Prev.kontrola

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[digiart]

Log z Rkillu a zachvíli dám i z Combofixu.

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/21/2014 09:15:44 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\vssvc.exe (PID: 2928) [WD-HEUR]
* C:\Windows\system32\wbem\WmiApSrv.exe (PID: 3044) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:
C:\Users\Digiart\Desktop\rkill\rkill-05-21-2014-09-15-49.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\dllhost.exe : 7 168 : 05/03/2014 01:35 PM : d9f6559520a4b98265275d6205ad98b3 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe : 7 168 : 05/03/2014 01:35 PM : d9f6559520a4b98265275d6205ad98b3 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 05/21/2014 09:16:54 PM
Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)

[digiart]

Z Combofixu

ComboFix 14-05-19.01 - Digiart 21.05.2014 21:24:24.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2046.884 [GMT 2:00]
Spuštěný z: c:\users\Digiart\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Digiart\AppData\Local\assembly\tmp
c:\users\Digiart\AppData\Local\Plus500
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\BigLoading.gif
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_AutoYScaleDown.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_AutoYScaleUp.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_Cancel.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_cashier.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_CrosshairDown.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_CrosshairUp.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_DemoMode.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_downarrow_red.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_Help.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_ChartSettings.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_MoveDown.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_MoveUp.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_OK.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_RateAlerts.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_RealMode.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_Search.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_SetupIndicators.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_SwitchToCandleStick.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_SwitchToFun.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_SwitchToLine.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_SwitchToReal.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_ZoomIn.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_ZoomOut.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\but_ZoomReset.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_ABNAMRO.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_AboutWallpaper.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_ArrowDown.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_ArrowUp.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_Barclays.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_BigBell.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_BigBellSelected.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_BigFavorite.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_BigFavoriteSelected.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_BuySellWallpaper.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_CashierMainWallpaper.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_CashierMainWallpaper1.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_CashierMainWallpaper1s.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_CashierMainWallpaper2.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_CashierMainWallpaper2s.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_CashierMainWallpaper3.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_CashierMainWallpaper3s.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_CommonwealthBank.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_Error.PNG
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_ChartToolbar.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_IBB.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_InstrumentScreenLeftWallpaper.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_InstrumentScreenRightWallpaper.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_LoginWallpaper.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyIconsImageList0.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyIconsImageList1.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyIconsImageList2.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyIconsImageList3.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyIconsImageList4.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyIconsImageList5.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyIconsImageList6.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyIconsImageList7.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyIconsImageList8.bmp
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyLeftWallpaper.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_MainLobbyRightWallpaper.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\img_RateUs.png
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\InvestSmallBtns.ssk
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\InvestSoft.ssk
c:\users\Digiart\AppData\Local\Plus500\Languages\en\Images\Loading.gif
c:\users\Digiart\AppData\Local\Plus500\Main\configuration.xml
c:\users\Digiart\AppData\Local\Plus500\Main\InstrumentsInfo.xml
c:\users\Digiart\AppData\Local\Plus500\Main\InvestSoft.log
c:\users\Digiart\AppData\Local\Plus500\Main\InvestSoft.log.1
