014.02.23 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Dropbox
[2012.08.16 08:12:36 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\dvdcss
[2013.04.15 16:55:38 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\DVDVideoSoft
[2012.12.27 18:29:28 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Edraw Max
[2012.12.01 10:12:24 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\GetRightToGo
[2013.02.23 16:37:37 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\GHISLER
[2012.07.13 09:16:18 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\gtk-2.0
[2012.02.13 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Identities
[2014.02.18 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\inkscape
[2012.02.13 23:15:05 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\InstallShield
[2012.06.27 07:55:06 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\KeePass
[2012.02.14 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Macromedia
[2012.10.01 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Mathsoft
[2012.03.20 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\MathWorks
[2009.07.14 16:36:58 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Media Center Programs
[2013.07.03 15:12:57 | 000,000,000 | --SD | M] -- C:\Users\caesar\AppData\Roaming\Microsoft
[2012.02.14 14:00:32 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Miranda
[2012.07.17 10:16:44 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Mobile Atlas Creator
[2012.07.07 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Mozilla
[2012.08.07 20:44:03 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Nokia
[2013.02.23 15:33:20 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Notepad++
[2012.08.07 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\PC Suite
[2012.12.02 09:31:19 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.08.06 15:30:50 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\STV Software
[2012.07.18 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\TeamViewer
[2012.07.07 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Thunderbird
[2014.02.19 17:34:52 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\vlc
[2012.07.07 13:00:13 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\Windows Live Writer
[2012.02.14 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\WinRAR
[2013.12.07 20:52:36 | 000,000,000 | ---D | M] -- C:\Users\caesar\AppData\Roaming\XnView

< %APPDATA%\*.* >
[2014.02.23 14:13:47 | 001,569,280 | ---- | M] (xRgizs9q02T) -- C:\Users\caesar\AppData\Roaming\Windows.exe

< %APPDATA%\*.exe /s >
[2014.02.23 14:13:47 | 001,569,280 | ---- | M] (xRgizs9q02T) -- C:\Users\caesar\AppData\Roaming\Windows.exe
[2014.01.03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\caesar\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.01.03 01:47:26 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\caesar\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012.12.04 00:43:48 | 000,880,672 | ---- | M] (Dropbox, Inc.) -- C:\Users\caesar\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2013.06.10 09:07:16 | 000,055,424 | ---- | M] (Adobe Systems Inc.) -- C:\Users\caesar\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2014.02.23 14:13:47 | 001,569,280 | ---- | M] () -- C:\Users\caesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\52ae9a9b35c8ca9d61a092e4ad35cca9.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32|bak;true;false;false /fp >

< %PROGRAMFILES%|bak;true;false;false /fp >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.20 14:25:17 | 001,475,584 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2012.02.13 09:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd)
"OscarX7Mouse5Mode" = "C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe" Minimum -- [2012.03.20 16:52:10 | 003,521,024 | ---- | M] ()
"AdobeBridge" =

< End of report >

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 16:19
od krovak
omlouvám se, zde je vše požadované:

ComboFix 14-02-23.01 - caesar 23.02.2014 16:07:09.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3957.2026 [GMT 1:00]
Spuštěný z: d:\soft\viry.cz\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\caesar\AppData\Local\MSGBOX.EXE
c:\users\caesar\AppData\Roaming\Windows.exe
c:\windows\Extracted
c:\windows\Extracted\ccsetup409.exe
c:\windows\Extracted\Win.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-23 do 2014-02-23 )))))))))))))))))))))))))))))))
.
.
2014-02-23 15:14 . 2014-02-23 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-23 13:08 . 2014-02-23 13:13 1569280 ----a-w- c:\users\caesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\52ae9a9b35c8ca9d61a092e4ad35cca9.exe
2014-02-23 06:19 . 2014-02-23 13:17 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A4EBA2C-F8CC-4BE0-917D-DC4E9C193610}\offreg.dll
2014-02-22 15:47 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A4EBA2C-F8CC-4BE0-917D-DC4E9C193610}\mpengine.dll
2014-02-22 15:17 . 2014-02-22 15:17 15327 ----a-w- c:\users\caesar\AppData\Local\LM.bat
2014-02-22 14:56 . 2014-02-22 14:56 -------- d-----w- c:\programdata\dbg
2014-02-22 14:49 . 2010-02-01 11:26 149264 ----a-w- c:\windows\system32\symsrv.dll
2014-02-21 15:23 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-20 16:00 . 2014-02-22 15:19 -------- d-----w- C:\FRST
2014-02-18 20:44 . 2014-02-18 20:45 -------- d-----w- c:\program files\CCleaner
2014-02-01 21:00 . 2010-04-29 17:01 340520 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2014-02-01 21:00 . 2010-04-29 17:00 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2014-02-01 21:00 . 2010-04-29 17:00 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2014-02-01 21:00 . 2010-04-29 17:00 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2014-02-01 21:00 . 2010-04-29 17:00 102440 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2014-02-01 20:56 . 2014-02-01 20:56 -------- d-----w- c:\program files\WIDCOMM
2014-02-01 11:14 . 2014-02-01 11:14 -------- d-----w- c:\users\caesar\AppData\Roaming\BitSpirit
2014-02-01 11:14 . 2014-02-01 11:14 -------- d-----w- c:\program files (x86)\Common Files\BitSpirit
2014-02-01 11:14 . 2014-02-01 11:14 -------- d-----w- c:\program files (x86)\BitSpirit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 07:33 . 2012-02-14 08:24 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\caesar\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\caesar\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\caesar\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\caesar\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"OscarX7Mouse5Mode"="c:\program files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe" [2012-03-20 3521024]
.
c:\users\caesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
52ae9a9b35c8ca9d61a092e4ad35cca9.exe [2014-2-23 1569280]
Dropbox.lnk - c:\users\caesar\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-3-26 4656632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files (x86)\Codebox\BitMeter\BitMeter2.exe [2011-4-17 1462272]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-29 1127712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SensorsVService;SensorsVService;c:\program files (x86)\SensorsViewPro42\svservice.exe;c:\program files (x86)\SensorsViewPro42\svservice.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WIN64AST;WIN64AST;d:\soft\viry.cz\win64ST\WIN64AST.sys;d:\soft\viry.cz\win64ST\WIN64AST.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R4 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe [x]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R4 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S1 sensorsview;sensorsview;c:\program files (x86)\SensorsViewPro42\drv\sensorsview32_64.sys;c:\program files (x86)\SensorsViewPro42\drv\sensorsview32_64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - PCHunter64af
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-22 07:57 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 15:36]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 15:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\caesar\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\caesar\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\caesar\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\caesar\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-10 16413288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-10-05 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download Using &BitSpirit - c:\program files (x86)\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{46B8FF93-7760-4727-9A8C-828658687EB0}: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{46B8FF93-7760-4727-9A8C-828658687EB0}\144425F4C464: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46B8FF93-7760-4727-9A8C-828658687EB0}\144425F4C464F523: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{46B8FF93-7760-4727-9A8C-828658687EB0}\25A5: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{46B8FF93-7760-4727-9A8C-828658687EB0}\34F644: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{46B8FF93-7760-4727-9A8C-828658687EB0}\E616D656374796: DhcpNameServer = 77.95.40.10 77.95.42.102
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-52ae9a9b35c8ca9d61a092e4ad35cca9 - c:\users\caesar\AppData\Roaming\Windows.exe
AddRemove-Call of Duty - c:\games\CALLOF~1\Uninstall\Unwise.exe
AddRemove-COMSOL43 - c:\comsol\COMSOL43\bin\win64\comsoluninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1214931475-1963704409-3014128974-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DEC95A9-0C8C-7A57-5891-1B9F351575DE}*]
"iajmkkofhagbnggppp"=hex:69,61,6a,6a,69,64,6e,6f,70,62,68,6d,70,6a,64,6f,61,65,
00,76
"hahheklbifechcnp"=hex:69,61,6a,6a,69,64,6e,6f,70,62,68,6d,70,6a,64,6f,61,65,
00,76
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-02-23 16:18:00
ComboFix-quarantined-files.txt 2014-02-23 15:17
.
Před spuštěním: Volných bajtů: 15 097 556 992
Po spuštění: Volných bajtů: 14 795 177 984
.
- - End Of File - - 5C1A05C8C5EF80E2EC54169FBAAF48B8

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 17:12
od krovak
Nejde mi vymazat, protože je používán procesem, který se mi nedaří najít: c:\users\caesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\52ae9a9b35c8ca9d61a092e4ad35cca9.exe


bohužel, ale soubor nemůžu ve složce najít: c:\users\caesar\AppData\Local\LM.bat

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 17:35
od krovak
drží ho tam windows.exe, smazáno :)