c:\users\Digiart\AppData\Local\Plus500\Main\InvestSoft.log.2
c:\users\Digiart\AppData\Local\Plus500\Main\InvestSoft.log.3
c:\users\Digiart\AppData\Local\Plus500\Main\InvestSoft.log.4
c:\users\Digiart\AppData\Local\Plus500\Main\InvestSoftProject.exe
c:\users\Digiart\AppData\Local\Plus500\Main\InvestSoftProject.jdbg
c:\users\Digiart\AppData\Local\Plus500\Main\log4delphi.log
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\AboutGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\AboutGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\AlertsGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\AlertsGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\BuySellGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\BuySellGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierDepositGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierDepositGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierGUIbrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierHistoryGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierHistoryGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierMainGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierMainGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierReportsGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierReportsGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ClosePositionGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ClosePositionGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\Countries.xml
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CreateUserGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\CreateUserGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\DontShowAgainGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\DontShowAgainGUIbrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ChartGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ChartGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\InvestSoft.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\InvestSoftBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IsRealGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\IsRealGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\LoginGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\LoginGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\MainLobbyGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\MainLobbyGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ProcessingGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ProcessingGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\RateAlertGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\RateAlertGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\RateUsGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\RateUsGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\SettingsGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\SettingsGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\UploadFileGUI.sil
c:\users\Digiart\AppData\Local\Plus500\Main\SIL\UploadFileGUIBrand.sil
c:\users\Digiart\AppData\Local\Plus500\Update\500w.exe
c:\users\Digiart\AppData\Local\Plus500\Update\500z.exe
c:\users\Digiart\AppData\Local\Plus500\Update\product.ico
c:\users\Digiart\AppData\Local\Plus500\Update\ResourceChange.exe
c:\users\Digiart\AppData\Local\Plus500\Update\uninstall.ico
c:\users\Digiart\AppData\Roaming\.#
c:\users\Digiart\AppData\Roaming\inst.exe
c:\users\Digiart\AppData\Roaming\poclbm
c:\users\Digiart\AppData\Roaming\poclbm\poclbm.ini
c:\users\Digiart\AppData\Roaming\Roaming
c:\users\Digiart\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\DEBUG.log
c:\windows\system32\logs
c:\windows\system32\server.log
c:\windows\system32\win.ini
c:\windows\wininit.ini
J:\setup.exe
.
Nakažená kopie c:\windows\ehome\ehrecvr.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.20771_none_bdd045689c0b058c\ehrecvr.exe
.
c:\windows\ehome\ehsched.exe . . . je infikován!!
.
c:\windows\System32\alg.exe . . . je infikován!!
.
c:\windows\System32\dllhost.exe . . . je infikován!!
.
c:\windows\System32\msdtc.exe . . . je infikován!!
.
Nakažená kopie c:\windows\System32\msiexec.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_4957caefe76d7816\msiexec.exe
.
c:\windows\System32\rundll32.exe . . . je infikován!!
.
c:\windows\System32\snmptrap.exe . . . je infikován!!
.
Nakažená kopie c:\windows\System32\sppsvc.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7600.16385_none_1a37ad9b82468857\sppsvc.exe
.
Nakažená kopie c:\windows\System32\VSSVC.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_5aa3249a792b0938\VSSVC.exe
.
c:\windows\System32\wbem\wmiapsrv.exe . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-21 do 2014-05-21 )))))))))))))))))))))))))))))))
.
.
2014-05-21 19:51 . 2014-05-21 19:55 -------- d-----w- c:\users\Digiart\AppData\Local\temp
2014-05-21 19:51 . 2014-05-21 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-21 19:51 . 2014-05-21 19:51 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2014-05-21 18:51 . 2014-05-21 18:51 -------- d-----w- c:\program files\trend micro
2014-05-21 18:51 . 2014-05-21 18:51 -------- d-----w- C:\rsit
2014-05-21 17:58 . 2014-05-21 17:58 -------- d-----w- c:\programdata\Malwarebytes
2014-05-21 17:58 . 2014-05-21 18:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-05-21 17:58 . 2014-05-21 17:58 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-21 17:57 . 2014-05-21 17:57 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-20 22:08 . 2014-05-20 22:17 -------- d-----w- c:\programdata\SecTaskMan
2014-05-20 22:08 . 2014-05-20 22:08 -------- d-----w- c:\program files\Security Task Manager
2014-05-20 15:43 . 2014-05-20 15:44 -------- d-----w- c:\program files\CCleaner
2014-05-20 10:30 . 2014-05-20 10:30 -------- d-----w- c:\programdata\CheckPoint