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 17:36
od krovak
LM.bat jsem nenašel ani přes PCHuntra :(

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 18:11
od krovak
není tam :)

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 18:12
od krovak
windows.exe stále běží

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 18:19
od krovak
Abych to nějak shrnul. Ve složce "Po spuštění" už není 52ae9a9b35c8ca9d61a092e4ad35cca9.exe. Nicméně stále běží proces windows.exe, stále ho vidím ve správci procesů. Snažil jsem se najít i sobor LM.bat, ale neúspěšně i programem PChunter. Nevím kam zmizel, ale není na svém místě není :(. Jaký další postup navrhuješ?

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 18:22
od krovak
Přikládám soubor z pchuntru

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 18:32
od krovak
ok..už se na tom pracuje .)

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 18:37
od krovak
ještě v textové podobě: (moduly windows.exe)

[PC Hunter Standard][[Windows.exe]Process Modules(110)]: 110
Module Path Base Size File Corporation
C:\Users\caesar\AppData\Roaming\Windows.exe 0x0000000000230000 0x0000000000186000
C:\Windows\SYSTEM32\ntdll.dll 0x0000000077B20000 0x00000000001A9000 Microsoft Corporation
C:\Windows\SYSTEM32\MSCOREE.DLL 0x000007FEF4160000 0x000000000006F000 Microsoft Corporation
C:\Windows\system32\KERNEL32.dll 0x0000000077750000 0x000000000011F000 Microsoft Corporation
C:\Windows\system32\KERNELBASE.dll 0x000007FEFE2A0000 0x000000000006C000 Microsoft Corporation
C:\Windows\system32\guard64.dll 0x0000000180000000 0x0000000000064000 COMODO
C:\Windows\system32\USER32.dll 0x0000000077440000 0x00000000000FA000 Microsoft Corporation
C:\Windows\system32\GDI32.dll 0x000007FEFE6D0000 0x0000000000067000 Microsoft Corporation
C:\Windows\system32\LPK.dll 0x000007FEFF9E0000 0x000000000000E000 Microsoft Corporation
C:\Windows\system32\USP10.dll 0x000007FEFE350000 0x00000000000C9000 Microsoft Corporation
C:\Windows\system32\msvcrt.dll 0x000007FEFF860000 0x000000000009F000 Microsoft Corporation
C:\Windows\system32\ADVAPI32.dll 0x000007FEFF760000 0x00000000000DB000 Microsoft Corporation
C:\Windows\SYSTEM32\sechost.dll 0x000007FEFF840000 0x000000000001F000 Microsoft Corporation
C:\Windows\system32\RPCRT4.dll 0x000007FEFE430000 0x000000000012D000 Microsoft Corporation
C:\Windows\system32\IMM32.DLL 0x000007FEFFE00000 0x000000000002E000 Microsoft Corporation
C:\Windows\system32\MSCTF.dll 0x000007FEFFCF0000 0x0000000000109000 Microsoft Corporation
C:\Windows\system32\fltlib.dll 0x000007FEFDF60000 0x0000000000009000 Microsoft Corporation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll 0x000007FEF4060000 0x0000000000090000 Microsoft Corporation
C:\Windows\system32\SHLWAPI.dll 0x000007FEFE5B0000 0x0000000000071000 Microsoft Corporation
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll 0x000007FEF36C0000 0x000000000099C000 Microsoft Corporation
C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\MSVCR80.dll 0x0000000074F30000 0x00000000000C9000 Microsoft Corporation
C:\Windows\system32\shell32.dll 0x000007FEFE950000 0x0000000000D88000 Microsoft Corporation
C:\Windows\system32\ole32.dll 0x000007FEFE740000 0x0000000000203000 Microsoft Corporation
C:\Windows\system32\profapi.dll 0x000007FEFDF70000 0x000000000000F000 Microsoft Corporation
C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll 0x000007FEF27E0000 0x0000000000EDC000 Microsoft Corporation
C:\Windows\system32\CRYPTBASE.dll 0x000007FEFDE90000 0x000000000000F000 Microsoft Corporation
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll 0x000007FEF2650000 0x0000000000184000 Microsoft Corporation
C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll 0x000007FEF1C20000 0x0000000000A2D000 Microsoft Corporation
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll 0x000007FEF1570000 0x00000000006A5000 Microsoft Corporation