2014-05-18 22:12 . 2014-05-18 22:26 -------- d---a-w- C:\bd_logs
2014-05-18 19:15 . 2014-05-18 19:26 -------- d-----w- c:\users\TEMP
2014-05-18 15:46 . 2014-05-18 15:46 -------- d-----w- c:\users\Digiart\AppData\Roaming\AVAST Software
2014-05-18 15:44 . 2014-05-18 15:45 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-18 15:44 . 2014-05-18 15:45 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-18 15:44 . 2014-05-18 15:45 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-18 15:44 . 2014-05-18 15:44 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-18 15:44 . 2014-05-18 15:44 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-18 15:44 . 2014-05-18 15:44 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-18 15:44 . 2014-05-18 15:44 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-18 15:44 . 2014-05-18 15:44 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-18 15:44 . 2014-05-18 15:44 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-18 15:44 . 2014-05-18 15:44 43152 ----a-w- c:\windows\avastSS.scr
2014-05-18 15:43 . 2014-05-18 15:43 -------- d-----w- c:\program files\AVAST Software
2014-05-18 15:42 . 2014-05-18 15:42 -------- d-----w- c:\programdata\AVAST Software
2014-05-14 21:41 . 2014-05-15 16:04 -------- d-----w- c:\program files\Electronic Arts
2014-05-14 16:52 . 2014-05-14 16:52 -------- d-sh--w- c:\users\Digiart\AppData\Local\EmieUserList
2014-05-14 16:52 . 2014-05-14 16:52 -------- d-sh--w- c:\users\Digiart\AppData\Local\EmieSiteList
2014-05-12 08:21 . 2014-05-12 09:35 -------- d-----w- c:\program files\McAfee Security Scan
2014-05-12 07:43 . 2014-04-14 18:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-11 10:27 . 2000-12-08 19:59 122880 ----a-w- c:\windows\UnGins.exe
2014-05-11 10:27 . 2014-05-12 09:38 -------- d-----w- c:\program files\REL Link Checker Lite
2014-05-11 07:51 . 2014-05-15 15:22 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-05-10 07:29 . 2014-05-10 07:37 -------- d-----w- c:\windows\system32\MRT
2014-05-10 07:23 . 2014-05-10 07:23 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-05-10 07:23 . 2014-05-10 07:23 619520 ----a-w- c:\windows\system32\tdh.dll
2014-05-10 07:23 . 2014-05-10 07:23 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-05-10 07:23 . 2014-05-10 07:23 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-05-10 07:23 . 2014-05-10 07:23 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-05-10 07:23 . 2014-05-10 07:23 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-10 07:23 . 2014-05-10 07:23 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-05-10 07:23 . 2014-05-10 07:23 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-05-10 07:19 . 2014-05-10 07:19 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-05-10 07:02 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63C17C14-6283-4A1F-B6AA-588A843E711C}\mpengine.dll
2014-05-10 07:02 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-05-09 12:46 . 2014-05-12 09:37 -------- d-----w- c:\program files\webcam 7
2014-05-07 07:23 . 2014-05-07 07:32 -------- d-----w- c:\program files\Sim 2
2014-05-03 21:29 . 2014-05-03 21:29 -------- d-----w- c:\program files\ZD Soft
2014-05-03 09:10 . 2014-05-03 09:10 -------- d-----w- C:\adobeTemp
2014-05-01 14:29 . 2014-05-01 14:29 -------- d-----w- c:\program files\Tracker Software
2014-05-01 10:43 . 2006-01-11 12:55 219136 ----a-w- c:\windows\system32\drivers\BTCamDrv.sys
2014-05-01 10:43 . 2014-05-01 10:56 -------- d-----w- c:\program files\Mobiola Web Camera USB
2014-05-01 06:13 . 2014-05-01 06:13 -------- d-----w- c:\users\Digiart\AppData\Roaming\WeatherWatcherLive
2014-05-01 06:12 . 2014-05-01 06:13 -------- d-----w- c:\program files\Weather Watcher Live
2014-04-30 09:21 . 2014-04-30 09:21 -------- d-----w- c:\programdata\TreeCardGames
2014-04-30 09:21 . 2014-05-19 04:55 -------- d-----w- c:\users\Digiart\AppData\Roaming\MahJong Suite
2014-04-30 09:19 . 2014-04-30 09:21 -------- d-----w- c:\program files\MahJong Suite
2014-04-29 16:37 . 2014-04-29 16:37 -------- d-----w- c:\users\Digiart\AppData\Roaming\Two Pilots
2014-04-29 16:29 . 2014-05-03 09:16 -------- d-----w- c:\program files\Exif Pilot
2014-04-28 11:21 . 2014-04-28 11:22 -------- d-----w- c:\program files\FastStone Capture
2014-04-28 06:41 . 2014-04-28 06:42 -------- d-----w- c:\programdata\DVD Shrink
2014-04-28 06:40 . 2014-04-28 06:42 -------- d-----w- c:\program files\DVD Shrink
2014-04-27 15:53 . 2014-03-26 18:24 204064 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-04-27 15:53 . 2014-03-26 18:23 104736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-04-26 08:38 . 2014-04-26 08:39 -------- d-----w- c:\program files\webcamXP5
2014-04-25 11:47 . 2014-04-25 11:47 -------- d-----w- c:\users\Digiart\AppData\Roaming\SimCity
2014-04-25 11:41 . 2014-04-25 11:41 -------- d-----w- c:\program files\R.G. Mechanics
2014-04-24 14:20 . 2014-04-24 16:40 -------- d-----w- c:\program files\Cabela's Big Game Hunter Pro Hunts
2014-04-23 09:42 . 2014-05-13 21:44 -------- d-----w- c:\users\Digiart\VirtualBox VMs
2014-04-22 23:50 . 2014-05-13 22:19 -------- d-----w- c:\users\Digiart\.VirtualBox
2014-04-22 23:48 . 2014-04-22 23:48 -------- d-----w- c:\program files\Oracle
2014-04-22 16:18 . 2014-04-22 16:18 -------- d-----w- c:\program files\CrystalDiskInfo
2014-04-22 11:02 . 2014-04-22 11:02 -------- d-----w- c:\programdata\McAfee
2014-04-21 21:06 . 2014-04-21 21:07 -------- d-----w- c:\program files\thriXXX
2014-04-21 21:06 . 2014-04-21 21:06 -------- d-----w- c:\users\Digiart\AppData\Roaming\thriXXX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-18 15:44 . 2014-05-18 15:44 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400427940902
2014-05-18 15:44 . 2014-05-18 15:44 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400427940902