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\e56d345b174428dabaf908fa64a9642c\System.Web.Services.ni.dll 0x000007FEF1330000 0x0000000000233000 Microsoft Corporation
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll 0x000007FEF0EB0000 0x0000000000239000 Microsoft Corporation
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll 0x000007FEEED00000 0x0000000001097000 Microsoft Corporation
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\71fad01a6a054ec314c0ae812a8d6369\Microsoft.VisualBasic.ni.dll 0x000007FEF10F0000 0x000000000020D000 Microsoft Corporation
C:\Windows\system32\apphelp.dll 0x000007FEFDE30000 0x0000000000057000 Microsoft Corporation
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll 0x0000000074880000 0x000000000004E000 Microsoft Corporation
C:\Windows\system32\shfolder.dll 0x000007FEFC7D0000 0x0000000000007000 Microsoft Corporation
C:\Windows\system32\uxtheme.dll 0x000007FEFBE10000 0x0000000000056000 Microsoft Corporation
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll 0x000007FEF09C0000 0x0000000000143000 Microsoft Corporation
C:\Windows\system32\dwmapi.dll 0x000007FEFB2E0000 0x0000000000018000 Microsoft Corporation
C:\Windows\system32\ws2_32.dll 0x000007FEFE560000 0x000000000004D000 Microsoft Corporation
C:\Windows\system32\NSI.dll 0x000007FEFE420000 0x0000000000008000 Microsoft Corporation
C:\Windows\system32\mswsock.dll 0x000007FEFD6A0000 0x0000000000055000 Microsoft Corporation
C:\Windows\System32\wshtcpip.dll 0x000007FEFCF90000 0x0000000000007000 Microsoft Corporation
C:\Windows\System32\wship6.dll 0x000007FEFD690000 0x0000000000007000 Microsoft Corporation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL 0x000007FEF9460000 0x000000000002F000 Microsoft Corp.
C:\Windows\system32\PSAPI.DLL 0x0000000077CF0000 0x0000000000007000 Microsoft Corporation
C:\Windows\system32\DNSAPI.dll 0x000007FEFD520000 0x000000000005B000 Microsoft Corporation
C:\Windows\system32\IPHLPAPI.DLL 0x000007FEF9C60000 0x0000000000027000 Microsoft Corporation
C:\Windows\system32\WINNSI.DLL 0x000007FEF9C50000 0x000000000000B000 Microsoft Corporation
C:\Windows\system32\dhcpcsvc.DLL 0x000007FEF9AD0000 0x0000000000018000 Microsoft Corporation
C:\Windows\system32\dhcpcsvc6.DLL 0x000007FEF9A00000 0x0000000000011000 Microsoft Corporation
C:\Windows\system32\rasadhlp.dll 0x000007FEF97F0000 0x0000000000008000 Microsoft Corporation
C:\Windows\System32\fwpuclnt.dll 0x000007FEF9B00000 0x0000000000053000 Microsoft Corporation
C:\Windows\system32\SspiCli.dll 0x000007FEFDE00000 0x0000000000025000 Microsoft Corporation
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\98059f32b988a3e2d869e9b3bf56db17\System.Management.ni.dll 0x000007FEFB130000 0x000000000016C000 Microsoft Corporation
C:\Windows\system32\CRYPTSP.dll 0x000007FEFD700000 0x0000000000017000 Microsoft Corporation
C:\Windows\system32\rsaenh.dll 0x000007FEFD400000 0x0000000000047000 Microsoft Corporation
C:\Windows\system32\RpcRtRemote.dll 0x00000000023A0000 0x0000000000014000 Microsoft Corporation
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\wminet_utils.dll 0x00000642FFFF0000 0x000000000000D000 Microsoft Corporation
C:\Windows\system32\OLEAUT32.dll 0x000007FEFF900000 0x00000000000D7000 Microsoft Corporation
C:\Windows\system32\CLBCatQ.DLL 0x000007FEFE630000 0x0000000000099000 Microsoft Corporation
C:\Windows\system32\wbem\wmiutils.dll 0x000007FEF7100000 0x0000000000026000 Microsoft Corporation
C:\Windows\system32\wbemcomn.dll 0x000007FEFBB20000 0x0000000000086000 Microsoft Corporation
C:\Windows\system32\wbem\wbemprox.dll 0x000007FEFBBB0000 0x000000000000F000 Microsoft Corporation
C:\Windows\system32\avicap32.dll 0x000007FEFB110000 0x0000000000017000 Microsoft Corporation
C:\Windows\system32\WINMM.dll 0x000007FEFCB40000 0x000000000003B000 Microsoft Corporation
C:\Windows\system32\VERSION.dll 0x000007FEFCEC0000 0x000000000000C000 Microsoft Corporation
C:\Windows\system32\MSVFW32.dll 0x000007FEFB0E0000 0x0000000000029000 Microsoft Corporation