2014-05-13 21:31 . 2013-08-22 22:31 164880 ---ha-w- c:\users\Digiart\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2014-05-12 07:50 . 2013-03-03 12:26 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 07:50 . 2013-03-03 12:26 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-02 03:28 . 2013-06-23 17:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2014-05-02 03:28 . 2013-06-23 17:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2014-05-01 06:06 . 2013-07-24 18:06 286720 ------w- c:\windows\Setup1.exe
2014-04-02 23:23 . 2014-04-02 23:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-04-02 23:23 . 2014-04-02 23:23 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-03-31 18:50 . 2013-10-21 17:20 453632 ----a-w- c:\windows\system32\vds.exe
2014-03-31 18:49 . 2009-07-13 23:36 35840 ----a-w- c:\windows\system32\UI0Detect.exe
2014-03-31 09:53 . 2014-02-26 22:10 47360 ----a-w- c:\users\Digiart\AppData\Roaming\pcouffin.sys
2014-03-31 07:35 . 2013-02-28 22:03 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-26 18:23 . 2014-03-26 18:23 116512 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-03-26 18:23 . 2014-03-26 18:23 126752 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2014-03-26 18:23 . 2014-03-26 18:23 174880 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2014-03-25 15:33 . 2014-03-25 15:33 972432 ----a-w- c:\windows\boinc.scr
2014-03-18 22:18 . 2014-03-18 22:18 346112 ----a-w- c:\windows\system32\LiveWrapRTSP.dll
2014-03-17 18:44 . 2014-03-17 18:44 7153040 ----a-w- C:\Corel_VideoStudio_Pro_X7_downloader.exe
2014-03-16 08:27 . 2014-03-16 08:27 7731626 ----a-w- C:\guiminer-20121203.exe
2014-03-07 08:28 . 2014-03-07 08:28 180224 ----a-w- c:\program files\ZendGuard.exe
2014-02-26 23:44 . 2014-02-26 22:10 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-19 23:19 222832 ----a-w- c:\users\Digiart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-19 23:19 222832 ----a-w- c:\users\Digiart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-19 23:19 222832 ----a-w- c:\users\Digiart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:33 1720976 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:33 1720976 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:33 1720976 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-18 15:44 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Digiart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Digiart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Digiart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Digiart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE" [2013-09-16 800280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-25 7547424]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-18 3873704]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2014-03-18 2861600]
.
c:\users\Digiart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mobiola Web Camera USB.lnk - c:\program files\Mobiola Web Camera USB\BtCam.exe [2014-5-1 619471]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Digiart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\Digiart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
R2 NetSnap;NetSnap WebCam;c:\program files\PeleSoft\NetSnap\NetSnap.exe [x]
R2 SPDRIVER_1.0.0.24;SPDRIVER_1.0.0.24;c:\program files\ShopperPro\JSDriver\1.0.0.24\jsdrv.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2013-08-21 32064]
R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-03-25 17488]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2013-04-03 24944]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-10 108032]
R3 OLYMRYE;OLYMRYE;c:\windows\system32\olymrye.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2014-02-26 47360]
R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys [2013-04-24 18944]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 splitcam_hd_driver;SplitCam Virtual Video Driver;c:\windows\system32\DRIVERS\splitcam_hd_driver.sys [2013-07-12 36984]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-08-21 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 153672]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2013-08-21 130248]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-22 1343400]
R3 WLRAWMp50x86;WLRAWMp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x86.sys [x]
R3 WLRAWSp50x86;WLRAWSp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x86.sys [x]
R3 WWSPLIT;Willing Webcam WDM Driver;c:\windows\system32\DRIVERS\wwsplit.sys [x]
R4 Yawcam;Yawcam;j:\yawcam\Yawcam_Service.exe [2013-12-25 122368]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-21 107224]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-05-22 15672]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-18 777488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-18 411680]
S1 cputemperature;cputemperature;c:\windows\system32\Drivers\cputemperature.sys [2012-07-15 24512]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-03-26 204064]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2014-03-26 104736]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2013/09/01 23:47];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-05-18 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-05-18 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-18 68312]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-08-21 35088]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2006-01-11 219136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2011-09-06 5632]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2013-07-16 27632]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [2012-11-25 567256]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-03-26 116512]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2014-03-26 126752]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 19:45 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ONE_LINK
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Od&eslat do OneNotu - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout pomocí &BitSpiritu - c:\program files\BitSpirit\bsurl.htm
IE: Stáhnout s IDM - j:\počasí\down\Crack\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - j:\počasí\down\Crack\IEGetAll.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Digiart\AppData\Roaming\Mozilla\Firefox\Profiles\iqlqz7yu.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.032"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.abr"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.ani"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.arw"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.bay"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.bmp"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.cr2"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.crw"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.cs1"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.cur"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dcr"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dcx"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dib"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.djv"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.djvu"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.dng"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.emf"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.eps"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.erf"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.fff"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.gif"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.hdr"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.icl"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.icn"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.iw4"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.j2c"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.j2k"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jbr"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.jfif"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jif"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jp2"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpc"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpe"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpeg"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpg"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpk"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpx"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.kdc"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.mef"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.mos"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.mrw"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.nef"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.nrw"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.orf"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pbr"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pct"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pcx"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.pef"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pic"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pict"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.png"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.psd"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.psp"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pspbrush"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.pspimage"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.raf"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.raw"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.rle"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.rw2"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.rwl"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.sr2"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.srf"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.srw"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tga"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.thm"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tif"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tiff"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.ttc"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.ttf"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17o"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17p"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17pf"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3959972875-4047148329-670703157-1000)
"Progid"="ACDSee 17.wbm"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wbmp"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.webp"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wmf"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.xif"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.xmp"
.
[HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4392)
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\MSI Afterburner\MSIAfterburner.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\UI0Detect.exe
c:\windows\System32\vds.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wbem\WmiApSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2014-05-21 22:01:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-21 20:01
.
Před spuštěním: Volných bajtů: 149 775 994 880
Po spuštění: Volných bajtů: 149 609 877 504
.
- - End Of File - - 976A067686B85D861E4B98B69D3D9961
EA923EB0EC0060F1451E9AD7B5762CFE