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll 0x000007FEFC660000 0x00000000000A0000 Microsoft Corporation
C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll 0x000007FEFBBF0000 0x0000000000216000 Microsoft Corporation
C:\Windows\system32\sxs.dll 0x000007FEFDEA0000 0x0000000000091000 Microsoft Corporation
C:\Windows\system32\devenum.dll 0x000007FEFB0C0000 0x0000000000016000 Microsoft Corporation
C:\Windows\system32\setupapi.dll 0x000007FEFFA70000 0x00000000001D7000 Microsoft Corporation
C:\Windows\system32\CFGMGR32.dll 0x000007FEFE030000 0x0000000000036000 Microsoft Corporation
C:\Windows\system32\DEVOBJ.dll 0x000007FEFE1E0000 0x000000000001A000 Microsoft Corporation
C:\Windows\system32\ntmarta.dll 0x000007FEFB4F0000 0x000000000002D000 Microsoft Corporation
C:\Windows\system32\WLDAP32.dll 0x000007FEFF700000 0x0000000000052000 Microsoft Corporation
C:\Windows\system32\WINTRUST.dll 0x000007FEFE310000 0x0000000000039000 Microsoft Corporation
C:\Windows\system32\CRYPT32.dll 0x000007FEFE070000 0x000000000016A000 Microsoft Corporation
C:\Windows\system32\MSASN1.dll 0x000007FEFE020000 0x000000000000F000 Microsoft Corporation
C:\Windows\system32\msdmo.dll 0x000007FEFB0B0000 0x000000000000D000 Microsoft Corporation
C:\Windows\system32\MMDevAPI.DLL 0x000007FEFB3A0000 0x000000000004B000 Microsoft Corporation
C:\Windows\system32\PROPSYS.dll 0x000007FEFBE70000 0x000000000012C000 Microsoft Corporation
C:\Windows\system32\wdmaud.drv 0x000007FEF5400000 0x000000000003B000 Microsoft Corporation
C:\Windows\system32\ksuser.dll 0x0000000074910000 0x0000000000006000 Microsoft Corporation
C:\Windows\system32\AVRT.dll 0x000007FEFB4C0000 0x0000000000009000 Microsoft Corporation
C:\Windows\system32\AUDIOSES.DLL 0x000007FEF5EF0000 0x000000000004F000 Microsoft Corporation
C:\Windows\system32\msacm32.drv 0x000007FEF70F0000 0x000000000000A000 Microsoft Corporation
C:\Windows\system32\MSACM32.dll 0x000007FEF5F40000 0x0000000000018000 Microsoft Corporation
C:\Windows\system32\midimap.dll 0x000007FEF5EE0000 0x0000000000009000 Microsoft Corporation
C:\Windows\system32\quartz.dll 0x000007FEFAEF0000 0x00000000001B2000 Microsoft Corporation
C:\Windows\system32\imaadp32.acm 0x000007FEFAEE0000 0x000000000000A000 Microsoft Corporation
C:\Windows\system32\msg711.acm 0x000007FEFAED0000 0x0000000000008000 Microsoft Corporation
C:\Windows\system32\msgsm32.acm 0x000007FEFAEC0000 0x000000000000B000 Microsoft Corporation
C:\Windows\system32\msadp32.acm 0x000007FEFAEB0000 0x000000000000A000 Microsoft Corporation
C:\Windows\System32\l3codeca.acm 0x000007FEFAE90000 0x0000000000018000 Fraunhofer Institut Integrierte Schaltungen IIS
C:\Windows\system32\qcap.dll 0x000007FEFAE60000 0x000000000002F000 Microsoft Corporation
C:\Windows\System32\qedit.dll 0x000007FEFADC0000 0x000000000009B000 Microsoft Corporation
C:\Windows\system32\COMDLG32.dll 0x000007FEFFC50000 0x0000000000097000 Microsoft Corporation
C:\Windows\system32\ksproxy.ax 0x000007FEFAD70000 0x0000000000041000 Microsoft Corporation
C:\Windows\system32\d3d9.dll 0x000007FEFAB70000 0x00000000001FF000 Microsoft Corporation
C:\Windows\system32\d3d8thk.dll 0x000007FEFAB60000 0x0000000000007000 Microsoft Corporation
C:\Windows\system32\vidcap.ax 0x000007FEFAB50000 0x000000000000B000 Microsoft Corporation
C:\Windows\system32\kswdmcap.ax 0x000007FEFAB20000 0x0000000000024000 Microsoft Corporation
C:\Windows\system32\MFC42.dll 0x000007FEFA9C0000 0x000000000015C000 Microsoft Corporation
C:\Windows\system32\ODBC32.dll 0x000007FEFA900000 0x00000000000B1000 Microsoft Corporation
C:\Windows\system32\odbcint.dll 0x0000000074790000 0x0000000000038000 Microsoft Corporation
C:\Windows\system32\qdv.dll 0x000007FEFA8B0000 0x0000000000041000 Microsoft Corporation
C:\Windows\system32\DDRAW.dll 0x000007FEED430000 0x00000000000F1000 Microsoft Corporation
C:\Windows\system32\DCIMAN32.dll 0x000007FEF4900000 0x0000000000008000 Microsoft Corporation