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Restore::
  c:\windows\ehome\ehsched.exe
  c:\windows\System32\alg.exe
  c:\windows\System32\dllhost.exe
  c:\windows\System32\msdtc.exe
  c:\windows\System32\rundll32.exe
  c:\windows\System32\snmptrap.exe
  c:\windows\System32\wbem\wmiapsrv.exe
  
  RegNull::
  [HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  
  RegLock::
  [HKEY_USERS\S-1-5-21-3959972875-4047148329-670703157-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[digiart]

Ty tabulky se stále od Avastu objevují nechal jsem celou noc a dopoledne Avast skenovat po restartu sice mazal nějaké věci ale to hlavní zapoměl tak přemýšlím jestli náhodou není systém totálně už narušený a nebylo by lepší ho komplet s formátovat do čista a systém znovu nahrát?
Nechám na vaši radu.

ComboFix 14-05-19.01 - Digiart 22.05.2014 14:32:34.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2046.752 [GMT 2:00]
Spuštěný z: c:\users\Digiart\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Digiart\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ehome\ehsched.exe . . . je infikován!!
.
c:\windows\System32\alg.exe . . . je infikován!!
.
c:\windows\System32\dllhost.exe . . . je infikován!!
.
c:\windows\System32\msdtc.exe . . . je infikován!!
.
c:\windows\System32\rundll32.exe . . . je infikován!!
.
c:\windows\System32\snmptrap.exe . . . je infikován!!
.
c:\windows\System32\wbem\wmiapsrv.exe . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-22 do 2014-05-22 )))))))))))))))))))))))))))))))
.
.
2014-05-22 12:51 . 2014-05-22 12:51 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2014-05-22 12:51 . 2014-05-22 12:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-05-22 12:51 . 2014-05-22 12:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-22 12:51 . 2014-05-22 12:51 -------- d-----w- c:\users\boinc_project\AppData\Local\temp
2014-05-22 12:51 . 2014-05-22 12:51 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2014-05-22 12:51 . 2014-05-22 12:51 -------- d-----w- c:\users\ASPNET\AppData\Local\temp
2014-05-22 12:51 . 2014-05-22 12:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-05-21 19:51 . 2014-05-22 12:55 -------- d-----w- c:\users\Digiart\AppData\Local\temp
2014-05-21 18:51 . 2014-05-21 18:51 -------- d-----w- c:\program files\trend micro
2014-05-21 18:51 . 2014-05-21 18:51 -------- d-----w- C:\rsit
2014-05-21 17:58 . 2014-05-21 17:58 -------- d-----w- c:\programdata\Malwarebytes
2014-05-21 17:58 . 2014-05-21 18:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-05-21 17:58 . 2014-05-21 17:58 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-21 17:57 . 2014-05-21 17:57 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-20 22:08 . 2014-05-20 22:17 -------- d-----w- c:\programdata\SecTaskMan
2014-05-20 22:08 . 2014-05-20 22:08 -------- d-----w- c:\program files\Security Task Manager
2014-05-20 15:43 . 2014-05-20 15:44 -------- d-----w- c:\program files\CCleaner
2014-05-20 10:30 . 2014-05-20 10:30 -------- d-----w- c:\programdata\CheckPoint
2014-05-18 22:12 . 2014-05-18 22:26 -------- d---a-w- C:\bd_logs
2014-05-18 19:15 . 2014-05-18 19:26 -------- d-----w- c:\users\TEMP
2014-05-18 15:46 . 2014-05-18 15:46 -------- d-----w- c:\users\Digiart\AppData\Roaming\AVAST Software
2014-05-18 15:44 . 2014-05-18 15:45 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-18 15:44 . 2014-05-18 15:45 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-18 15:44 . 2014-05-18 15:45 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-18 15:44 . 2014-05-18 15:44 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-18 15:44 . 2014-05-18 15:44 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-18 15:44 . 2014-05-18 15:44 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-18 15:44 . 2014-05-18 15:44 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-18 15:44 . 2014-05-18 15:44 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-18 15:44 . 2014-05-18 15:44 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-18 15:44 . 2014-05-18 15:44 43152 ----a-w- c:\windows\avastSS.scr
2014-05-18 15:43 . 2014-05-18 15:43 -------- d-----w- c:\program files\AVAST Software
2014-05-18 15:42 . 2014-05-18 15:42 -------- d-----w- c:\programdata\AVAST Software
2014-05-14 21:41 . 2014-05-15 16:04 -------- d-----w- c:\program files\Electronic Arts
2014-05-14 16:52 . 2014-05-14 16:52 -------- d-sh--w- c:\users\Digiart\AppData\Local\EmieUserList
2014-05-14 16:52 . 2014-05-14 16:52 -------- d-sh--w- c:\users\Digiart\AppData\Local\EmieSiteList
2014-05-12 08:21 . 2014-05-12 09:35 -------- d-----w- c:\program files\McAfee Security Scan
2014-05-12 07:43 . 2014-04-14 18:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-11 10:27 . 2000-12-08 19:59 122880 ----a-w- c:\windows\UnGins.exe
2014-05-11 10:27 . 2014-05-12 09:38 -------- d-----w- c:\program files\REL Link Checker Lite
2014-05-11 07:51 . 2014-05-15 15:22 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-05-10 07:29 . 2014-05-10 07:37 -------- d-----w- c:\windows\system32\MRT
2014-05-10 07:23 . 2014-05-10 07:23 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-05-10 07:23 . 2014-05-10 07:23 619520 ----a-w- c:\windows\system32\tdh.dll
2014-05-10 07:23 . 2014-05-10 07:23 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-05-10 07:23 . 2014-05-10 07:23 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-05-10 07:23 . 2014-05-10 07:23 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-05-10 07:23 . 2014-05-10 07:23 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-10 07:23 . 2014-05-10 07:23 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-05-10 07:23 . 2014-05-10 07:23 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-05-10 07:19 . 2014-05-10 07:19 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-05-10 07:02 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63C17C14-6283-4A1F-B6AA-588A843E711C}\mpengine.dll
2014-05-10 07:02 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-05-09 12:46 . 2014-05-12 09:37 -------- d-----w- c:\program files\webcam 7
2014-05-07 07:23 . 2014-05-07 07:32 -------- d-----w- c:\program files\Sim 2
2014-05-03 21:29 . 2014-05-03 21:29 -------- d-----w- c:\program files\ZD Soft
2014-05-03 09:10 . 2014-05-03 09:10 -------- d-----w- C:\adobeTemp
2014-05-01 14:29 . 2014-05-01 14:29 -------- d-----w- c:\program files\Tracker Software
2014-05-01 10:43 . 2006-01-11 12:55 219136 ----a-w- c:\windows\system32\drivers\BTCamDrv.sys
2014-05-01 10:43 . 2014-05-01 10:56 -------- d-----w- c:\program files\Mobiola Web Camera USB
2014-05-01 06:13 . 2014-05-01 06:13 -------- d-----w- c:\users\Digiart\AppData\Roaming\WeatherWatcherLive
2014-05-01 06:12 . 2014-05-01 06:13 -------- d-----w- c:\program files\Weather Watcher Live
2014-04-30 09:21 . 2014-04-30 09:21 -------- d-----w- c:\programdata\TreeCardGames
2014-04-30 09:21 . 2014-05-19 04:55 -------- d-----w- c:\users\Digiart\AppData\Roaming\MahJong Suite
2014-04-30 09:19 . 2014-04-30 09:21 -------- d-----w- c:\program files\MahJong Suite
2014-04-29 16:37 . 2014-04-29 16:37 -------- d-----w- c:\users\Digiart\AppData\Roaming\Two Pilots
2014-04-29 16:29 . 2014-05-03 09:16 -------- d-----w- c:\program files\Exif Pilot
2014-04-28 11:21 . 2014-04-28 11:22 -------- d-----w- c:\program files\FastStone Capture
2014-04-28 06:41 . 2014-04-28 06:42 -------- d-----w- c:\programdata\DVD Shrink
2014-04-28 06:40 . 2014-04-28 06:42 -------- d-----w- c:\program files\DVD Shrink
2014-04-27 15:53 . 2014-03-26 18:24 204064 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-04-27 15:53 . 2014-03-26 18:23 104736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-04-26 08:38 . 2014-04-26 08:39 -------- d-----w- c:\program files\webcamXP5
2014-04-25 11:47 . 2014-04-25 11:47 -------- d-----w- c:\users\Digiart\AppData\Roaming\SimCity
2014-04-25 11:41 . 2014-04-25 11:41 -------- d-----w- c:\program files\R.G. Mechanics
2014-04-24 14:20 . 2014-04-24 16:40 -------- d-----w- c:\program files\Cabela's Big Game Hunter Pro Hunts
2014-04-23 09:42 . 2014-05-13 21:44 -------- d-----w- c:\users\Digiart\VirtualBox VMs
2014-04-22 23:50 . 2014-05-13 22:19 -------- d-----w- c:\users\Digiart\.VirtualBox
2014-04-22 23:48 . 2014-04-22 23:48 -------- d-----w- c:\program files\Oracle
2014-04-22 16:18 . 2014-04-22 16:18 -------- d-----w- c:\program files\CrystalDiskInfo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-18 15:44 . 2014-05-18 15:44 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400427940902
2014-05-18 15:44 . 2014-05-18 15:44 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400427940902
2014-05-13 21:31 . 2013-08-22 22:31 164880 ---ha-w- c:\users\Digiart\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2014-05-12 07:50 . 2013-03-03 12:26 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 07:50 . 2013-03-03 12:26 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-03 11:35 . 2009-07-13 23:41 44544 ----a-w- c:\windows\system32\rundll32.exe
2014-05-02 03:28 . 2013-06-23 17:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2014-05-02 03:28 . 2013-06-23 17:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2014-05-01 06:06 . 2013-07-24 18:06 286720 ------w- c:\windows\Setup1.exe
2014-04-02 23:23 . 2014-04-02 23:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-04-02 23:23 . 2014-04-02 23:23 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-03-31 18:50 . 2013-10-21 17:20 453632 ----a-w- c:\windows\system32\vds.exe
2014-03-31 18:49 . 2009-07-13 23:36 35840 ----a-w- c:\windows\system32\UI0Detect.exe
2014-03-31 09:53 . 2014-02-26 22:10 47360 ----a-w- c:\users\Digiart\AppData\Roaming\pcouffin.sys
2014-03-31 07:35 . 2013-02-28 22:03 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-26 18:23 . 2014-03-26 18:23 116512 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-03-26 18:23 . 2014-03-26 18:23 126752 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2014-03-26 18:23 . 2014-03-26 18:23 174880 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2014-03-25 15:33 . 2014-03-25 15:33 972432 ----a-w- c:\windows\boinc.scr
2014-03-18 22:18 . 2014-03-18 22:18 346112 ----a-w- c:\windows\system32\LiveWrapRTSP.dll
2014-03-16 08:27 . 2014-03-16 08:27 7731626 ----a-w- C:\guiminer-20121203.exe
2014-03-07 08:28 . 2014-03-07 08:28 180224 ----a-w- c:\program files\ZendGuard.exe
2014-02-26 23:44 . 2014-02-26 22:10 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-19 23:19 222832 ----a-w- c:\users\Digiart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-19 23:19 222832 ----a-w- c:\users\Digiart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-19 23:19 222832 ----a-w- c:\users\Digiart\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:33 1720976 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:33 1720976 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:33 1720976 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-18 15:44 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Digiart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Digiart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Digiart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Digiart\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE" [2013-09-16 800280]
"AshSnap"="c:\program files\Ashampoo\Ashampoo Snap 6\ashsnap.exe" [2013-01-15 3769168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-25 7547424]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-18 3873704]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2014-03-18 2861600]
.
c:\users\Digiart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mobiola Web Camera USB.lnk - c:\program files\Mobiola Web Camera USB\BtCam.exe [2014-5-1 619471]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Digiart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\Digiart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
R2 NetSnap;NetSnap WebCam;c:\program files\PeleSoft\NetSnap\NetSnap.exe [x]
R2 SPDRIVER_1.0.0.24;SPDRIVER_1.0.0.24;c:\program files\ShopperPro\JSDriver\1.0.0.24\jsdrv.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2013-08-21 32064]
R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-03-25 17488]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2013-04-03 24944]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-10 108032]
R3 OLYMRYE;OLYMRYE;c:\windows\system32\olymrye.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2014-02-26 47360]
R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys [2013-04-24 18944]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 splitcam_hd_driver;SplitCam Virtual Video Driver;c:\windows\system32\DRIVERS\splitcam_hd_driver.sys [2013-07-12 36984]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-08-21 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 153672]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2013-08-21 130248]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-22 1343400]
R3 WLRAWMp50x86;WLRAWMp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x86.sys [x]
R3 WLRAWSp50x86;WLRAWSp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x86.sys [x]
R3 WWSPLIT;Willing Webcam WDM Driver;c:\windows\system32\DRIVERS\wwsplit.sys [x]
R4 Yawcam;Yawcam;j:\yawcam\Yawcam_Service.exe [2013-12-25 122368]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-21 107224]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-05-22 15672]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-18 777488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-18 411680]
S1 cputemperature;cputemperature;c:\windows\system32\Drivers\cputemperature.sys [2012-07-15 24512]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-03-26 204064]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2014-03-26 104736]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2013/09/01 23:47];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-05-18 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-05-18 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-18 68312]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-08-21 35088]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2006-01-11 219136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2011-09-06 5632]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2013-07-16 27632]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [2012-11-25 567256]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-03-26 116512]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2014-03-26 126752]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 19:45 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ONE_LINK
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Od&eslat do OneNotu - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout pomocí &BitSpiritu - c:\program files\BitSpirit\bsurl.htm
IE: Stáhnout s IDM - j:\počasí\down\Crack\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - j:\počasí\down\Crack\IEGetAll.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Digiart\AppData\Roaming\Mozilla\Firefox\Profiles\iqlqz7yu.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4660)
c:\program files\FileZilla FTP Client\fzshellext.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\UI0Detect.exe
c:\windows\System32\vds.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wbem\WmiApSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\MSI Afterburner\MSIAfterburner.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conhost.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\System32\WUDFHost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-05-22 15:00:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-22 13:00
ComboFix2.txt 2014-05-21 20:01
.
Před spuštěním: Volných bajtů: 154 655 522 816
Po spuštění: Volných bajtů: 154 724 077 568
.
- - End Of File - - 180E543B876787F9D592C9215EA8F5C7
EA923EB0EC0060F1451E9AD7B5762CFE

[vyosek]

Vypada to na napadene systemove soubory, muzeme je zkusit lecit, ale v techto pripadech muze byt pak i hodne naboreny samotny system

[digiart]

No jsem si to myslel, tak na konec tedy systém přiinstaluji.
Jinak moc děkuji za pomoc a ochotu a ať se vám všem daří v další práci.

[vyosek]

Neni zac, moc jsem jaksi nepomohl...

Vse dobre i Vam