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 19:07
od krovak
Bohužel, bojuji s tím. Samotný soubor poslat nemohu a když se ho v procesech snažím vypnout, tak se mi restartuje počítač po modré obrazovce :(. Zkusím to ještě jednou

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 19:09
od krovak
Nevím proč, ale ve spuštěných procesech jsem ho nenašel a ve složce už také není. Co tedy dále?

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 19:45
od krovak
Toto je výsledek:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2014 01
Ran by caesar at 2014-02-23 19:39:38 Run:1
Running from G:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [52ae9a9b35c8ca9d61a092e4ad35cca9] - C:\Users\caesar\AppData\Roaming\Windows.exe [1569280 2014-02-18] (xRgizs9q02T)
HKU\S-1-5-21-1214931475-1963704409-3014128974-1000\...\Run: [52ae9a9b35c8ca9d61a092e4ad35cca9] - C:\Users\caesar\AppData\Roaming\Windows.exe [1569280 2014-02-18] (xRgizs9q02
C:\Users\caesar\AppData\Local\MSGBOX.EXE
C:\Users\caesar\AppData\Roaming\Windows.exe
C:\Users\caesar\AppData\Local\Temp\tmpEE41.tmp.exe
Startup: C:\Users\caesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\52ae9a9b35c8ca9d61a092e4ad35cca9.exe ()

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\52ae9a9b35c8ca9d61a092e4ad35cca9 => Unable to delete value
HKU\S-1-5-21-1214931475-1963704409-3014128974-1000\Software\Microsoft\Windows\CurrentVersion\Run\\52ae9a9b35c8ca9d61a092e4ad35cca9 => Unable to delete value
Could not move "C:\Users\caesar\AppData\Local\MSGBOX.EXE" => Scheduled to move on reboot.
"C:\Users\caesar\AppData\Roaming\Windows.exe" => File/Directory not found.
"C:\Users\caesar\AppData\Local\Temp\tmpEE41.tmp.exe" => File/Directory not found.
C:\Users\caesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\52ae9a9b35c8ca9d61a092e4ad35cca9.exe not found.

Re: Prosím o kontrolu logu :)

Napsal: 23 úno 2014 20:18
od krovak
Zmaten jsem i já. Musím rar rozdělit do více částí, je příliš veliký

při balení souboru vyskočila hláška:
! C:\Qoobox.rar: Nelze otevřít C:\Qoobox\Quarantine\C\Users\caesar\AppData\Roaming\Windows.exe.vir
! Přístup byl odepřen.
! C:\Qoobox.rar: Nelze otevřít C:\Qoobox\Quarantine\C\Windows\Extracted\Win.exe.vir
! Přístup byl odepřen.
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz